This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/technology/live/2017/may/15/ransomware-attacks-uk-government-defends-investment-in-security-live

The article has changed 16 times. There is an RSS feed of changes available.

Version 6 Version 7
Ransomware attacks: 29,000 infections in China as working week begins - live updates Ransomware attacks: 29,000 infections in China as working week begins - live updates
(35 minutes later)
12.01pm BST
12:01
The French government cyber security agency ANSII knows of “fewer than 10” French companies that have fallen victim to a global hacking attack that hit car factories, hospitals and other organisations in about 100 countries, an ANSII spokesman said on Monday.
11.39am BST11.39am BST
11:3911:39
Where's Hunt?Where's Hunt?
The Prime Minister’s official spokesman has defended health secretary Jeremy Hunt’s lack of public statements or appearances since the cyberattack on Friday.The Prime Minister’s official spokesman has defended health secretary Jeremy Hunt’s lack of public statements or appearances since the cyberattack on Friday.
“This is an international cyber crime, committed on an unprecedented scale.“This is an international cyber crime, committed on an unprecedented scale.
“The Home Secretary has the lead on responding to crime and cyber crime and it is quite right that she should be taking the lead.“The Home Secretary has the lead on responding to crime and cyber crime and it is quite right that she should be taking the lead.
“The Health Secretary has been working round the clock on co-ordinating the NHS response to this, which has been a hugely impressive response.“The Health Secretary has been working round the clock on co-ordinating the NHS response to this, which has been a hugely impressive response.
“Both the Prime Minister and the Health Secretary pass on their thanks to NHS staff who have been working round the clock over this weekend.”“Both the Prime Minister and the Health Secretary pass on their thanks to NHS staff who have been working round the clock over this weekend.”
Home Secretary Amber Rudd is to chair a meeting of the Government’s emergency Cobra committee at the Cabinet Office on Whitehall at 5pm on Monday to assess progress on dealing with the attack. Hunt will not be attending.Home Secretary Amber Rudd is to chair a meeting of the Government’s emergency Cobra committee at the Cabinet Office on Whitehall at 5pm on Monday to assess progress on dealing with the attack. Hunt will not be attending.
11.15am BST11.15am BST
11:1511:15
PM denies claims Government ignored cyber-attack warningsPM denies claims Government ignored cyber-attack warnings
Theresa May has rejected claims the government ignored warnings the NHS was vulnerable to a possible cyber security attack.Theresa May has rejected claims the government ignored warnings the NHS was vulnerable to a possible cyber security attack.
The Prime Minister said warnings had been given to hospital trusts.The Prime Minister said warnings had been given to hospital trusts.
During a visit to Oxfordshire, she insisted cyber security was being taken seriously in Whitehall.During a visit to Oxfordshire, she insisted cyber security was being taken seriously in Whitehall.
Asked if warnings had been ignored, May said: “No. It was clear warnings were given to hospital trusts but this is not something that focused on attacking the NHS here on the UK.”Asked if warnings had been ignored, May said: “No. It was clear warnings were given to hospital trusts but this is not something that focused on attacking the NHS here on the UK.”
May said the Government was putting £2 billion into cyber security.May said the Government was putting £2 billion into cyber security.
She added: “Europol say there are 200,000 victims across the world.She added: “Europol say there are 200,000 victims across the world.
“Cyber security is an issue that we need to address. That’s why the Government, when we came into Government in 2010, put money into cyber security.“Cyber security is an issue that we need to address. That’s why the Government, when we came into Government in 2010, put money into cyber security.
“It’s why we are putting £2 billion into cyber security over the coming years and, of course, created the National Cyber Security Centre.“It’s why we are putting £2 billion into cyber security over the coming years and, of course, created the National Cyber Security Centre.
“We take cyber security seriously.”“We take cyber security seriously.”
UpdatedUpdated
at 11.25am BSTat 11.25am BST
11.15am BST11.15am BST
11:1511:15
If you paid money as a victim of ransomware we’d like to hear from you. How much were you asked to pay? Why did you decide to pay the ransom? What happened afterwards? We’d also like to hear the experiences of those who paid in other recent attacks.You can share your stories with us - anonymously if you wish - by filling in our form here.If you paid money as a victim of ransomware we’d like to hear from you. How much were you asked to pay? Why did you decide to pay the ransom? What happened afterwards? We’d also like to hear the experiences of those who paid in other recent attacks.You can share your stories with us - anonymously if you wish - by filling in our form here.
11.04am BST11.04am BST
11:0411:04
Few major problems have been reported in India with the hea of the government response team saying “everything seems to be normal, so far”, AP reports.Few major problems have been reported in India with the hea of the government response team saying “everything seems to be normal, so far”, AP reports.
