Global cyberattack disrupts shipper FedEx, UK health system

LONDON/MADRID A global cyberattack leveraging hacking tools widely believed by researchers to have been developed by the U.S. National Security Agency hit international shipper FedEx, disrupted Britain’s health system and infected computers in dozens of other countries on Friday.

Russian cyber security software maker Kaspersky Lab said its researchers had observed more than 45,000 attacks in 74 countries as of early Friday, although it expected the numbers to increase.

British hospitals and clinics were forced to turn away patients because their computers were infected by a pernicious new form of “ransomware” that rapidly spread across the globe, demanding payments of as much as $600 to restore access and scrambling data.

Leading international shipper FedEx Corp said it was one of the companies whose Microsoft Corp Windows system was infected with the malware that security firms said was delivered via spam emails.

Only a small number of U.S.-headquartered organizations were infected because the hackers appear to have begun the campaign by targeting organizations in Europe, said Vikram Thakur, research manager with security software maker Symantec.

By the time they turned their attention to U.S. organizations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Thakur said.

“Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” a spokeswoman said in a statement. “We are implementing remediation steps as quickly as possible.”

Telecommunications company Telefonica was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services. Portugal Telecom and Telefonica Argentina both said they were also targeted in the attacks.

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

“Once it gets in and starts moving across the infrastructure, there is no way to stop it,” said Adam Meyers, a researcher with cyber security firm CrowdStrike.

The hackers, who have not come forward to claim responsibility or otherwise been identified, likely made it a “worm,” or self spreading malware, by exploiting a piece of NSA code known as “Eternal Blue” that was released last month by a group known as the Shadow Brokers, researchers with several private cyber security firms said.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

Read Full Content at: Source Reuters