Major Cyberattack Sweeps Globe -- Update

By Robert McMillan in San Francisco and Jenny Gross and Denise Roland in London Features Dow Jones Newswires

A massive cyberattack disrupted computer systems in dozens of countries on Friday, with computer-security experts saying unknown hackers targeted a software vulnerability that had allegedly been exploited earlier by the U.S. National Security Agency.

Continue Reading Below

U.S. delivery giant FedEx Corp. was among the companies caught in the cyberattack. The global delivery company said it was "experiencing interference with some of our Windows-based systems caused by malware" and taking steps to fix the problem. It declined to say how widespread the problem was and if deliveries were affected.

England's National Health Service said 16 hospitals and clinics were forced to cancel appointments and divert ambulances as a result of the cyberattack. Russian antivirus vendor Kaspersky Lab ZAO said the malware appeared in 74 countries and hit Russia hardest.

The malware believed to be behind the attacks encrypts data on infected computers and essentially holds it for ransom. Known as WannaCry or Wanna Decryptor, the so-called ransomware program homes in on vulnerabilities in Microsoft Windows systems.

A Microsoft spokeswoman said Friday the company was "aware of the reports" and "looking into the situation."

The attack appears to exploit a vulnerability in Windows for which Microsoft issued a patch on March 14. Several cybersecurity specialists said the same vulnerability was targeted in code released in April by a hacking group calling itself "Shadow Brokers," which said it had stolen the attack code from the NSA.

Continue Reading Below

The NSA has declined to comment on the authenticity of the Shadow Brokers documents.

Antivirus vendor Avast Software s.r.o. said the malware was hitting computers in the U.S., Russia, Ukraine and Taiwan. The Prague-based firm said it had detected more than 57,000 samples of the malware on Friday.

The spread of WannaCry represents "one of the highest peaks for a single ransomware strain" that Avast has recorded this year, said Jakub Kroustek, the leader of Avast's virus team.

In Britain, the NHS said it thought Wanna Decryptor was behind the attack and indicated there was so far no evidence patient data had been accessed. The British government's National Cyber Security Center said on its Twitter account that it was working with the NHS and the National Crime Agency to investigate.

In Spain, the attack caused widespread disruption among companies whose computer systems were infected, according to Luis Corrons, technical director at Spanish antivirus vendor Panda Security S.L. Some firms disconnected themselves from the internet on Friday until they could apply the appropriate software patches, he said.

U.S. authorities have said cyberattacks via ransomware are a growing problem, having previously hit entire computer networks at universities, businesses and hospitals. Last year, Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 to unlock files after an attack crippled a large portion of its computer systems.

In England, NHS clinics in London, the county of Essex and elsewhere issued messages asking patients not to seek medical care unless it was an emergency.

A primary-care doctor in Welwyn Garden City in southeastern England said his practice was unable to make urgent referrals to the local hospital, which was the first to fall victim to the attack.

"I had a patient this morning who may have been having mini-strokes and needed to be seen within 24 hours," he said. "I emailed urgent referrals but couldn't get through...We had to go to a different hospital entirely."

Another of his patients needed an ultrasound scan for a possible pregnancy complication, he said, but computer disruptions had left him unable to make an appointment. His practice has also been unable to access patients' blood test results for most of the day, he said, because that system is also linked to the local hospital.

Ransomware attacks, though seemingly sophisticated, typically start off simply: A hacker tricks someone into opening a seemingly legitimate or innocuous file that contains malicious software. The ruse is known as phishing.

"The majority of ransomware is from phishing attacks, whether that's a receptionist or a doctor on a smartphone," said Emily Orton, founder of British cybersecurity company Darktrace.

Typically users must click on a malicious attachment to install ransomware. The software now circulating comes with a nasty twist, Panda Security's Mr. Corrons said: It is also a worm that replicates itself throughout networks.

"If one computer is infected, not only is it going to encrypt all the files to which it has access. It is also going to infect each and every computer on the network that hasn't patched this vulnerability," he said.

The attack came weeks before a general election in the U.K., set for June 8. British Prime Minister Theresa May said the attack wasn't targeted at the NHS and the government wasn't aware of any evidence that patient data was compromised.

"It's an international attack and a number of countries and organizations have been affected," Mrs. May said.

Jonathan Ashworth, lawmaker for the Labour Party, said the incident underscored the need for the U.K. government to focus efforts on cybersecurity.

"The safety of the public must be the priority and the NHS should be given every resource to bring the situation under control as soon as possible," Mr. Ashworth said.

Stu Woo

and Phil Ziobro contributed to this article.

Write to Robert McMillan at Robert.Mcmillan@wsj.com, Jenny Gross at jenny.gross@wsj.com and Denise Roland at Denise.Roland@wsj.com

(END) Dow Jones Newswires

May 12, 2017 16:33 ET (20:33 GMT)