This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG in Great Britain displaying a ransomware warning. (@fendifille via AP)

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG in Great Britain displaying a ransomware warning. (@fendifille via AP)

‘Ransomware’ attack cripples Windows computers worldwide

Associated Press 

NEW YORK — Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users’ files for ransom at a multitude of hospitals, companies and government agencies.

It was believed to the biggest attack of its kind ever recorded.

The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was supposedly identified by the National Security Agency for its own intelligence-gathering purposes and was later leaked to the internet.

Britain’s national health service fell victim, its hospitals forced to close wards and emergency rooms and turn away patients. Russia appeared to be the hardest hit, according to security experts, with the country’s Interior Ministry confirming it was struck.

All told, several cybersecurity firms said they had identified the malicious software in upward of 60 countries, including the United States, though its effects in the U.S. did not appear to be widespread, at least in the initial hours.

Computers were infected with what is known as “ransomware” — software that freezes up a machine and flashes a message demanding payment to release the user’s data.

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called it “the biggest ransomware outbreak in history.”

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.

Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab.

Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

“For so many organizations in the same day to be hit, this is unprecedented,” Wysopal said.

The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

Shortly after that disclosure, Microsoft announced that it had already issued software “patches” for those holes. But many companies and individuals haven’t installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn’t fix.

By Kaspersky Lab’s count, the malware struck at least 74 countries. In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.

Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospital unless it was an emergency. Doctors’ practices and pharmacies reported similar problems.

Patrick Ward, a 47-year-old sales director, said his heart operation, scheduled for Friday, was canceled at St. Bartholomew’s Hospital in London.

Tom Griffiths, who was at the hospital for chemotherapy, said several cancer patients had to be sent home because their records or bloodwork couldn’t be accessed.

“Both staff and patients were frankly pretty appalled that somebody, whoever they are, for commercial gain or otherwise, would attack a health care organization,” he said. “It’s stressful enough for someone going through recovery or treatment for cancer.”

British Prime Minister Theresa May said there was no evidence patient data had been compromised and added that the attack had not specifically targeted the National Health Service.

“It’s an international attack and a number of countries and organizations have been affected,” she said.

Spain, meanwhile, took steps to protect critical infrastructure in response to the attack. Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.

Spain’s Telefonica, a global broadband and telecommunications company, was among the companies hit.

Ransomware attacks are on the rise around the world. In 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, warned that British hospitals’ old operating systems and confidential patient information made them an ideal target for blackmailers.

He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed, “IT budgets are often one of the first ones to be reduced.”

“Looking at the trends, it was going to happen,” he said. “I did not expect an attack on this scale. That was a shock.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Irene Pfister, left, holds a sign reading “Justice for Jonathan” next to another protester with a sign that says “Major Crimes Needs to Investigate,” during a call to action Saturday, April 12, 2025, in Arlington. (Aspen Anderson / The Herald)
Arlington community rallies, a family waits for news on missing man

Family and neighbors say more can be done in the search for Jonathan Hoang. The sheriff’s office says all leads are being pursued.

Jury awards $3.25M in dog bite verdict against Mountlake Terrace

Mountlake Terrace dog was euthanized after 2022 incident involving fellow officer.

Northshore School District Administrative building. (Northshore School District)
Lawsuit against Northshore School District reaches $500,000 settlement

A family alleged a teacher repeatedly restrained and isolated their child and barred them from observing the classroom.

Everett City Council on Wednesday, March 19 in Everett, Washington. (Will Geschke / The Herald)
Everett council to vote on budget amendment

The amendment sets aside dollars for new employees in some areas, makes spending cuts in others and allocates money for work on the city’s stadium project.

Bryson Fico, left, unloaded box of books from his car with the help of Custody Officer Jason Morton as a donation to the Marysville Jail on Saturday, April 5, 2025 in Marysville, Washington. (Olivia Vanni / The Herald)
Books behind bars: A personal mission for change

Bryson Fico’s project provides inmates with tools for escape, learning and second chances.

Everett
Everett man, linked to Dec. 31 pipe bomb, appears in federal court

Police say Steven Goldstine, 54, targeted neighbors with racial slurs and detonated a pipe bomb in their car.

Congress member Suzan DelBene speaks at a roundtable on Thursday, April 17 in Monroe, Washington. (Will Geschke / The Herald)
DelBene talks possible Medicaid cuts at Monroe roundtable

Health experts worry potential cuts to the program could harm people’s health, strain hospital resources and drive up the cost of care.

Local law enforcement officers stage in the drive of the Farwest Motel on the 6000 block of Evergreen Way in Everett. Friday, April 18, 2025 (Aaron Kennedy / The Herald)
Two reportedly barricaded in Everett motel; SWAT responds to shooting

The situation is ongoing. Police asked people to avoid the 6000 block of Evergreen Way in Everett.

Over a dozen parents and some Snohomish School District students gather outside of the district office to protest and discuss safety concerns after an incident with a student at Machias Elementary School on Friday, April 18, 2025 in Snohomish, Washington. (Olivia Vanni / The Herald)
Parents protest handling of alleged weapon incident at Machias Elementary

Families say district failed to communicate clearly; some have kept kids home for weeks.

Edmonds Mayor Mike Rosen speaks during a special meeting held to discuss annexing into South County Fire on Tuesday, Dec. 3, 2024 in Edmonds, Washington. (Olivia Vanni / The Herald)
PDC issues warning, dismisses complaint against Edmonds officials

The agency found that emails and texts from the city broke state law, but the minor violation didn’t warrant further action.

Everett City Council on Wednesday, March 19 in Everett, Washington. (Will Geschke / The Herald)
Everett council approves budget amendment for staffing, stadium funding

The amendment budgets for some new employees and costs for the city’s multipurpose stadium project.

A SoundTransit Link train pulls into the Mountlake Terrace station as U.S. Representative Rick Larsen talks about the T&I Committee’s work on the surface reauthorization bill on Wednesday, April 16, 2025 in Mountlake Terrace, Washington. (Olivia Vanni / The Herald)
Larsen talks federal funding for Snohomish County transit projects

U.S. Rep. Rick Larsen (D-Everett) spoke with Snohomish County leaders to hear their priorities for an upcoming transit bill.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.