UK working to restore hospital systems after cyberattack

Sunday, 14 May, 2017

Avast said the majority of the attacks targeted Russia, Ukraine and Taiwan - though exactly which computers in those areas were targeted remains fuzzy. "We will continue to work with affected (organizations) to confirm this".

On Saturday, a cyber security researcher told AFP he had accidentally discovered a "kill switch" that could prevent the spread of the ransomware. The ransomware was created to repeatedly contact an unregistered domain in its code.

"I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental", wrote the researcher, who uses the Twitter name @MalwareTechBlog. "There won't be any loss or theft of data", says a cyber security expert.

However, a hacker could change the code to remove the domain and try the ransomware attack again.

The kill switch couldn't help those already infected, however. Experts have said the number of those affected is expected to grow on Monday when people return to work and fire up their computers.

China's information security watchdog said "a portion" of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday.

Cybersecurity firm Avast said it had identified more than 75,000 ransomware attacks in 99 countries on Friday, making it one of the broadest and most damaging cyberattacks in history.

In a statement Saturday, Europol's European Cybercrime Centre, known as EC3, said the attack "is at an unprecedented level and will require a complex Global investigation to identify the culprits". This particular program, called WannaCry, asks for about $300, though the price increases over time. The exploit was leaked last month as part of a trove of US National Security Agency spy tools. Late on Friday, Microsoft also released patches for a range of long discontinued software, including Windows XP and Windows Server 2003.

A global "ransomware" cyberattack, unprecedented in scale, had technicians scrambling to restore Britain's crippled hospital network Saturday and secure the computers that run factories, banks, government agencies and transport systems in many other nations.

The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems, locking users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. "We are working with customers to provide additional assistance", the company said in a blog posting.

Germany's national railway says that it was among the organizations affected by the global cyberattack but there was no impact on train services. NHS Lanarkshire issued an appeal for patients to stay away from its three main hospitals unless they were experiencing an "absolute emergency", as doctors and cybercrime experts warned that the crisis could cost lives.

In Scotland more than half of regional health boards were affected.

A worker at the plant told Sky News that work ground to a halt on Friday night as the ransomware countdown clock appeared on computers on the production line.

His procedure is being rescheduled within the next two weeks.

Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it.

The First Minister and Ms Robison have been updated on the situation and Justice Secretary Michael Matheson has participated in the UK Government COBR meeting chaired by the Home Secretary this afternoon.

Russian Railways: State media said a virus attacked the IT system of Russian Railways, but it did not affect operations due to a prompt response.

"Software providers will have made patches available to mitigate them".

"The age-old advice is to never click on a link in an email", said Jerome Segura, a senior malware intelligence researcher at Malwarebytes, a San Jose-based company that has released anti-ransomware software. Here's how to turn automatic updates on. Up-to-date backups make it possible to restore files without paying a ransom.

G7 finance ministers meeting in Italy discussed the attacks and were expected to commit to stepping up worldwide cooperation against a growing threat to their economies. "Most organizations just keep their heads in the sand", he said.

She added there was no evidence that patient records have been compromised.

Nonetheless, authorities around the world will be seeking to track down those responsible. I don't think it's to do with that preparedness.

It also may never be known how much the hackers have netted from the ransomware attack.

Other victims were most likely small and medium-sized businesses.