UPDATE: Massive Ransomware Attack Affects More than 150 Organizations Worldwide

“WannaCry” malware has affected more than 150 nations but appears to be slowing down.

UPDATE: May 19, 2017, 8:45 a.m.

WannaCry ransomware has infected a Bayer Medrad device in a U.S. hospital. The source didn’t say which hospital or which Bayer model was affected. However, according to Forbes, it appears to be radiology equipment.

Investigators suspect North Korea is responsible for the ransomware attack that affected more than 150 countries.

UPDATE: May 15, 2017, 8:35 a.m.

The ransomware attack that struck on Friday has now affected more 150 countries around the world. So far there are approximately 200,000 victims.

Thousand more infections were reported on Monday, mostly in Asia, which had been closed for business when the malware first hit, reports the Associated Press. In China, universities and other educational institutions were hardest hit because they have older computers and are slow to update their operating systems and security. Two hospitals in Indonesia were infected, resulting in patient files being held for ransom.

However, the wave of attacks has slowed down significantly.

That being said, seven of the 47 of Britain’s National Health Service trusts that were affected on Friday were still having IT troubles on Monday. The organization that oversees U.K. hospital cybersecurity said that last month it alerted the trusts about the Windows vulnerabilities and sent a patch to fix it.

A global cyberattack that hit nearly 100 countries on Friday forced hospitals in Britain to turn away patients and close emergency rooms, reports MLive. The attack hit one in five of the nation’s 248 National Health Service (NHS) groups.

Although there is no evidence that patient data was compromised, British Home Secretary Amber Rudd told the BBC that NHS must learn from the attack and upgrade its IT systems.

RELATED: Here’s How 7 Institutions Dealt with Their Ransomware Attacks in 2016

The extortion attack, also called ransomware, used “WannaCry” malware that encrypts users’ files until users pay a ransom. The cyberattackers demanded payments of $300 or more from users to unlock their devices.

The latest attack disrupted services worldwide, including in the United States, Spain, France, Turkey, Brazil, Germany, India, China (universities), Ukraine, Taiwan and Russia. Security firms say Russia was the country that was hit the hardest.

The attack was one of the largest ransomware attacks in history. The malicious software was transmitted via email and stolen from the National Security Agency, reports the New York Times. It appears to exploit a vulnerability in Windows that, according to the Toronto Star, “was supposedly identified by the U.S.-National Security Agency for its own intelligence-gathering purposes and later leaked online. Computers that had not been updated with the Microsoft patch were vulnerable to attack.”

RELATED: A Ransomware Conversation with a Cybersecurity Expert

Experts say the attackers might get more than $1 billion from the scam, although as of Saturday, only $33,000 was deposited into several Bitcoin accounts associated with the ransomware. That amount is expected to increase.

In North America, Lakeridge Health in Oshawa, Ontario, Canada was affected by the attack, reports CTV News. According to a Lakeridge spokesperson, however, the hospital’s antivirus system was able to disable the ransomware.

In the United States, FedEx Corp. reported issues with its computers running Windows, although it’s not clear if the problems were related to the ransomware attack.

Fortunately, a 22-year-old British researcher and 20-something American security engineer discovered a “kill switch” and unregistered domain that halted the attack, reports the Associated Press.

That said, a hacker could remove the domain and try the ransomware attack again, reports CNN. Additionally, experts warn that copycats could also try another attack.

In the wake of the attack, Microsoft released a patch for computers running older operating systems, including Windows IX, Windows 8 and Windows Server 2003. Unfortunately, the patch won’t help computers that are already infected.

Experts are concerned that more malware infections will be discovered on Monday when workers return from the weekend to their jobs. Additionally, NBC News is reporting that at least two new variations of the malware have been detected that skirt over the temporary fix. Experts are urging all organizations to update their software.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

robin hattersley headshot

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo