On Friday, May 11, The Government of Spain warned the nation has been hit by what seems like a ransomware attack. This news has also been confirmed by eldiario.es, a Spanish news outlet which featured snaps of the computers’ blue screen of death text and also the images of the hackers’ demands.
A ransomware is where a cyberattack infects the machine by encrypting all its files, distribute to other Windows machines on the same network, locks access to data and as you can guess, demand ransom (usually in Bitcoins), failure to provide which results in permanent lockdown or deletion of data.
Sources say the culprits took advantage of a critical vulnerability, known as MS17-010, in Windows OS. Same sources also reveal that the attackers are demanding around USD 300 or 274 Euro in Bitcoin before May 15. Should the victims manage to pay the ransom in full before the due date, they will given back the access to the data, or so the hackers promise. If, however, the payment isn’t made before the 19th, hackers will delete all of the encrypted files, which could possibly contain data worth millions of dollars.
While National Cryptology Center did not name the victim at first, it is now known that among the names in the list of its victims, also lies Telefonica, Spain’s largest telecommunications organization.
Fortunately for Telefonica and its user-base, “the problem with the company’s IT systems” seems to have affected only the their internal network and hasn’t “hit clients or the firm’s service to customers.”
Other major companies like Iberdola and Gas Natural, taking lessons from Telefonica’s case, have requested their staff to take preventive measures, even if they include shutting off their computers. On the other hand, Vodafone Spain’s spokesperson said they have asked their employees to disconnect their systems from the internet.
Spain’s National Cryptology center has confirmed it and says this ransomware attack is a variant of the WannaCry virus which, as you can tell, encrypts and locks the data and demands a ransom in exchange for access to the now-locked data.
Similar reports have been surfacing from Pakistan and other corners of the world with people saying they’ve experienced things from blue screen of death (BSoD)to actual notepad files demanding ransom.
— Jorge Blasco (@guizos) May 12, 2017
— ??ustafa Hasan (@RealM_Mustafa) May 12, 2017
Spain’s Cryptology Center’s statement, “There has been an alert relating to a massive ransomware attack on various organisations, which is affecting their Windows systems,” confirms that the attack affects Windows systems including:
- Microsoft Windows Vista SP2
- Windows Server 2008 R2 and R2 SP1
- Windows 7
- Windows 8.1
- Windows RT 8.1
- Windows Server 2012 and R2
- Windows 10
- Windows Server 2016
Spain and Pakistan aren’t the only countries to be hurt with this attack. The attack has already taken its toll on numerous NHS hospitals across the United Kingdom. NHS staff and health journalists were quick to bring it to light as they immediately began tweeting images and shots of alleged conversations between the doctors and the nurses.
East and North Hertfordshire NHS also confirmed they experienced a “major IT problem” likely to be caused by a cyber-attack.
Here’s the malware attack which appears to have hit NHS hospitals right across England today pic.twitter.com/zIAJ6wbAG5
— Lawrence Dunhill (@LawrenceDunhill) May 12, 2017
NHS England seems to be compiling a list of hospitals that have been affected. The East and North Hertfordshire NHS trust have asked residents in the locale not to come to A&E unless the situation is “life-threatening.”