On Friday, a ransomware attack affected everything from hospitals to corporate offices in England, Russia, Spain, Vietnam, Turkey, Japan and other nations, according to The New York Times. As of Friday afternoon, cybersecurity firm Avast reported seeing 75,000 detections in 99 countries.
The ransomware, called “Wanna Decryptor,” was sent via email. Upon downloading the encrypted file, the computer user is locked out and prompted to pay ransom in order to regain access to files. The requested ransom appears to be about $300, payable in Bitcoin.
The vulnerability, which was discovered by the National Security Agency and leaked by a group called the Shadow Brokers, exploits a flaw in Microsoft software. In March, Microsoft released a patch for fixing the vulnerability. But not every organization has updated its software.
One of the heaviest hit industries appears to be healthcare. Britain’s National Health Service was among the first to report the attack, according to The Washington Post. NHS Digital, which oversees the organization’s cybersecurity, issued a comment on the situation:
This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. At this stage we do not have any evidence that patient data has been accessed. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.
Officials with NHS said at least 25 organizations had been impacted by the cyberattack, according to The New York Times. NHS hospitals and other facilities have been forced to cancel procedures, redirect patients and use pen and paper in the absence of computers.
Imprivata CIO Aaron Miri said it’s not surprising that the attack targeted healthcare organizations. “In this case, healthcare is a soft target,” he told MedCity in a phone interview. Miri listed several reasons for this, including a lack of funding for vulnerability protection and a lack of education and awareness.
“People are the weakest link in everything,” he said. Miri noted that people working in healthcare are trusting, which doesn’t come in handy when it comes to cyberattacks. “By nature, they’re good people, and unfortunately the bad guys notice,” he said.
HHS officials have also commented on the attack, according to FierceHealthcare. In a statement, Laura Wolf, chief of the critical infrastructure protection branch at HHS, said:
Source: Medcity News, Helathit