A fast-moving wave of cyberattacks, apparently exploiting a flaw exposed in documents leaked from the US National Security Agency, have disrupted Britain’s health system and infected computers in nearly 100 countries.
The attacks came in the form of ransomware, a technique used by hackers that locks users’ files unless they pay the attackers a designated sum in the virtual currency Bitcoin.
The malware linked to attacks on hospitals in Britain as well as the Spanish telecom giant Telefonica and the US delivery firm FedEx.
The US Department of Homeland Security’s computer emergency response team said it was aware of ransomware infections “in several countries around the world.”
“We are now seeing more than 75,000 detections… in 99 countries,” Jakub Kroustek of the security firm Avast said in a blog post around 2000 GMT.
Earlier, Kaspersky researcher Costin Raiu cited 45,000 attacks in 74 countries, saying that the malware, a self-replicating “worm,” was spreading quickly.
Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly five million emails per hour was spreading the new ransomware.
Private security firms identified the malware as WCry, but analysts were also using variants such as WannaCry.
Forcepoint said in a statement that the attack had “global scope”, affecting organizations in Australia, Belgium, France, Germany, Italy and Mexico.
“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.
In the US, FedEx acknowledged it had been hit by malware and was “implementing remediation steps as quickly as possible.”
The UK’s state-run National Health Service declared a “major incident” after the attack, which forced some hospitals to divert ambulances and scrap operations.
In Spain, major firms including Telefonica were hit, with employees told to shut down workstations immediately through megaphone announcements. Portugal Telecom and Telefonica Argentina both said they were also targeted.
At least 16 organizations within the NHS, some of them responsible for several hospitals each, reported being targeted.
“We are aware that a number of NHS organizations have reported that they have suffered from a ransomware attack.
This is not targeted at the NHS, it’s an international attack and a number of countries and organizations have been affected,” said Prime Minister Theresa May.
Britain’s National Cyber Security Centre and its National Crime Agency were looking into the UK incidents.
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 (275 euros) in Bitcoin, saying: “Ooops, your files have been encrypted!”
It demands payment in three days or the price is doubled, and if none is received in seven days, the files will be deleted, according to the screen message.
A hacking group called Shadow Brokers released the malware in April claiming to have discovered the flaw from the NSA, Kaspersky said.
The spread of the ransomware capped a week of cyber turmoil in Europe that kicked off a week earlier when hackers posted a huge trove of campaign documents tied to French candidate Emmanuel Macron just 1-1/2 days before a run-off vote in which he was elected as the new president of France.
On Wednesday, hackers disputed the websites of several French media companies and aerospace giant Airbus.