Experts estimated 5% of affected computers were in India, with the Computer Emergency Response Team of India issuing a red-colored “critical alert”.Experts estimated 5% of affected computers were in India, with the Computer Emergency Response Team of India issuing a red-colored “critical alert”.
But few major problems were reported. The head of the government response team told Press Trust of India news agency that “everything seems to be normal, so far. No reports have come in” detailing cyberattacks in the country.But few major problems were reported. The head of the government response team told Press Trust of India news agency that “everything seems to be normal, so far. No reports have come in” detailing cyberattacks in the country.
10.42am BST10.42am BST
10:4210:42
Microsoft’s top lawyer has called on governments around the world to treat the international cyber attack as a “wake-up call” as he laid part of the blame at the door of the US administration, PA reports.Microsoft’s top lawyer has called on governments around the world to treat the international cyber attack as a “wake-up call” as he laid part of the blame at the door of the US administration, PA reports.
Brad Smith, the technology firm’s president and chief legal officer, criticised US intelligence agencies the CIA and the National Security Agency (NSA) for “stockpiling” software code which could be exploited by hackers.Brad Smith, the technology firm’s president and chief legal officer, criticised US intelligence agencies the CIA and the National Security Agency (NSA) for “stockpiling” software code which could be exploited by hackers.
Smith said the “ransomware” attacks had used data stolen from the NSA earlier this year, which contained information on software vulnerabilities the government had hoped to hoard, and subsequently leaked them online.Smith said the “ransomware” attacks had used data stolen from the NSA earlier this year, which contained information on software vulnerabilities the government had hoped to hoard, and subsequently leaked them online.
In a blog post, he said: “An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.In a blog post, he said: “An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.
“And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today - nation-state action and organised criminal action.”“And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today - nation-state action and organised criminal action.”
10.29am BST10.29am BST
10:2910:29
“Hundreds of thousands” of Chinese computers at nearly 30,000 institutions including government agencies have been hit by the global ransomware attack, a leading Chinese security-software provider has said.“Hundreds of thousands” of Chinese computers at nearly 30,000 institutions including government agencies have been hit by the global ransomware attack, a leading Chinese security-software provider has said.
The enterprise-security division of Qihoo 360, one of China’s leading suppliers of anti-virus software, said 29,372 institutions ranging from government offices to universities, ATMs and hospitals had been “infected” by the outbreak as of late Saturday, AFP reports.The enterprise-security division of Qihoo 360, one of China’s leading suppliers of anti-virus software, said 29,372 institutions ranging from government offices to universities, ATMs and hospitals had been “infected” by the outbreak as of late Saturday, AFP reports.
In a statement dated Sunday, Qihoo 360 said the ransomware had spread particularly quickly through higher education, affecting more than 4,000 Chinese universities and research institutions.In a statement dated Sunday, Qihoo 360 said the ransomware had spread particularly quickly through higher education, affecting more than 4,000 Chinese universities and research institutions.
It gave few details on the extent of any damage, however, and China’s government has said little about the situation.It gave few details on the extent of any damage, however, and China’s government has said little about the situation.
10.16am BST10.16am BST
10:1610:16
Blackpool Teaching Hospitals NHS Foundation Trust, NHS Blackpool Clinical Commissioning Group (CCG) and NHS Fylde and Wyre CCG are still experiencing some IT problems.Blackpool Teaching Hospitals NHS Foundation Trust, NHS Blackpool Clinical Commissioning Group (CCG) and NHS Fylde and Wyre CCG are still experiencing some IT problems.
They said services are open and operating “as best as possible” but asked patients only to attend A&E in life-threatening and urgent cases.They said services are open and operating “as best as possible” but asked patients only to attend A&E in life-threatening and urgent cases.
Many GP practice computer and telephone systems in the area have also been affected by the attack, though all will be open as usual today. However, patients may be required to wait longer to be seen.Many GP practice computer and telephone systems in the area have also been affected by the attack, though all will be open as usual today. However, patients may be required to wait longer to be seen.
9.58am BST9.58am BST
09:5809:58
The Royal Liverpool and Broadgreen University Hospitals Trust reported their IT system had not been attacked and was operating normally.The Royal Liverpool and Broadgreen University Hospitals Trust reported their IT system had not been attacked and was operating normally.
Likewise the Pennine Acute Hospitals NHS Trust, which runs hospitals in Manchester, Oldham and Rochdale, said they had not been affected by the attack but had taken precautionary measures to protect their IT systems.Likewise the Pennine Acute Hospitals NHS Trust, which runs hospitals in Manchester, Oldham and Rochdale, said they had not been affected by the attack but had taken precautionary measures to protect their IT systems.
