Nearly 100 countries have been hit by the coordinated hack, with some of the world’s largest institutions still struggling to recover.
May 12, 2017
Friday’s global cyberattack on businesses, universities, and health systems has reached new size, with large institutions and security experts hurrying to address a breach that has now affected nearly 100 countries. The cyberattack was first identified in the United Kingdom, whose National Health Service (NHS) suffered one of the day’s largest and most severe hacks. In total, 48 NHS organizations were hit, rendering x-rays, test results, and patient records unavailable and forcing the NHS to suspend its operations. According to British Home Secretary Amber Rudd, all but six agencies have resumed normal operations and no patient data has been compromised.
In the last 24 hours, at least 75,000 systems have reportedly been affected, many of which belong to some of the largest institutions and government agencies in the world. Experts speculate that big organizations were particularly vulnerable to attack because of their outdated technology. The NHS, for instance, has been known to rely on out-of-date and unprotected software that made it highly susceptible to a malware infection. Just two days ago in the U.S., President Trump signed an executive order designed to protect the nation from cybersecurity risks, with a focus on modernizing the federal government’s aging IT systems.
On Saturday, Europe’s police agency called the hacking “unprecedented,” while U.S. security expert Rich Barger told Reuters it was “one of the largest global ransomware attacks the cyber community has ever seen.” In Spain, the nation’s biggest telecommunications firm, Telefonica, was hacked alongside a Spanish electric utility company, Iberdrola, and a utility provider, Gas Natural. In the U.S., FedEx reported that some of its Windows computers had been hacked. And in Russia, 1,000 computers were infected at the nation’s interior ministry. The ministry later reported that the virus had been handled and no sensitive information was compromised.
Other victims of the attack include the German railway company Deutsche Bahn and a Nissan manufacturing center in the north of England. The French car manufacturer Renault was also forced to temporarily shut down one of its plants in Slovakia. Amid speculation on social-media, China’s official news agency, Xinhua, revealed that some of the nation’s companies, secondary schools, and universities had been affected as well.
How was such a massive, coordinated attack possible? On Friday, infected computer systems around the world received emails demanding ransom payments of $300 to $600 in the form of bitcoin to unlock their devices. With users around the world delivering payments in order to prevent their files from being erased, the hackers stand to gain up to $1 billion, The New York Times reported Saturday.
Many experts believe the attackers relied on a tool developed by the U.S. National Security Agency to breach Microsoft’s Windows software. In April, a group known as the “Shadow Brokers” released the stolen malware online in political protest. According to an emailed statement from Don Foster, the senior director of solutions marketing at Commvault, a U.S. data-protection company, “ransomware has proved to be one of the most effective ways to infiltrate an organization.”
On Friday, an anonymous British cybersecurity researcher operating under the Twitter handle @MalwareTechBlog discovered a “kill switch” that seems to have prevented the malware from spreading. According to the researcher’s blog, he noticed that the virus was searching for an unregistered web address. Without knowing if it would disrupt the malware, he then registered the domain and was able to halt the spread of the attack.
On Saturday, Matthieu Suiche, the founder of a cybersecurity company in the United Arab Emirates, told the Times that the kill switch was responsible for minimizing the impact in the U.S. Still, the solution is only temporary. In the wake of Friday’s cyberattack, government officials and security experts now fear that additional hackers may be inclined to alter the malware code to carry out similar attacks.
In a statement to Reuters, William Saito, a cybersecurity adviser to the Japanese government, argued that many companies may still not realize their systems were hacked. “Things could likely emerge on Monday,” Saito told the news site. As of this writing, the source of the attack remains unclear. In all likelihood, uncovering the complete origin and motivation will require months of investigation.
*Aria Bendix is a frequent contributor to The Atlantic, and a former editorial fellow at CityLab. Her work has appeared on Bustle and The Harvard Crimson.