
These days are bound to be turbulent. A virus known as ransomware has triggered a global cyberattack, sweeping across nearly 100 countries in Europe, North America, and Asia, including the United Kingdom, Russia, Spain, Vietnam, Turkey, China, and Japan. Tens of thousands of computers have been affected, and victims are required to pay Bitcoin to unlock their systems.
Some large corporations, such as Telefónica, Gas Natural, and FedEx, have been affected by the virus. The healthcare sector was the hardest hit; the UK’s National Health Service (NHS) suffered severe impacts and was the first to report the cyberattack.
Currently, the internal networks of at least 40 medical institutions have been compromised, with computers locked by ransomware. These institutions are being demanded to pay approximately $300 in Bitcoin to unlock their systems; otherwise, all data will be deleted.
Virus locks computer; Bitcoin payment required to unlock
VCBeat has learned that the ransomware trojan involved in this incident belongs to a new family named “WannaCry,” which spreads rapidly. The trojan encrypts files with extensions such as .txt, .doc, .ppt, and .xls on users’ computers, rendering them inaccessible and disrupting normal program usage. It then extorts victims by demanding a ransom payment in exchange for unlocking the encrypted files.
This virus exploits a Microsoft system vulnerability (EternalBlue) leaked by the U.S. National Security Agency (NSA) to launch attacks on users.
Last month, a hacker group known as the Shadow Brokers stole this NSA cyberweapon. They had initially intended to auction it off, but ultimately, in protest against U.S. President Donald Trump, they released the decryption keys for the encryption tools free of charge.
EternalBlue achieves its objectives by launching remote attacks against port 445 (file sharing) in Windows. Unlike many other malware strains, EternalBlue does not require luring users into clicking specific links; instead, it can propagate autonomously across networks. Once it infiltrates an organization’s internal network, it can independently scan for vulnerable machines and facilitate its own spread.
In March this year, Microsoft released a patch that provides protection; however, if the system has not installed this patch, once infected, no user interaction is required. Simply by booting up and connecting to the internet, EternalBlue can execute arbitrary code on the computer, implanting malicious programs such as ransomware.
NHS Hospital Surgery Cancellations and Patient Referrals
How serious is the situation? UK Prime Minister Theresa May has stepped forward specifically to allay public panic, stating that the NHS was not the sole target of what is an international cyberattack. The affected areas mainly include London, Blackburn, Nottingham, Cumbria, and Hertfordshire, while Wales and Northern Ireland have remained unaffected.
Currently, NHS hospitals have cancelled surgeries, redirected patient referrals, seen a decline in emergency department volumes, and medical staff have begun recording information using pen and paper. As 90% of NHS systems operate on Windows XP, security experts warn that computer systems launched before 2007 are particularly vulnerable, leaving many NHS entities at risk of WannaCry attacks.
Barts Health, an NHS trust in London, has advised patients to seek help elsewhere, stating that ambulances are being diverted to other areas. Another NHS organization reported having to divert outpatient services and restrict its radiology services. In Colchester, Essex, hospitals decided to close most of their emergency departments, accepting only patients with “critical or life-threatening conditions.”
Reporters learned that a 50-year-old patient, Richard Harvey, was involved in a motorcycle accident and required surgery, only to be informed by a nurse that the procedure had been canceled due to a cyberattack. The computers targeted in the attack were locked, requiring doctors to pay a ransom in Bitcoin to regain access. As a result, medical staff were unable to access any patient records or issue prescriptions.
The NHS is working closely with the National Cyber Security Centre and the Department of Health to provide comprehensive support to affected organizations and ensure the security of patient data. VCBeat will continue to monitor further developments.