This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates
The article has changed 42 times. There is an RSS feed of changes available.
Previous version
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Next version
| Version 14 | Version 15 |
|---|---|
| Cyber-attack hits 99 countries with UK hospitals among targets – live updates | |
| (35 minutes later) | |
| 3.32am BST | |
| 03:32 | |
| The human cost of what is a random attack, spread via email, is still emerging. In the UK, thousands of patients faced disruption as x-rays, test results and patient records became unavailable and operations were cancelled. | |
| Royal London hospital had to delay the release of newborns to go home, according to one father, whose child did not have any wrist tags. Warren Jones said: “It is normal to have two baby tags – we have got no tags. They can’t print them out, I’m guessing. It is a bit disappointing, really. I don’t know how easy it is but they have taken over a whole system and shut it down.” | |
| Patient transfers were also hit. One woman said her daughter, who is in a wheelchair, could no longer be moved to another hospital. “I went to the nurses: ‘Oh, I need to know, is it tonight?’ and they went: ‘Did you not hear about the cyber-attack? Everything is on hold.’” | |
| You can read more here: | |
| 3.21am BST | |
| 03:21 | |
| NHS Digital, the information arm of the UK’s health service, has said “we do not have any evidence” that patient data has been accessed as a result of the attack. It has yet to address the issue of whether the organisation’s IT network had an outdated security set-up. | |
| 3.04am BST | |
| 03:04 | |
| I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental. | |
| 2.53am BST | 2.53am BST |
| 02:53 | 02:53 |
| Here is the full read on the cybersecurity researcher who appears to have played a huge role in tackling the spread of the malware, by taking control of the domain name to which the code is linked. | Here is the full read on the cybersecurity researcher who appears to have played a huge role in tackling the spread of the malware, by taking control of the domain name to which the code is linked. |
| 2.35am BST | 2.35am BST |
| 02:35 | 02:35 |
| Officials in Australia are working to ascertain whether the attack has affected organisations there. The prime minister, Malcolm Turnbull, said via a spokesman: “We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia’s critical infrastructure.” | Officials in Australia are working to ascertain whether the attack has affected organisations there. The prime minister, Malcolm Turnbull, said via a spokesman: “We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia’s critical infrastructure.” |
| There are no confirmed reports Australian organisations have been hit. | There are no confirmed reports Australian organisations have been hit. |
| 2.23am BST | 2.23am BST |
| 02:23 | 02:23 |
| Thank you, Sam. Friday’s ransomware attack has seen Taiwan become one of its main victims and we’re working to find out more details about how organisations there have been affected. The island is one of the most hacked places in the world, with its geopolitical situation. Dozens of its schools have been targeted with ransomware this year. Of course, this latest cyber-attack is more random in nature. | Thank you, Sam. Friday’s ransomware attack has seen Taiwan become one of its main victims and we’re working to find out more details about how organisations there have been affected. The island is one of the most hacked places in the world, with its geopolitical situation. Dozens of its schools have been targeted with ransomware this year. Of course, this latest cyber-attack is more random in nature. |
| 2.07am BST | 2.07am BST |
| 02:07 | 02:07 |
| What we know so far | What we know so far |
| Here’s what we know so far about the massive ransomware cyber-attack that has affected countries across the globe: | Here’s what we know so far about the massive ransomware cyber-attack that has affected countries across the globe: |
| There have been reports of tens of thousands of attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy and Egypt. | There have been reports of tens of thousands of attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy and Egypt. |
| The NHS was hit as part of the attack, and staff across at least 16 trusts in the UK were affected – locked out of computers and forced to divert emergency patients. | The NHS was hit as part of the attack, and staff across at least 16 trusts in the UK were affected – locked out of computers and forced to divert emergency patients. |
| Thousands of patients across England and Scotland were stuck in limbo, with many having operations cancelled at the last minute. | Thousands of patients across England and Scotland were stuck in limbo, with many having operations cancelled at the last minute. |
| By late Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia were most hard hit. | By late Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia were most hard hit. |
| A group called Shadow Brokers made the malware dump available online earlier this month, claiming to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). | A group called Shadow Brokers made the malware dump available online earlier this month, claiming to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). |
| The malicious software is known as WanaCrypt0r 2.0 and was asking for a $300 (£233) ransom per machine to be paid in cryptocurrency Bitcoin to unlock computers. | The malicious software is known as WanaCrypt0r 2.0 and was asking for a $300 (£233) ransom per machine to be paid in cryptocurrency Bitcoin to unlock computers. |
