Cyber attacks that hit 74 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
The Department of Homeland Security released a statement late Friday that read, in part:
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. ... Individual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school. These practices include:
Update your systems to include the latest patches and software updates. Do not click on or download unfamiliar links or files in emails. Back up your data to prevent possible loss, whether you are at a home, work, or school computer.
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The malware was sent via email with a file attached to it. From there, it subsequently spread.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still "ongoing" and that that the organization was "made aware of it this afternoon," according to an interview in The New York Times.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
"It's one of the widest sperad attacks we've ever seen," said Michael Balboni, President of Redland Strategies, a consulting firm that specializes in cybersecurity. Balboni, who is also a former homeland security advisor for the state of New York, said that the possiblity of another attack this size is possible.
"We're entering an age known as cyber-insecurity," Balboni added. "There's going to be a huge response from the public now that doctors and hospitals are being affected, there is going to be a huge shift in how people think about this."
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and "is affecting organizations from across a range of sectors." In total, 16 NHS organizations said they were affected.
British Prime Minister Theresa May addressed the hacks, saying it's not just targeted at the NHS.
"This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected," May said in a statement. "The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety."
May added that though she was not aware of any leaked data, vigilance must be taken.
"Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected," May said.
In addition, several Spanish companies had also been affected via a ransomware attack. Spain did not say which companies were affected, but Telefonica, a telecom giant said it had detected an incident which affected some of its employees.
Hospital operator NHS Merseyside tweeted "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."
Bart's Health, which also operates a number of London-based hospitals, activated its major incident plan, which included canceling routine appointments and diverting ambulances to different hospitals.