A massive ransomware attack has shut down work at 16 hospitals across the United Kingdom. According to The Guardian, the attack began at roughly 12:30PM local time, freezing systems and encrypting files. When employees tried to access the computers, they were presented with a demand for $300 in bitcoin, a classic ransomware tactic.
The result has been a wave of canceled appointments and general disarray, as many hospitals are left unable to access basic medical records. At least one hospital has canceled all non-urgent operations as a result.
According to a statement from the National Health Service, the culprit is a ransomware strain known as Wanna Decryptor (also known as WannaCry). While operations at the hospitals have been severely impacted, there is no indication that patient data has been compromised. “Our focus is on supporting organizations to manage the incident swiftly and decisively,” the service said in a statement, “but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”
The same attack infected as many as 45,000 computerss across 74 countries, including a number of utilities in Spain. Russia was among the hardest hit, with 1,000 computers in the country’s Interior Ministry falling victim to the attack, although officials insist no data was lost.
According to researchers, the attack makes use of an exploit called EternalBlue, believed to have been be developed by the NSA to break through Windows security. EternalBlue was made public as part of a Shadow Brokers dump in April, and its code is widely available to anyone who downloaded the dump. Microsoft issued an update to protect against the vulnerability more than a month before the Shadow Brokers made it public, but the update didn’t make it to every Windows machine, and it’s plausible the systems targeted today were still unpatched. If so, the NSA’s research efforts could have indirectly contributed to some of the damage incurred on the hospitals.
It’s unclear how the hospitals will recover from the attack. There’s no published decryption key for the WannaCry, and the cost of the infection has already far exceeded the $300 demanded by the program. In the past, FBI agents have informally recommended that ransomware targets pay to decrypt their files, although the practice remains controversial.
Update May 12th, 1:57PM ET: Updated to include new information about the EternalBlue exploit.
5:13PM ET: Updated with more detail on the global scale of the attack.