| In Spain, megaphone announcements told employees at telecom giant Telefónica to shut down their workstations immediately while the attack spread. | In Spain, megaphone announcements told employees at telecom giant Telefónica to shut down their workstations immediately while the attack spread. |
| Scotland reported that 11 health boards and its ambulance service attacked. | Scotland reported that 11 health boards and its ambulance service attacked. |
| Whistleblower Edward Snowden blamed the NSA, saying: “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.” | Whistleblower Edward Snowden blamed the NSA, saying: “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.” |
| FedEx also announced it was impacted and said it was “implementing remediation steps as quickly as possible”. | FedEx also announced it was impacted and said it was “implementing remediation steps as quickly as possible”. |
| The Guardian’s Graham Russell will now be taking over the blog. | The Guardian’s Graham Russell will now be taking over the blog. |
| 1.57am BST | 1.57am BST |
| 01:57 | 01:57 |
| Olivia Solon | Olivia Solon |
| Guardian tech reporter Olivia Solon explains how a cybersecurity researcher was able to block the spread of the malware: | Guardian tech reporter Olivia Solon explains how a cybersecurity researcher was able to block the spread of the malware: |
| The global spread of the WannaCry ransomware has been stopped by a cybersecurity researcher tweeting as @malwaretechblog, with the help of a researcher at Proofpoint. | The global spread of the WannaCry ransomware has been stopped by a cybersecurity researcher tweeting as @malwaretechblog, with the help of a researcher at Proofpoint. |
| The malware contains a hardcoded “kill switch” that the creator could choose to implement if he or she wanted. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. Of course, this relies on the creator of the malware registering the specific domain. In this case, the creator failed to do this. And @malwaretechblog did early this morning (Pacific Time), stopping the rapid proliferation of the ransomware. | The malware contains a hardcoded “kill switch” that the creator could choose to implement if he or she wanted. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. Of course, this relies on the creator of the malware registering the specific domain. In this case, the creator failed to do this. And @malwaretechblog did early this morning (Pacific Time), stopping the rapid proliferation of the ransomware. |
| “They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.” | “They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.” |
| The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected, but gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. | The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected, but gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. |
| It’s possible that there are other variances of the malware with different kill switches that have not yet been intercepted. | It’s possible that there are other variances of the malware with different kill switches that have not yet been intercepted. |
| 1.35am BST | 1.35am BST |
| 01:35 | 01:35 |
| Patients left waiting for hours | Patients left waiting for hours |
| There are thousands of patients across England and Scotland who have been left in limbo, many forced to cancel operations at the last minute, the Guardian’s Kevin Rawlinson reports: | There are thousands of patients across England and Scotland who have been left in limbo, many forced to cancel operations at the last minute, the Guardian’s Kevin Rawlinson reports: |
| Senior medics sought to reassure patients that they could be seen in the normal way in emergencies, but others were asked to stay away if possible. | Senior medics sought to reassure patients that they could be seen in the normal way in emergencies, but others were asked to stay away if possible. |
| According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. “However much they pretend patient safety is unaffected, it’s not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” the doctor told the Guardian. | According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. “However much they pretend patient safety is unaffected, it’s not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine,” the doctor told the Guardian. |
| Read more about the chaos in hospitals here: | Read more about the chaos in hospitals here: |
| 1.18am BST | 1.18am BST |
| 01:18 | 01:18 |
| The US Department of Homeland Security (DHS) has released a statement saying it is “aware of reports of ransomware known as WannaCry affecting multiple global entities”. DHS noted that Microsoft released a patch in March that addresses this vulnerability, adding: | The US Department of Homeland Security (DHS) has released a statement saying it is “aware of reports of ransomware known as WannaCry affecting multiple global entities”. DHS noted that Microsoft released a patch in March that addresses this vulnerability, adding: |
| Individual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school. | Individual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school. |
| DHS said it is also “actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally”. The agency further said it is working with chief information officers in other US federal departments to ensure “our own networks are protected against the threat”. | DHS said it is also “actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally”. The agency further said it is working with chief information officers in other US federal departments to ensure “our own networks are protected against the threat”. |
