NHS cyber attack: Chaos spreads across hospitals and the world after weekend

Experts expect the attacks to get even worse, as even more potent versions of the malware are developed

Andrew Griffin
Monday 15 May 2017 09:41 BST
Ambulances are seen at the Accident and Emergency department of St. Thomas' Hospital
Ambulances are seen at the Accident and Emergency department of St. Thomas' Hospital

The chaos wrought by the NHS hack is getting far worse as people turn their computers on after the weekend.

Some of the damage was contained as people took their computers home or turned them off at the end of the week, before the attack really took hold. But those devices – computers but also devices like MRI scanners and heart rate monitors – are now being switched back on for the working week.

The hack has already brought chaos to 150 countries and experts expect it could get much worse as hackers work on new and even more potent variations.

The initial attack, known as WannaCry, paralysed NHS computers, Germany's national railway and scores of other companies and government agencies around the world.

As a loose global network of cybersecurity experts fought the ransomware hackers, Chinese state media said 29,372 institutions there had been infected, along with hundreds of thousands of devices.

The Japan Computer Emergency Response Team Co-ordination Centre, a non-profit organisation providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far.

Government agencies said they were unaffected. Companies like Hitachi and Nissan Motor Co reported problems they said had not seriously affected their business operations.

In China, universities and other educational institutions were among the hardest hit, with about 15% of the internet protocol addresses attacked, according to the official Xinhua News Agency.

Railway stations, post delivery, petrol stations, hospitals, office buildings, shopping centres and government services also were affected, Xinhua said, citing the Threat Intelligence Centre of Qihoo 360, a Chinese internet security services company.

Elsewhere in Asia, officials in Japan and South Korea said they believed security updates had helped ward off the worst of the impact.

The most public damage in South Korea was to cinema chain CJ CGV Co. It was restoring its advertising servers at dozens of cinemas after the attack left the company unable to display trailers of forthcoming films.

The attack was disrupting computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others.

Russia's Interior Ministry and companies including Spain's Telefonica, FedEx Corp in the US and French carmaker Renault all reported troubles.

Experts were urging organisations and companies to immediately update older Microsoft operating systems, such as Windows XP, with a patch released by Microsoft to limit vulnerability to a more powerful version of the malware - or to future versions that cannot be stopped.

Paying the ransom will not ensure any fix, said Eiichi Moriya, a cyber security expert and professor at Meiji University.

"You are dealing with a criminal," he said. "It's like after a robber enters your home. You can change the locks but what has happened cannot be undone. If someone kidnaps your child, you may pay your ransom but there is no guarantee your child will return."

New variants of the rapidly replicating worm were discovered Sunday and one did not include the so-called kill switch that allowed researchers to interrupt its spread Friday by diverting it to a dead end on the internet.

The attack held users hostage by freezing their computers, popping up a red screen with the words, "Oops, your files have been encrypted!" and demanding money through online bitcoin payment.

Just one person in an organisation who clicked on an infected attachment or bad link, would lead to all computers in a network becoming infected, said Vikram Thakur, technical director of Symantec Security Response.

"That's what makes this more troubling than ransomware was a week ago," Mr Thakur said.

The attack has hit more than 200,000 victims across the world since Friday and is seen as an "escalating threat," said Rob Wainwright, the head of Europol, Europe's policing agency.

"The numbers are still going up," Mr Wainwright said.

Additional reporting by Press Association

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in