The British government said on Saturday it does not yet know who was behind a massive global cyberattack that disrupted Britain’s health care services and targeted vital computer systems in as many as 100 other countries.
British Interior Minister Amber Rudd said Britain’s National Cyber Security Center was working with the country’s health service to ensure the attack that began Friday was contained and limited.
She said Britain’s National Crime Agency was still working with her ministry to find out where the attacks came from and that the British government did not know if the attacks had been directed by a foreign government.
What appeared to be the biggest cyberextortion attack in history exploited a vulnerability in Microsoft Windows that was identified in leaked documents by the U.S. National Security Agency earlier this year.
With more than 75,000 attacks launched on Friday, cybercrime experts around the world were investigating a concentration of attacks in Russia, Ukraine, and India — countries where the use of older, unpatched versions of Microsoft Windows is widespread.
The hackers attempt to trick victims into opening malicious attachments to spam e-mails by saying they contained invoices, job offers, security warnings, and other seemingly legitimate files.
The extortionists demand payments of $300 to $600 to restore access once computers are crippled by the scam. Cybersecurity firms said criminal organizations were probably behind the attack.
Russia’s Interior Ministry, Emergencies Ministry, and biggest bank, Sberbank, were all targeted, officials said.
The Interior Ministry said on its website that around 1,000 computers had been infected, but it had localized the virus. Russia’s Investigative Committee denied reports that it was attacked.
Russia’s Health Ministry and Emergencies Ministry told Russian news agencies that they had repelled the cyberattacks, while Sberbank said its cybersecurity arrangements had prevented viruses from entering its systems.
Russia’s Central Bank said Saturday that it detected massive cyberattacks on domestic banks, but the resources of the Central Bank itself were “not compromised.”
Megafon, a top Russian mobile operator, said it had come under attacks that appeared similar to those that crippled U.K. hospitals. A spokesman said mobile communications weren’t affected but the attacks interrupted the work of its call centers.
Spain and the United Kingdom were hit particularly hard. Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled routine procedures and asked patients not to come to the hospital unless it was an emergency.
British Prime Minister Theresa May said that, while some hospitals were crippled, there was no evidence patient data had been compromised.
Spain’s giant Telefonica telecommunications company was hit, prompting Spanish authorities to take measures to protect critical infrastructure in transportation, energy, telecommunications, and financial services.
Only a small number of U.S. organizations were hit because the hackers appear to have begun their campaign in Europe, cybersecurity firms said.
By the time the hackers turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious.
The security holes exploited by the hackers were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the White House security agency as part of U.S. intelligence-gathering.
Microsoft said it was pushing out automatic Windows updates to defend clients from the virus.
Some material for this article came from AP, BBC, AFP, Reuters, Tass and Interfax.