A massive ransomware attack has shut down work at 16 hospitals across the United Kingdom. According to The Guardian, the attack began at roughly 12:30PM local time, freezing systems and encrypting files. When employees tried to access the computers, they were presented with a demand for $300 in bitcoin, a classic ransomware tactic.
The result has been a wave of canceled appointments and general disarray, as many hospitals are left unable to access basic medical records. At least one hospital has canceled all non-urgent operations as a result.
According to a statement from the National Health Service, the culprit is a ransomware strain known as Wanna Decryptor (also known as WannaCry). While operations at the hospitals have been severely impacted, there is no indication that patient data has been compromised. “Our focus is on supporting organizations to manage the incident swiftly and decisively,” the service said in a statement, “but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”
Spain’s largest telecom, Telefonica, also fell victim to a Wanna Decryptor attack today, confirming NHS’s claim that the attack was not limited to hospitals. Spanish gas and electrical utilities have also been affected.
According to researchers, the attack makes use of an exploit called EternalBlue, believed to have been be developed by the NSA to break through Windows security. EternalBlue was made public as part of a Shadow Brokers dump in April, and its code is widely available to anyone who downloaded the dump. Microsoft issued an update to protect against the vulnerability more than a month before the Shadow Brokers made it public, but the update didn’t make it to every Windows machine, and it’s plausible the systems targeted today were still unpatched. If so, the NSA’s research efforts could have indirectly contributed to some of the damage incurred on the hospitals.
It’s unclear how the hospitals will recover from the attack. There’s no published decryption key for the WannaCry, and the cost of the infection has already far exceeded the $300 demanded by the program. In the past, FBI agents have informally recommended that ransomware targets pay to decrypt their files, although the practice remains controversial.
Update May 12th, 1:57PM ET: Updated to include new information about the EternalBlue exploit.