9.58am BST9.58am BST
09:5809:58
The Southport and Ormskirk Hospital NHS Trust said patient safety is being “maintained” but difficulties are continuing.The Southport and Ormskirk Hospital NHS Trust said patient safety is being “maintained” but difficulties are continuing.
Patients scheduled to have operations today have been asked not to attend hospital unless they have been contacted directly.Patients scheduled to have operations today have been asked not to attend hospital unless they have been contacted directly.
All outpatients and endoscopy appointments and routine MRI and CT scans scheduled for today have also been cancelled.All outpatients and endoscopy appointments and routine MRI and CT scans scheduled for today have also been cancelled.
Patients have been contacted directly if they need to attend, the trust said.Patients have been contacted directly if they need to attend, the trust said.
Patients needing dialysis have been told to attend as usual and the pregnancy assessment unit and all antenatal clinics will be open as usual.Patients needing dialysis have been told to attend as usual and the pregnancy assessment unit and all antenatal clinics will be open as usual.
9.53am BST
09:53
New cyber chaos appears to have been avoided - Europol
European governments and companies appeared early Monday to have avoided further fallout from a crippling global cyberattack, the police agency Europol said.
“The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success,” senior spokesman for Europol, Jan Op Gen Oorth told AFP.
“It seems that a lot of internet security guys over the weekend did their homework and ran the security software updates.”
Europol said more than 200,000 computers around the world had been affected over the weekend in what it said was “an unprecedented attack”.
Europol executive director Rob Wainwright had warned on Sunday the situation could worsen when workers return to their offices on Monday after the weekend and logged on.
9.40am BST
09:40
No patient data has been lost in the ransomware attack on Scottish NHS computer systems, Nicola Sturgeon has said.
Eleven health boards as well as NHS National Services and the Scottish Ambulance Service were affected Friday’s attack, PA reports.
The attack impacted on acute hospital sites in Lanarkshire, as well as GP surgeries, dental practices and other primary care centres around the country.
Systems in Scotland were expected to be recovered by Monday and the First Minister said more than 120 public bodies have been contacted to ensure their defences are adequate.
9.30am BST
09:30
Foreign Secretary Boris Johnson, arriving in Brussels for a meeting of EU foreign ministers, said the cyber-threat was not on the agenda.
He said: “Cyber-security is a huge issue for all of us in all our countries.
“It’s not specifically on the agenda today, but a huge amount of work goes on between the UK Government and all our friends and partners around Europe, and indeed in the United States, where they are now stepping up their precautions against cyber attacks of these kinds.”
9.13am BST
09:13
Fewer than a hundred victims of attack have paid ransom - analysis
Alex Hern
Three days on from the initial outbreak, fewer than a hundred victims of the WeCry malware appear to have given in and paid the ransom, according to analysis of the two bitcoin addresses to which the software demanded payment.
In order to restore encrypted files, the malware demands a payment of $300 in the cryptocurrency, sent to one of two addresses hardcoded into the software. Yet the contents of the addresses, which like all bitcoin wallets are publicly viewable, shows just under 14 bitcoin has been sent to them in total. At current exchange rates, that is worth slightly under $25,000, suggesting just 82 victims have paid the ransom.
The three-day deadline is notable: at the end of the that period, the ransom doubles, to $600, which means many of those who are planning on paying the fee will have already done so. A week after infection, the malware claims, the encryption key will be deleted forever.
The low figure of ransoms paid may not be as counterintuitive as it first seems. For smaller firms and individuals hit by ransomware, the key risk is total loss of files due to faulty, or non-existent, backups. For many of them, the motivation to pay the ransom will be high, even if it is unclear whether the malware author will actually had over the encryption key.
But larger firms and organisations, like those very publicly hit on Friday, backups will exist. The key damage of the ransomware instead lies in the time during which the machines are rendered unusable, and paying the fine won’t reduce that period by much more than restoring from backups.
Additionally, the malware spread itself primarily through exploitation of a Windows vulnerability, first discovered by the NSA, leaked by a group of hackers calling themselves Shadow Brokers, and fixed by Microsoft three months ago. Smaller organisations with less complex IT needs often install patches more quickly than larger firms, which need to test how the update affects their intricate networks.
The fact that we have the ability to track the payments sent to the hackers at all is yet another piece of evidence underlining the relative incompetence of the authors of the software, according to security researchers. More advanced ransomware automatically generates a new bitcoin address for each victim, to aid both tracking who has paid, and obscure the identity of the criminals.
The other major piece of evidence for the author or authors’ inexperience, according to researchers, is the existence of a “kill switch” in the codewhich allowed a malware researcher to prematurely end the spread of the software.
