Global cyberattack: A super-simple explanation of what happened

Cheryl Sanders
May 15, 2017

The security vulnerability in Windows software, according to the hacker group, Shadow Brokers, was exploited by the NSA to be able to invade computers.

The ransomware exploited a vulnerability that has been patched in updates of recent versions of Windows since March, but Microsoft didn't make freely available the patch for Windows XP and other older systems.

Further reports have emerged about how the ransomware, which has gone on to impact users and businesses in more than 130,000 countries, became such a problem.

The attack has been found in 150 countries, affecting 200,000 computers, according to Europol, the European law enforcement agency.

The spokesman, Jan Op Gen Oorth, declined to give further details Friday so as not to jeopardize the ongoing investigations.

"We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack".

But he also placed fault in the governments.

The foreign ministry did not confirm whether it was the institution in question. The exploit affects Windows 8, 8.1, 10 and Windows Server systems.

Local media reported Monday that patients arriving at Dharmais Cancer Hospital on the weekend were unable to get queue numbers and had to wait several hours while staff worked with paper records.

Grant Gowers, 50, from Clacton-on-Sea in southern England, told CNN how the ransomware attack had directly affected him. He said that mobile communications haven't been affected. In the U.S., FedEx reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware.

He added that the company managed to restore the work of its call center but closed most of its offices for the day.

Also hit were Deutsche Bahn, the Russian Central Bank, Russian Railways, Russia's Interior Ministry, Megafon and Telefónica. The committee, the nation's top investigative agency, has rejected the claim.

May says there is no evidence that patient data has been compromised. Dozens of countries were hit with a huge cyberextortion.

The attack infected computers with what is known as "ransomware" - software that locks up the user's data and flashes a message demanding payment to release it.

Security experts tempered the alarm bells by saying that widespread attacks are tough to pull off.

Spain has activated a special protocol to protect critical infrastructure in response to the "massive infection" of personal and corporate computers targeted in ransomware cyberattacks.

"This is one of the largest global ransomware attacks the cyber community has ever seen", said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Ministry of Energy, Tourism and Digital Agenda says the attack Friday affected the Windows operating system of employees' computers in several companies.

Spanish telecom company Telefónica was also hit with the ransomware. "Most government departments don't have specific different OS for its operations and the same risk factor applies to government too".

A senior nurse with NHS Lanarkshire in Scotland posted a video on Twitter appealing to members of the public "to stay away from acute hospitals unless it's an absolute emergency situation" while its IT systems remain affected. That's left older Windows machines, or those users who failed to patch newer machines, vulnerable to Friday's attack. This one worked because of a "perfect storm" of conditions, including a known and highly risky security hole in Microsoft Windows, tardy users who didn't apply Microsoft's March software fix, and malware created to spread quickly once inside university, business and government networks.

Among the companies targeted was US -based FedEx.

The cyberattack affected 16 organizations that are part of the National Health Service on Friday, causing some surgical procedures to be canceled and ambulances diverted.

French carmaker Renault SA halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan Motor Co.'s United Kingdom vehicle plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said. "This is not targeted at the NHS, it's an global attack and a number of countries and organisations have been affected", said Prime Minister Theresa May.

Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

Other reports by iNewsToday