The growing menace of cyber-security, especially to public health, was highlighted as the biggest cyber-attack yet known swept across the world in hours on 12 May, paralysing Britain’s National Health Service (NHS), Russia’s interior ministry, the Spanish telecom giant Telefónica, and the logistics multinational FedEx in the US among others. The ‘ransomware’ extortion, which locks files and demanded hundreds of dollars paid in Bitcoin to release them, exploited vulnerabilities in at least 200,000 computers running aged Windows software in at least 150 countries.
Rob Wainwright, head of Europol, the EU’s police agency, called it ‘an escalating threat. The numbers are going up … the global reach is unprecedented’. WannaCryptor 2.0, also known as WannaCry, had replicated itself across computer networks and was expected to keep spreading, Reuters reported. The cyber-attack is spread by a worm that exploits a bug known as MS17-010 in Microsoft’s file-sharing services . This has not been ‘patched’ on countless machines around the world. According to the tech website the Register, this vulnerability was ‘weaponised’ by the US National Security Agency to hijack and spy on computers of foreign governments and other organisations and then leaked by a group of hackers called the Shadow Brokers, who tried auctioning the stolen cyber-weapons but put it all online when they could not find a buyer.
In the UK, one in five NHS hospital trusts was initially affected, with doctors unable to access files, forcing appointments and operations to be cancelled. Wainwright admitted that the healthcare sector had been a cause for concern as so much of the NHS uses an operating system that Microsoft stopped issuing fixes for three years ago (countless computers around the world run pirated versions of the software, further complicating cyber-defences).
Russia appears to be the worst-hit country, according to the cyber-security firm Kaspersky Lab, followed by Ukraine and India, which had at least 50,000 computers affected, India Times reported. Other Commonwealth countries badly hit include Tanzania. An animated map by the New York Times shows the malware spreading like measles across the globe.
The next version of this ransomware will certainly be less vulnerable to cyber-security defences. As the New York Times noted: ‘A government regulator warned the NHS in July that updating hardware and software was “a matter of urgency” and noted that one hospital had already had to pay £700,000 ($900,000) to repair a breach that began after an employee clicked on a web link in an unsafe email.’