Hackers Hit Dozens of Countries Exploiting Stolen N. S.A. Tool -
By NICOLE PERLROTH and DAVID E. SANGERMAY 12, 2017
SAN FRANCISCO — Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday
that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.
The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N. S.A.
or other intelligence agencies, but former intelligence officials have said
that the tools appeared to come from the N. S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks.
One reason the ransomware on Friday was able to spread so quickly was that the stolen N. S.A.
hacking tool, known as “Eternal Blue,” affected a vulnerability in Microsoft Windows servers.
Britain’s health secretary, Jeremy Hunt, was briefed by cybersecurity experts, while Prime Minister Theresa May’s office said on television
that “we’re not aware of any evidence that patient data has been compromised.”
As the day wore on, dozens of companies across Europe, Asia and the United States discovered
that they had been hit with the ransomware when they saw criminals’ messages on their computer screens demanding $300 to unlock their data.
On Friday, hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to patch their systems, either
because they had ignored advisories from Microsoft or because they were using outdated software that Microsoft no longer supports or updates.