'WannaCry' Ransomware Attack: What We Know


The NHS has been declared "open for business" but some hospitals are still suffering disruption caused by the crippling ransomware attack.

Ransomware is a form of infected software created to take over a computer system and then block access for the authorized user.

Tom Bossert, US President Donald Trump's homeland security adviser, said people "should be thinking about this as an attack that for right now we have under control, but as an attack that represents an extremely serious threat", speaking on ABC's Good Morning America show.

Larry Magid, a technology journalist and CEO of ConnectSafely.org, said: "There is some speculation that this code was being stored in the NSA labs, potentially as a cyber weapon that the United States might have used against its own adversaries". Hackers encrypt information vital to the performance of hospitals or other institutions, then demand money (usually in the form of BitCoin, a digital currency) in return for the encryption password.

In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: the attack made use of a hacking tool built by the U.S. National Security Agency and leaked online. Experts are urging all organizations to update their software.

The security researcher, who goes by the handle of MalwareTech (MT), was hailed an accidental hero for discovering the WannaCry virus' kill switch.

Qihoo had previously said the attack had infected close to 30,000 organisations by Saturday evening, more than 4,000 of which were educational institutions. Privacy experts say that this mess could have been prevented if people paid attention to Microsoft's software updates.

However, the wave of attacks has slowed down significantly.

Infected computers appear to be largely out-of-date devices.

Cancer treatments have had to be delayed and staff have been working overtime to clear a backlog at Plymouth's Derriford Hospital, bosses have revealed, as a result of the cyber attacks on Friday.

Wallace denied that underinvestment in the NHS - a key claim of the opposition Labour Party ahead of the June 8 election - may have left health services exposed to such attacks.

"Across the globe, events today have been at the lower end of our expectations", said Ciaran Martin, the head of the National Cyber Security Centre which is part of Britain's surveillance spy agency GCHQ.

"If a system supports some kind of critical processes those systems typically are very hard to patch". He said the government used to contract for computer services across the entire NHS but that effort was halted in 2007.

Hunt said it was "encouraging" that no further attacks on the NHS had been identified.

He believes that state-sponsored cyberespionage groups could also take advantage of the SMB flaw to plant stealthy backdoors on computers while defenders are busy dealing with the much more visible ransomware attack.

The success of WannaCry, at least as far as rapid distribution is concerned, has proved to cybercriminals there are many vulnerable systems on enterprise networks that can be targeted through old exploits.