Skip to main content

Global ransomware attack using stolen NSA tool hits 74 countries

Global ransomware attack using stolen NSA tool hits 74 countries

A massive international ransomware campaign apparently using hacking tools stolen from the NSA struck computers across the world Friday, shuttering British hospitals and hobbling a Spanish telecom.

As many as 74 countries in all were hit by the attack.

The ransomware, named "WanaCrypt0r 2.0," appears to use the stolen NSA Windows hacking tool "Eternal Blue." Ransomware makes computers or files unusable until a victim pays a ransom.

One antivirus company alone reported capturing tens of thousands of instances of the apparently enormous ransomware attack.

“We have observed a massive peak in WanaCrypt0r 2.0 attacks today, with more than 36,000 detections, so far," Avast Threat Lab Team Lead Jakub Kroustek said in a statement.

According to Kroustek, most of the targets are in Russia, Ukraine, and Taiwan. But some of the most damaging attacks have taken place in western Europe.

British hospitals were forced to refuse patients after coming under the cyberattack, Reuters reported. The British National Health Service said in a statement that 16 NHS organizations were affected by the attacks.

"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organizations and ensure patient safety is protected," read the statement.

Telefonica, a Spanish telecom, told employees to shut down all computers after it was struck, according to the Spanish newspaper El Mundo.

FedEx announced it had been hit by the WanaDecrypt0r as well, although it did not announce the scope of their exposure.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware," the company said in a statement. "We are implementing remediation steps as quickly as possible.

The Russian Interior Ministry said 1,000 of its computers were infected, reported the Associated Press.

Eternal Blue was one of many hacking tools released in the latest round of leaks from the ShadowBrokers, who have periodically released documents and tools apparently stolen from the NSA since August.

When the group first appeared, it tried to auction off the full set of tools. After being disappointed by the bids and other attempts to make money off the tools, ShadowBrokers gave up in January. Along the way, the group released files to prove that the tools on sale were genuine.

In April, as an alleged protest against Donald Trump becoming too much of a centrist and abandoning the far right, the Brokers released its largest set of documents, including series of Windows tools and evidence that the NSA had hacked a Middle Eastern network of financial institutions.

Microsoft had already patched the security flaws the tools took advantage of when the files were released. But many users do not regularly update their computers, meaning that they remain now-public vulnerabilities.

Past ShadowBrokers releases lead to attacks, with Friday's WanaCrypt0r ranking as the largest so far.

"This event should serve as a global wake-up call — the means of delivery and the delivered effect is unprecedented," Rich Barger, the director of threat research at security firm Splunk, said in a statement.

The attacks are likely to reignite a debate over what circumstances the government should and should not keep security flaws in software secret. Digital rights groups believe that informing companies of the vulnerabilities in their products and allowing companies to fix them will provide security to users more valuable than the intelligence NSA hacking programs could produce by keeping them secret.

"It is past time for Congress to enhance cybersecurity by passing a law that requires the government to disclose vulnerabilities to companies in a timely manner," said ACLU attorney Patrick Toomey in a statement. "Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer.”


Popular posts from this blog

Why States Still Use Barrel Bombs

Smoke ascends after a Syrian military helicopter allegedly dropped a barrel bomb over the city of Daraya on Jan. 31.(FADI DIRANI/AFP/Getty Images)

Barrel bombs are not especially effective weapons. They are often poorly constructed; they fail to detonate more often than other devices constructed for a similar purpose; and their lack of precision means they can have a disproportionate effect on civilian populations.

However, combatants continue to use barrel bombs in conflicts, including in recent and ongoing conflicts in Africa and the Middle East, and they are ideally suited to the requirements of resource-poor states.


Barrel bombs are improvised devices that contain explosive filling and shrapnel packed into a container, often in a cylindrical shape such as a barrel. The devices continue to be dropped on towns all over Syria. Indeed, there have been several documented cases of their use in Iraq over the past months, and residents of the city of Mosul, which was recently …

Russia Looks East for New Oil Markets

Click to Enlarge

In the final years of the Soviet Union, Soviet leader Mikhail Gorbachev began orienting his foreign policy toward Asia in response to a rising Japan. Putin has also piloted a much-touted pivot to Asia, coinciding with renewed U.S. interest in the area. A good expression of intent was Russia's hosting of the Asia-Pacific Economic Cooperation summit in 2012 in Vladivostok, near Russia's borders with China and North Korea. Although its efforts in Asia have been limited by more direct interests in Russia's periphery and in Europe, Moscow recently has been able to look more to the east.

Part of this renewed interest involves finding new export markets for Russian hydrocarbons. Russia's economy relies on energy exports, particularly crude oil and natural gas exported via pipeline to the West. However, Western Europe is diversifying its energy sources as new supplies come online out of a desire to reduce its dependence on Russian energy supplies.

This has forced…

In Yemen, a Rebel Advance Could Topple the Regime

Shia loyal to the al-Houthi movement ride past Yemeni soldiers near Yaz, Yemen, in May. (MOHAMMED HUWAIS/AFP/Getty Images)


The success of a rebel campaign in northern Yemen is threatening to destabilize the already weak and overwhelmed government in Sanaa. After capturing the city of Amran, a mere 50 kilometers (30 miles) from the capital, in early July, the rebels from the al-Houthi tribe are in their strongest position yet. The Yemeni government is developing plans to divide the country into six federal regions, and the rebels believe this is their chance to claim territory for the future bargaining.

The central government is nearly powerless to fend off the rebels; its forces are already stretched thin. Neighboring Saudi Arabia has intervened in Yemen before and still supports Sunni tribes in the north, but the risk of inciting a Shiite backlash or creating space for jihadists to move in could deter another intervention.


Followers of Zaidi Islam, a branch of Shiism, rul…