8.46am BST
08:46
Health secretary warned last year of NHS hacking risk - reports
Jeremy Hunt was warned last summer that the NHS was failing to prioritise cybersecurity and continued to use obsolete computer systems, the Times reported.
The Care Quality Commission and Dame Fiona Caldicott, the national data guardian, wrote to the health secretary to point out a worrying “lack of understanding of security issues” and that “the external cyberthreat is becoming a bigger consideration”.
The letter last July proposed a 13-point plan to improve cybersecurity including the replacement of obsolete IT systems “as a matter of urgency”.
8.23am BST
08:23
York Teaching Hospital NHS Foundation Trust, which was hit by the attack on Friday, said some out-patient appointments had been cancelled on Monday - especially at Selby War Memorial Hospital - but most were not affected.
The trust said bone scan appoints had been cancelled in Scarborough and in Selby: “All outpatient appointments are cancelled except blood-taking and MSK physiotherapy.”
But it said in a statement: “All outpatient clinics at York Hospital, Malton Hospital, Bridlington Hospital are going ahead.
“Planned operations are also going ahead as scheduled.”
The statement added: “The situation will be reviewed daily and information will be shared regarding any cancellations to appointments and services later in the week.
“There will be some delays to our services as we recover from the effects of the cyber attack, and we ask for people’s patience and understanding as we work to fully restore our systems.
“We will ensure that we re-schedule any cancelled appointments as soon as possible.”
8.22am BST
08:22
Cyber attack hero fears for safety after being named
The British cybersecurity researcher described as an “accidental hero” for halting the global spread of the ransomware attack has spoken of his fears for his safety after a number of media outlets revealed his identity.
The 22-year-old, who tweets as @malwaretechblog, told the MailOnline: “In future someone might want to retaliate - they could find my identity within seconds.
“If they know where I live, they could really do anything.”
He referred to the case of another security blogger who was subject to intimidation, including death threats, after his identity was leaked online.
“I’ve seen posts about the terrible things people have done to him and for me in future it could be the same things,” he said.
Writing on his Twitter account, he said journalists had already tracked down a friend, whose photograph was published in the press and turned up at her house, saying: “Please if you want an interview that badly, DM me.”
The online community pleaded for his identity not to be outed online - a research process known as “doxing” - to protect him.
He earlier told the Guardian: “It just doesn’t make sense to give out my personal information, obviously we’re working against bad guys and they’re not going to be happy about this.”
8.15am BST
08:15
Meanwhile in Japan, AP reports the ransomware attack hit computers at 600 locations but appeared to cause no major problems as Japanese started their workday Monday even as the attack caused chaos elsewhere.
Nissan Motor Co. confirmed some units had been targeted, but there was no major impact on its business.
Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The company believes the problems are related to the ransomware attack, although no ransom appears to have been demanded so far. They were installing software to fix the problems.
The Japan Computer Emergency Response Team Coordination Center, a nonprofit providing support for computer attacks, said 2,000 computers at 600 locations in Japan were reported affected so far, citing an affiliate foreign security organization that it cannot identify.
At least one hospital was affected, according to police.
The city of Osaka said its home page suddenly went blank, although email and other problems had not been detected.
“We cannot confirm why this happened, and we are in the middle of investigating,” said Hajime Nishikawa of the city hall’s IT division.
8.12am BST
08:12
Global nature of attack comes into focus
As the UK wakes up on Monday braced for fresh impact as NHS returns to work, Chinese state media say more than 29,000 institutions across China have been infected by the global “ransomware” cyberattack, AP reports.
Xinhua News Agency reports that by Saturday evening, 29,372 institutions had been infected along with hundreds of thousands of devices. It cited the Threat Intelligence Center of Qihoo 360, a Chinese internet security services company.
It says universities and educational institutions were among the hardest hit, numbering 4,341, or about 15 percent of internet protocol addresses attacked. Also affected were railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services.
Xinhua says the system used by PetroChina’s gas stations was attacked, meaning customers could not use their cards to pay. Most stations had recovered.
Updated
at 8.42am BST
8.10am BST
08:10
Welcome to live coverage of the fallout from last Friday’s ransomware attack.
Ben Wallace, UK security minister has been on BBC Radio 4’s Today programme defending its record on investment in cyber-security.
He said he did not know if the ransomware attack would escalate or stabilise.
Asked if the Government was to blame for cutting budgets, Wallace said reasons for failures to protect against the attack dated back to decisions made by the Labour government in 2007 in relation to agreements with Microsoft.
Wallace said the Government had committed £1bn to countering cyber threats across all Government.
“The blame lays with these individuals who have decided to blackmail and destroy our public services,” he said.
“We have always said as a Government that if you follow the very basic steps, continue to back yourself up as an organisation, you will always be in a position where a ransomware attack is minimised if not entirely deferred.”