British hospitals, Spanish firms among targets of huge cyberattack

LONDON/MADRID (Reuters) - A huge cyberattack brought disruption to Britain's health system on Friday and infected many Spanish companies with malicious software, and security researchers said a dozen other countries may be affected.

Hospitals and doctors' surgeries in parts of England were forced to turn away patients and cancel appointments. People in affected areas were being advised to seek medical care only in emergencies.

"We are experiencing a major IT disruption and there are delays at all of our hospitals," said the Barts Health group, which manages major London hospitals. Routine appointments had been canceled and ambulances were being diverted to neighboring hospitals.

RELATED: Secrets within London's River Thames

21 PHOTOS
Secrets within London's River Thames
See Gallery
Secrets within London's River Thames
Stones are seen on the bank of the River Thames during low tide in London, Britain January 23, 2017. REUTERS/Stefan Wermuth
Traffic cones are seen on the bank of the River Thames during low tide in London, Britain January 19, 2017. REUTERS/Stefan Wermuth 
A dead bird lies next to a rose on the bank of the River Thames during low tide in London, Britain January 23, 2017. REUTERS/Stefan Wermuth 
Wooden props are seen on the bank of the River Thames during low tide in London, Britain March 9, 2017. REUTERS/Stefan Wermuth
Material is seen on the bank of the River Thames during low tide in London, Britain February 27, 2017. REUTERS/Stefan Wermuth
An umbrella is seen on the bank of the River Thames during low tide in London, Britain March 2, 2017. REUTERS/Stefan Wermuth 
A water drop hangs on a stalactite along the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
Water trails are seen on the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
Rust is seen along the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
Sand is seen on the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
Bricks covered in mud are seen on the bank of the River Thames during low tide in London, Britain February 27, 2017. REUTERS/Stefan Wermuth
A wooden stick is seen on the bank of the River Thames during low tide in London, Britain January 23, 2017. REUTERS/Stefan Wermuth
Stalactites are seen along the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
A drawing of a face is seen on a wall along the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
Raindrops fall into the River Thames during low tide in London, Britain February 27, 2017. REUTERS/Stefan Wermuth 
A water drop lands in a puddle on the bank of the River Thames during low tide in London, Britain March 3, 2017. REUTERS/Stefan Wermuth 
Water runs out of a bridge pillar along the bank of the River Thames during low tide in London, Britain January 23, 2017. REUTERS/Stefan Wermuth 
Seaweed is seen on the bank of the River Thames during low tide in London, Britain February 24, 2017. REUTERS/Stefan Wermuth 
Seaweed is seen on the bank of the River Thames during low tide in London, Britain January 23, 2017. REUTERS/Stefan Wermuth 
Light is reflected from a wet wall along the bank of the River Thames during low tide in London, Britain February 27, 2017. REUTERS/Stefan Wermuth 
HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

Telecommunications giant Telefonica was among the targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.

Authorities in both countries said the attack was conducted using 'ransomware' - malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access. They identified the type of malware as 'Wanna Cry', also known as 'Wanna Decryptor'.

A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.

SEE ALSO: Trump's top intel official: Russia hacked the Democrats

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement. Still, the news prompted security teams at large financial services firms and businesses around the world to review their plans for defending against ransomware attacks, according to executives with private cyber security firms.

A spokeswoman for Portugal Telecom said: "We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected."

British-based cyber researcher Chris Doman of AlienVault said the ransomware "looks to be targeting a wide range of countries", with preliminary evidence of infections from 14 countries so far, also including Russia, Indonesia and Ukraine.

PM BRIEFED

A spokesman for British Prime Minister Theresa May said she was being kept informed of the incident, which came less than four weeks before a parliamentary election in which national security and the management of the state-run National Health Service (NHS) are important campaign themes.

Authorities in Britain have been braced for possible cyberattacks in the run-up to the vote, as happened during last year's U.S. election and on the eve of this month's presidential vote in France.

But those attacks - blamed on Russia, which has repeatedly denied them - followed a entirely different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

The full extent of Friday's disruption in Britain remained unclear.

"This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors," NHS Digital, the computer arm of the health service, said in a statement.

Britain's National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.

A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

Although cyber extortion cases have been rising for several years, they have to date affected small-to-mid sized organizations, disrupting services provided by hospitals, police departments, public transportation systems and utilities in the United States and Europe.

"Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations," Chris Wysopal, chief technology officer with cyber security firm Veracode, said.

The news is also likely to embolden cyber extortionists when selecting targets, Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint, said.

"Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks," Camacho said.

In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from Spain's National Cryptology Centre of "a massive ransomware attack."

Iberdrola and Gas Natural, along with Vodafone's unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised, representatives from the firms said.

It was not immediately clear how many Spanish organizations had been compromised by the attacks, if any critical services had been interrupted or whether victims had paid cyber criminals to regain access to their networks.

(Additional reporting by Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Kate Holton, Andy Bruce, Michael Holden and David Milliken; Editing by Mark Trevelyan and Ralph Boulton)

Read Full Story

Sign up for Breaking News by AOL to get the latest breaking news alerts and updates delivered straight to your inbox.

Subscribe to our other newsletters

Emails may offer personalized content or ads. Learn more. You may unsubscribe any time.