Release Date: May 12, 2017
For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
WASHINGTON – The Department of Homeland Security is aware of reports of ransomware known as WannaCry affecting multiple global entities. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Microsoft released a patch in March that addresses this specific vulnerability, and installing this patch will help secure your systems from the threat. Individual users are often the first line of defense against this and other threats, and we encourage all Americans to update your operating systems and implement vigorous cybersecurity practices at home, work, and school. These practices include:
Update your systems to include the latest patches and software updates.
Do not click on or download unfamiliar links or files in emails.
Back up your data to prevent possible loss, whether you are at a home, work, or school computer.
We are actively sharing information related to this event and stand ready to lend technical support and assistance as needed to our partners, both in the United States and internationally. DHS has a cadre of cybersecurity professionals that can provide expertise and support to critical infrastructure entities.
DHS also leads the federal government’s efforts to protect civilian executive branch agency systems and networks. In partnership with each agency’s Chief Information Officer we are ensuring our own networks are protected against the threat.
For more information, DHS has previously released information on best practices to address ransomware. That information is available on our website at https://www.us-cert.gov/security-publications/Ransomware.
Cyber Attack Spreads Across 12 Countries; Some UK Hospitals Crippled
Cyber attacks that hit 12 countries across Europe and Asia Friday, impacting the public health system in Britain, apparently involved a leaked hacking tool from the National Security Agency.
The attack used ransomware, which is malware that encrypts data and locks a user from their data until they pay a ransom. The tool, which was leaked by a group known as Shadow Brokers, had been stolen from the N.S.A. as part of a wide swath of tools illegally released in 2016.
Microsoft said that they had rolled out a patch to fix the issue, but certain targets, including the hospitals in Britain, had not yet updated their systems.
The malware was sent via email with a file attached to it. From there, it subsequently spread.
Tom Donnelly, a spokesman for N.H.S. Digital, said the attack was still “ongoing” and that that the organization was “made aware of it this afternoon,” according to an interview in The New York Times.
The impact of the attacks caused phone lines to go down, appointments to be canceled and patients to be turned away, but there has been no reported evidence of patient data being breached.
There were a number of pictures posted to social media highlighting the ransomware, which asked for $300 in Bitcoin.
NHS Digital, which oversees cybersecurity in Britain, said the attack did not specifically target the NHS and “is affecting organizations from across a range of sectors.” In total, 16 NHS organizations said they were affected.
British Prime Minister Theresa May addressed the hacks, saying it’s not just targeted at the NHS.
“This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected,” May said in a statement. “The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety.”
May added that though she was not aware of any leaked data, vigilance must be taken.
“Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected,” May said.