Wannacrypt ransomware infects PCs at Telefonica and NHS
Today saw a large ransomware attack which has caused widespread disruption in both Spain and the UK. It started at lunch time in Madrid when workers at Telefonica headquarters faced a message on their PCs telling them their files had been encrypted. Later in the day several NHS trusts in the UK reported the same issue. It has also been reported that Vodafone and Iberdrola were also hit by the ransomware.
Screenshots tweeted by people who are infected by the ransomware show that it appears to the a variant of the Wannacrypt ransomware which also goes by the names Wannacry or Wanacrypt. The ransomware demands that $300 be paid to a bitcoin account to unlock the computer. It is believed that a hacking group calling itself ‘The Shadow Brokers’ have created a version of the ransomware which takes advantage of some of the NSA hacking tools released by Wikileaks, specifically Eternalblue which attacks SMB shares. Microsoft released a patch back in March to plug the hole that Eternalblue takes advantage of. But large organisations usually hold back the automatic roll out of security patches until they have been tested to ensure it won’t cause any problems with existing software. With potentially thousands of computers vulnerable in an organastions internal network, it only requires one PC to become infected for it to quickly spread.
In the UK several NHS trusts were having to turn patients away for none emergencies as they were unable to bring up patient history, it is not thought that any patient data has actually been encrypted but to recover all the desktop PCs could take several days.
Its not thought that the ransomware attack was targeted at the NHS due to the number of other companies infected but it could be a knock on effect of the infection at Telefonica as they do provide network connections for several NHS trusts. Similar ransomware attacks on US hospitals last year saw at least one hospital pay $17000 to have it’s data decrypted so these attacks can generate revenue for the hackers.
These sort of attacks go to show how if government institutions like the NSA and GCHQ find security holes in software that they do not disclose to the software providers, these will eventually be used against the general public by hackers.