By Robin Hattersley Gray · May 19, 2017
UPDATE: May 19, 2017, 8:45 a.m.
WannaCry ransomware has infected a Bayer Medrad device in a U.S. hospital. The source didn’t say which hospital or which Bayer model was affected. However, according to Forbes, it appears to be radiology equipment.
Investigators suspect North Korea is responsible for the ransomware attack that affected more than 150 countries.
UPDATE: May 15, 2017, 8:35 a.m.
The ransomware attack that struck on Friday has now affected more 150 countries around the world. So far there are approximately 200,000 victims.
Thousand more infections were reported on Monday, mostly in Asia, which had been closed for business when the malware first hit, reports the Associated Press. In China, universities and other educational institutions were hardest hit because they have older computers and are slow to update their operating systems and security. Two hospitals in Indonesia were infected, resulting in patient files being held for ransom.
However, the wave of attacks has slowed down significantly.
That being said, seven of the 47 of Britain’s National Health Service trusts that were affected on Friday were still having IT troubles on Monday. The organization that oversees U.K. hospital cybersecurity said that last month it alerted the trusts about the Windows vulnerabilities and sent a patch to fix it.
A global cyberattack that hit nearly 100 countries on Friday forced hospitals in Britain to turn away patients and close emergency rooms, reports MLive. The attack hit one in five of the nation’s 248 National Health Service (NHS) groups.
Although there is no evidence that patient data was compromised, British Home Secretary Amber Rudd told the BBC that NHS must learn from the attack and upgrade its IT systems.
The extortion attack, also called ransomware, used “WannaCry” malware that encrypts users’ files until users pay a ransom. The cyberattackers demanded payments of $300 or more from users to unlock their devices.
The latest attack disrupted services worldwide, including in the United States, Spain, France, Turkey, Brazil, Germany, India, China (universities), Ukraine, Taiwan and Russia. Security firms say Russia was the country that was hit the hardest.
The attack was one of the largest ransomware attacks in history. The malicious software was transmitted via email and stolen from the National Security Agency, reports the New York Times. It appears to exploit a vulnerability in Windows that, according to the Toronto Star, “was supposedly identified by the U.S.-National Security Agency for its own intelligence-gathering purposes and later leaked online. Computers that had not been updated with the Microsoft patch were vulnerable to attack.”
Experts say the attackers might get more than $1 billion from the scam, although as of Saturday, only $33,000 was deposited into several Bitcoin accounts associated with the ransomware. That amount is expected to increase.
In North America, Lakeridge Health in Oshawa, Ontario, Canada was affected by the attack, reports CTV News. According to a Lakeridge spokesperson, however, the hospital’s antivirus system was able to disable the ransomware.
In the United States, FedEx Corp. reported issues with its computers running Windows, although it’s not clear if the problems were related to the ransomware attack.
Fortunately, a 22-year-old British researcher and 20-something American security engineer discovered a “kill switch” and unregistered domain that halted the attack, reports the Associated Press.
That said, a hacker could remove the domain and try the ransomware attack again, reports CNN. Additionally, experts warn that copycats could also try another attack.
In the wake of the attack, Microsoft released a patch for computers running older operating systems, including Windows IX, Windows 8 and Windows Server 2003. Unfortunately, the patch won’t help computers that are already infected.
Experts are concerned that more malware infections will be discovered on Monday when workers return from the weekend to their jobs. Additionally, NBC News is reporting that at least two new variations of the malware have been detected that skirt over the temporary fix. Experts are urging all organizations to update their software.