Cyberattack Hits Dozen Nations 'Using Leaked NSA Hacking Tool'

Scope of attack remains unclear as British health system, Spanish telecommunications company targeted; authorities identified type of malware as 'Wanna Cry'

The face of an attendee is reflected in a laptop computer screen and overlaid with code as he participates in the TechCrunch Disrupt London 2015 Hackathon in London, U.K., on Saturday, Dec. 5, 2015.
The face of an attendee is reflected in a laptop computer screen and overlaid with code as he participates in the TechCrunch Disrupt London 2015 Hackathon in London, U.K., on Saturday, Dec. 5, 2015. Luke MacGregor/Bloomberg

A massive cyberattack struck at least a dozen nations across Europe and Asia, causing disruption to Britain's health system on Friday and infecting many Spanish companies with malicious software, security researchers said. 

The attack, which was first reported as targeting British National Health Service, involved "ransomware" - malicious software that infects machines, locks them up by encrypting data and demands a ransom to restore access.

According to security experts quoted by the New York Times, "it exploited a vulnerability that was discovered and developed by the National Security Agency."

According to the report, the tool was leaked by a hacker group known as Shadow Brokers, which leaked tools developed by the NSA to hack computers using Microsoft’s Windows operating system.

Hospitals and doctors' surgeries in parts of England were forced to turn away patients and cancel appointments due to the attack. People in affected areas were being advised to seek medical care only in emergencies.

"We are experiencing a major IT disruption and there are delays at all of our hospitals," said the Barts Health group, which manages major London hospitals. Routine appointments had been cancelled and ambulances were being diverted to neighboring hospitals. 

Telecommunications giant Telefonica was among the targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. 

Authorities identified the type of malware as 'Wanna Cry', also known as 'Wanna Decryptor.' 

A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files. 

In Spain, the attacks did not disrupt the provision of services or networks operations of the victims, the government said in a statement. Still, the news prompted security teams at large financial services firms and businesses around the world to review their plans for defending against ransomware attacks, according to executives with private cyber security firms.

A spokeswoman for Portugal Telecom said: "We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services were affected." 

British based cyber researcher Chris Doman of AlienVault said the ransomware "looks to be targeting a wide range of countries", with preliminary evidence of infections from 14 countries so far, also including Russia, Indonesia and Ukraine.

The BBC quoted a cyber expert with the security firm Kaspersky as saying that the ransomware had hit in at least 74 countries world wide.

British Prime Minister Theresa May said that the cyberattack was part of a broader international attack.