Ransomware Cyber Attack Using NSA Tools Hits Russian Government, Global Firms and Hospitals

Putin Computer
Russian President Vladimir Putin eyes a computer screen in Moscow on July 16. A cyberattack using a vulnerability in NSA tools hit Russia particularly hard. REUTERS/Alexei Nikolsky/RIA Novosti/Kremlin

Russia has confirmed its Interior Ministry was targeted by a global cyber-attack using hacking tools reportedly created by the U.S. National Security Agency (NSA).

Tens of thousands of computers across almost 100 countries were targeted in a global cyber attack on Friday, with universities, the British health service and major companies such as FedEx all affected. The attackers took over computers, holding the data to ransom, demanding payments of $300-$600 to restore access.

Cyber-extortionists are believed to have used stolen NSA hacking tools and sent spam emails with malware attachments with invoices, job offers, security warnings, and other legitimate files.

Security software maker Avast said on Friday they had observed 57,000 infections in 99 countries and said Russia, Ukraine, and Taiwan were the top targets.

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge. pic.twitter.com/EaZcaxPta4

— Jakub Kroustek (@JakubKroustek) May 12, 2017

The Russian Interior Ministry confirmed in a statement it was hit during the attack: "May 12 the Russian Interior Ministry's department of information technology, communications and information protection recorded a viral attack on the personal computers of the ministry using the Windows operating system.

"Thanks to the timely action taken thousands of infected computers accounting for less than one percent, were blocked."

The ministry said it had prevented the virus from spreading to its "server resources" thanks to computers using non-Windows operating systems and a processor called Elbrus.

The attacks used a malicious software called "WanaCrypt0r 2.0" or WannaCry, which targets Microsoft Windows. The U.S. company released an update patch which cover the vulnerability exploited by the malware in March, however, computers without the patch continue to be vulnerable.

According to the Washington Post Microsoft released their updated patch after learning the vulnerability was exploited by techniques employed by the NSA. Outdated versions of Windows do not receive security updates.

Edward Snowden, the fugitive former NSA contractor criticized the agency for not revealing the vulnerability to certain organizations, such as hospitals, and said COngress should push the NSA on other potential flaws.

If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3

— Edward Snowden (@Snowden) May 12, 2017

In light of today's attack, Congress needs to be asking @NSAgov if it knows of any other vulnerabilities in software used in our hospitals.

— Edward Snowden (@Snowden) May 12, 2017

The hacking tool was originally posted online by a cybercrime group called Shadow Brokers, which dumps stolen NSA files. The perpetrators of the attack are not known.

Another high profile victim was the the U.K.'s national healthcare system. The cyberattack forced hospitals to divert emergency patients and locked doctors and other staff out of their computers. The Guardian reported that the attack prompted the service to cancel operations and make documents such as patient records unavailable in England and Scotland.