The Spanish telecom and isp Phone lwa nica and several English hospitals are at the same time seemingly by the same ransomware hit. The hospitals have temporarily almost their entire digital infrastructure to shut down and only emergencies are treated.
The ransomware infection began on Friday around the clock of half past two in the afternoon, report British media, including The Registry. Also the attack on Telefónica was probably around that time. It would go to the Wana Decrypt0r 2.0-ransomware. The address where the Bitcoin ransom to should be sent, according to The Register in each case are the same, which further suggests that the same perpetrators behind both attacks sit.
Other Spanish organisations and companies would also be targeted by this cyber attack, but currently has only Telefónica that have been confirmed. As far as is known the services of Telefónica or freely, and the infection is limited to the headquarters in Madrid.
The ransomware has the files on the affected pc’s encrypted and the decryptiesleutel is only issued when there is $ 300 in Bitcoin per affected pc transmitted to the specified address. That is currently 0,17 Bitcoin or 275 euros. If that amount is not met within three days, the ransom doubles, and after a week the decryptiesleutel no longer issued. Photos of the ransomware be shared on Twitter. To see pictures, runs in each case a part of the pc’s on Windows 7.
How many exactly are affected, is not clear, but The Guardian speaks of ‘many’. By the shut-down of the systems work phones, e-mail addresses, networks, and uitschrijfsystemen for medicijnrecepten not more. The national emergency number works still as usual, and it looks at this time that medical emergencies will still be handled.
The Uk’s National Crime Agency works with the National Health Service to find out where exactly they are dealing with and who is behind the attack. At the time suspected they that it comes to criminal activities that are not sponsored by the government of another country. Further, they maintain that there is currently no evidence is collected that would indicate that the patient data accessed by the attackers.
In January of this year, a handful of hospitals also already been affected by malware. Last year paid a Us hospital is still 15,000 euros in ransom to a ransomware infection.
Update, 20:30: according to an analysis from Kaspersky Lab allows the ransomware to use a ‘EternalBlue’vulnerability that is uncovered is in the Shadowbrokers-datadump from the previous month. Microsoft has the vulnerabilities been fixed, but it is up to users themselves to keep their systems up-to-date. The deliberate update is MS17-010.
The attack would not be limited to Spain and England. Kaspersky get notifications of his security software that demonstrate that the centre of gravity of the total of 45,000 of measured attacks in Russia. In total, 74 countries are involved in the attack, including the U.S., China, Ukraine, India, and Taiwan. Although at the time no character seems to be a contamination in the Netherlands, recommends the Dutch National Cyber Security Centre have to be extra vigilant when it comes to foreign e-mail attachment. The NOS writes that this warning also specifically to gas-, water – and electricity is sent. The ransomware has been losgeldbrief in many different languages ready, including English.
Here and there is also notification of payments to Bitcoin wallets that are associated with the ransomware.
