Employees and patients across multiple facilities were displaced on Friday thanks to a large-scale cyberattack on network computers across Eurasia in 150 countries, including Great Britain, Portugal, Spain, Russia, Turkey, Vietnam, the Philippines, and Japan.
Doctors and hospital staff for facilities under the UK’s National Health Service were locked out of patient files and forced to relocate emergency patients, the Guardian reported. The attack made use of ransomware called WanaCrypt0r 2.0, or WannaCry.
Ransomware is a type of malware that restricts file and system access by encrypting data. The hackers then demand payment in exchange for decrypting the data and restoring access. Patient records, emails, schedules, and phone lines were all ensnared in the attack.
British health officials said its systems were not the target of the attack. The vulnerability exploited during the attack was discovered by the NSA, and was included among the many cyber tools previously stolen from the American intelligence community earlier this year, the New York Times reported. The ransomware was distributed via email and primarily affected computers that hadn’t installed the latest security patch for Microsoft Windows.
Multiple organizations, such as FedEx, telecom companies, such as Telefónica, and car manufacturers were affected, causing disruptions worldwide. The cyberattack was inadvertently stopped from spreading when a cybersecurity researcher activated the kill switch function embedded in the malware’s code.
The hackers demanded each user pay $300 in bitcoin to a specific bitcoin account in the next three days, potentially totaling thousands of dollars worth of bitcoin. The ransom doubles if payments aren’t made in that time, according to the hacker’s message obtained by the Guardian, and files will be kept restricted “forever” if payment isn’t received in seven days.
The hackers reportedly received $26,000 in bitcoin ransom payments, according to an analysis from KrebsOnSecurity.
Ransomware attacks aren’t a new occurrence, and they often work. U.S. hospital systems were recently victimized by similar attacks. A Los Angeles hospital system—Hollywood Presbyterian Medical Center—paid a $17,000 bitcoin ransom in February 2016 after patient files and data were held hostage for two weeks. The system’s CEO Allen Stefanek said paying was “in the best interest of restoring normal operations.”
Medstar, a Washington, D.C. area hospital system, was attacked the following month and had to turn away patients. Hackers gave the hospital system, which treats 30,000 people across 10 hospitals and 250 outpatient centers, 10 days to pay $19,000 in bitcoin, the Washington Post reported.
The FBI investigated both attacks, and previously reported an uptick in ransomware hacks in recent years.
The original version of this post has been updated to incorporate additional details learned as the story developed.