recommended reading

Global Ransomware Attack Is Much Bigger Than It First Appeared

Imran's Photography/Shutterstock.com

Updated: Friday, May 12, 2017 at 1:53 p.m.

A widespread cyberattack disrupted business and health systems in at least a dozen countries on Friday, including at least 16 hospitals across England that were crippled by a large-scale ransomware attack.

Doctors, administrators, and other NHS workers were locked out of their computers, and instead saw a pop-up message demanding ransom in exchange for access to the system, according to several reports. NHS England didn’t immediately respond to questions about whether any ransom was paid, the amount of the requested ransom, or whether the system was fully operational again. “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” the NHS said in a statement emailed to The Atlantic. “This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.”

The attack seemed to exploit a common vulnerability that was discovered and developed by the National Security Agency, The New York Times reported:

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen N.S.A. hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems.

Some hospitals affected by the attack were diverting ambulances to other centers, and asked people to stay away from emergency rooms unless they needed urgent care, Reuters reported.

At the same time, Spain’s government warned on Friday of a large-scale ransomware attack in its country. Telefonica, the nation’s biggest telecommunications firm, was one of the targets. It wasn’t immediately clear whether the cyberattack in Spain was connected to the cyberattack on the NHS.

The attacks are alarming, but not entirely unexpected. Ransomware attacks are on the rise—particularly against vulnerable targets like hospitals, where access to electronic medical records and other computer-run systems have tremendous implications for patient safety. Police stations and emergency call centers are similarly vulnerable targets.

“The worst [scenario] we can imagine is if some malicious actor wants to undertake an act of terrorism and hamper the local response to that [attack]—disrupting 9-1-1 communications entirely,” Trey Forgety, a cybersecurity expert and the director of government affairs for the National Emergency Number Association told me in March.

There were several ransomware attacks in the United States last year—including against hospitals and libraries. The cybersecurity firm Kaspersky Lab reported last year that ransomware attacks had increased by more than 500 percent compared with the year before. The firm described ransomware—often sent via a malicious email disguised as routine correspondence—as the greatest security threat online today.

One in 131 emails sent last year were malicious, according to an annual security report by Symantec, the highest rate in five years.

These sorts of attacks are so common now—and so potentially lucrative for attackers—that there’s even a cottage industry of ransomware as a service, in which cybercriminals pay a fee for someone else to carry out an attack, with the attacker taking a cut of the ransom collected.

Along with hospitals and other emergency centers, at-risk targets include banks, school districts, public transportation systems, and local governments.

“The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation,” the FBI wrote in a warning it issued last year. “Ransomware attacks are not only proliferating, they’re becoming more sophisticated.”

Attackers are also targeting more overall devices, as well as a wider array of devices, and demanding more money from victims. The average ransom demand was $1,077 last year, according to Symantec, up from $294 the year before. Friday’s NHS attackers requested at least $300 from each person who found themselves locked out of their devices, according to the BBC.

Officials caution against paying ransoms, in part because giving an attacker money doesn’t guarantee data recovery. “Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity,” the FBI said.  

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.