| 12.48am BST | 12.48am BST |
| 00:48 | 00:48 |
| The rapid spread of the malware may have been stopped when a researcher who tweets at MalwareTech and works for security firm Kryptos Logic took control of key domain name, according to tech blog ArsTechnica. | The rapid spread of the malware may have been stopped when a researcher who tweets at MalwareTech and works for security firm Kryptos Logic took control of key domain name, according to tech blog ArsTechnica. |
| God damn. Looks like @MalwareTechBlog stopped the spread of this global ransomware attack https://t.co/pgDiTS9oTR pic.twitter.com/YyFKt7cQwy | God damn. Looks like @MalwareTechBlog stopped the spread of this global ransomware attack https://t.co/pgDiTS9oTR pic.twitter.com/YyFKt7cQwy |
| The site reports: | The site reports: |
| The address appeared to serve as a sort of kill switch the attackers could use to terminate the campaign. MalwareTech’s registration had the effect of ending the attacks that had started earlier Friday morning in other parts of the world. As a result, the number of infection detections plateaued dramatically in the hours following the registration. | The address appeared to serve as a sort of kill switch the attackers could use to terminate the campaign. MalwareTech’s registration had the effect of ending the attacks that had started earlier Friday morning in other parts of the world. As a result, the number of infection detections plateaued dramatically in the hours following the registration. |
| This won’t, however, help companies that have already been infected. | This won’t, however, help companies that have already been infected. |
| 12.31am BST | 12.31am BST |
| 00:31 | 00:31 |
| Corporations in Spain regain control | Corporations in Spain regain control |
| The Cybersecurity National Institute in Spain is reporting that many of the country’s corporations targeted in the ransomware attack are regaining control over their systems and resuming operations, according to the AP. | The Cybersecurity National Institute in Spain is reporting that many of the country’s corporations targeted in the ransomware attack are regaining control over their systems and resuming operations, according to the AP. |
| A statement released by the institute did not identify affected companies, though Telefonica, Spain’s telecommunications corporation, acknowledged the attack earlier in the day. | A statement released by the institute did not identify affected companies, though Telefonica, Spain’s telecommunications corporation, acknowledged the attack earlier in the day. |
| The institute said that many Spanish corporations were alerted early enough that they were able to dodge the malware, the AP reported. | The institute said that many Spanish corporations were alerted early enough that they were able to dodge the malware, the AP reported. |
| Telefonica said earlier that the attack was limited to its internal network computers and had not impacted services or clients. | Telefonica said earlier that the attack was limited to its internal network computers and had not impacted services or clients. |
| 12.07am BST | 12.07am BST |
| 00:07 | 00:07 |
| US congressman Ted Lieu, a Democrat from California and one of the more technologically savvy lawmakers, criticized the NSA’s suspected role in the WannaCry malware on Twitter. | US congressman Ted Lieu, a Democrat from California and one of the more technologically savvy lawmakers, criticized the NSA’s suspected role in the WannaCry malware on Twitter. |
| Best way to protect US & the world is for NSA/CIA to DISCLOSE zero-day vulnerabilities to software owner, NOT WRITE MALWARE. #ransomware https://t.co/dAsbDJywHt | Best way to protect US & the world is for NSA/CIA to DISCLOSE zero-day vulnerabilities to software owner, NOT WRITE MALWARE. #ransomware https://t.co/dAsbDJywHt |
| If true, unacceptable NSA wrote malware & did not disclose vulnerability. I've been working on bill to address this very issue. #ransomware https://t.co/sujC648iZs | If true, unacceptable NSA wrote malware & did not disclose vulnerability. I've been working on bill to address this very issue. #ransomware https://t.co/sujC648iZs |
| To be clear, the NSA is not necessarily suspected of writing the actual malware involved in this hack, but rather of knowing about and failing to disclose the flaw in Windows that the ransomware exploits. | To be clear, the NSA is not necessarily suspected of writing the actual malware involved in this hack, but rather of knowing about and failing to disclose the flaw in Windows that the ransomware exploits. |
| Software companies offer bug bounties to hackers who inform them about such vulnerabilities, allowing them to issue security patches through software updates. But intelligence agencies stockpile their knowledge of such flaws in order to use them for intelligence gathering or cyber warfare. | Software companies offer bug bounties to hackers who inform them about such vulnerabilities, allowing them to issue security patches through software updates. But intelligence agencies stockpile their knowledge of such flaws in order to use them for intelligence gathering or cyber warfare. |
| Sam Levin in San Francisco will be taking over the blog for now. | Sam Levin in San Francisco will be taking over the blog for now. |
| Updated | Updated |
| at 12.09am BST | at 12.09am BST |
| 11.58pm BST | 11.58pm BST |
| 23:58 | 23:58 |
| The National Cyber Security Centre’s CEO Ciaran Martin has issued a new statement on the ransomware attack. | The National Cyber Security Centre’s CEO Ciaran Martin has issued a new statement on the ransomware attack. |
| Martin said the NCSC is “working round the clock” with UK, international, and private sector partners to respond to the attack, and reiterated that there is no evidence that NHS patient data has been stolen. | Martin said the NCSC is “working round the clock” with UK, international, and private sector partners to respond to the attack, and reiterated that there is no evidence that NHS patient data has been stolen. |
| “We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.” | “We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.” |
| The NCSC’s guidance for protecting yourself from ransomware can be found here. | The NCSC’s guidance for protecting yourself from ransomware can be found here. |
| 11.35pm BST | 11.35pm BST |
| 23:35 | 23:35 |
| The Russian interior ministry said earlier today that about 1,000 computers of its computers had been affected. The country’s largest bank, Sberbank, was also targeted, according to the Associated Press, but said that it had successfully repelled the attack. | The Russian interior ministry said earlier today that about 1,000 computers of its computers had been affected. The country’s largest bank, Sberbank, was also targeted, according to the Associated Press, but said that it had successfully repelled the attack. |
| Russia was hit early and hard by the attack, which could be a sign that the attacks originated in that country, according to Markus Jakobsson, chief scientist with security firm Agari. | Russia was hit early and hard by the attack, which could be a sign that the attacks originated in that country, according to Markus Jakobsson, chief scientist with security firm Agari. |
| Since the malware spreads by email, he told the Guardian, it’s possible that the criminals had access to a large database of Russian email addresses. | Since the malware spreads by email, he told the Guardian, it’s possible that the criminals had access to a large database of Russian email addresses. |
| However, Jakobsson warned that the origin of the attack remains unconfirmed. | However, Jakobsson warned that the origin of the attack remains unconfirmed. |
| 10.59pm BST | 10.59pm BST |
| 22:59 | 22:59 |
| Scotland: 11 health boards and ambulance service attacked | Scotland: 11 health boards and ambulance service attacked |
| Eleven of Scotland’s 14 geographical health boards and its ambulance service have been affected by the global cyberattack, according to the Press Association. | Eleven of Scotland’s 14 geographical health boards and its ambulance service have been affected by the global cyberattack, according to the Press Association. |
| “I have convened a Scottish Government resilience meeting to ensure that we are closely monitoring the situation,” first minister Nicola Sturgeon said. “All necessary steps are being taken to ensure that the cause and nature of this attack is identified. There is no evidence that patient data has been compromised.” | “I have convened a Scottish Government resilience meeting to ensure that we are closely monitoring the situation,” first minister Nicola Sturgeon said. “All necessary steps are being taken to ensure that the cause and nature of this attack is identified. There is no evidence that patient data has been compromised.” |
| The impacted health boards are NHS Borders, Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, Western Isles, Highlands, Grampian, Ayrshire and Arran, and the Scottish Ambulance Service. | The impacted health boards are NHS Borders, Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, Western Isles, Highlands, Grampian, Ayrshire and Arran, and the Scottish Ambulance Service. |
| 10.44pm BST | 10.44pm BST |
| 22:44 | 22:44 |
| Ransomware attacks have been on the rise around the globe, and hospitals are particularly vulnerable, thanks to outdated IT systems and increasing reliance on electronic health records. | Ransomware attacks have been on the rise around the globe, and hospitals are particularly vulnerable, thanks to outdated IT systems and increasing reliance on electronic health records. |
| The BBC reported in April that the NHS hospital trusts in England saw 55 cyber attacks in 2016. | The BBC reported in April that the NHS hospital trusts in England saw 55 cyber attacks in 2016. |
| Last year, a hospital in Los Angeles was infected with ransomware. Doctors and nurses resorted to using paper charts and fax machines for days before the hospital paid $17,000 in bitcoin to the ransomware hackers. | Last year, a hospital in Los Angeles was infected with ransomware. Doctors and nurses resorted to using paper charts and fax machines for days before the hospital paid $17,000 in bitcoin to the ransomware hackers. |
| “The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences,” Mike Viscuso, chief techology officer of security firm Carbon Black, told the Guardian. “When patients’ lives are at stake, there is no time for finger pointing but this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked.” | “The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences,” Mike Viscuso, chief techology officer of security firm Carbon Black, told the Guardian. “When patients’ lives are at stake, there is no time for finger pointing but this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked.” |