A high-level Ransomware attack has forced multiple companies across Europe to shut down their systems on Friday morning, according to local authorities, corporate spokespeople, and security specialists. Unknown attackers used the malware "WanaCryptOr 2.0," a variant of the well-known virus "WannaCry," and targeted several versions of Microsoft's Windows operating system. Spanish telecom provider Telefónica and Portuguese counterpart Portugal Telecom (PT) have been among those hit by the attack. The list of companies reportedly suffering from a "blue screen" in their IT systems, or facing some level of threat, includes Vodafone, banks BBVA and Santander, and utility providers EDP, Iberdrola, and Gas Natural.
However, the most serious consequence of this large-scale cyber attack, which encrypts data and locks out users until they pay a ransom, is being felt in England, as NHS emergency services and hospitals have been affected.
Ransomware hits England's healthcare system
Multiple hospitals across England have reportedly been affected, with their staff being locked out of computer systems while perpetrators demand money. NHS Digital, which provides IT and data services to the National Healthcare Service, has confirmed the reports and said it is working to solve the problem. According to The Guardian, several doctors have been asked for money and hospitals are diverting emergency patients.
However, NHS Digital does not believe the attack was specifically targeted at the healthcare sector, but at organizations across other sectors.
Attackers are demanding ransom payments be made using digital currency bitcoin. One NHS IT worker told The Guardian users are being asked for $300 to regain access to their computers.
We are aware of a major IT secure system attack. All IT systems have been temporarily shut down. More information will be available shortly
— DCHS NHS FT (@DCHStrust) May 12, 2017
Cyberattack underway in Portugal and Spain
Portuguese authorities are investigating the ransomware attack that forced telecom providers PT and Vodafone to shut down their internal computer systems.
A spokesperson for PT said customers are not being affected and no services are actually down, even though two of the company's central sites have been affected, Lisbon and Coimbra.
Earlier, it was reported that consultancy firm KPMG had also been hit, but a local source tells us that nothing unusual is happening at the Portuguese office.
However, the staff was asked to be vigilant.
In Spain, the Centro Criptológico Nacional (National Cryptology Center) said the threat level is "very high." The malware used to perpetrate this attack targeted computers and servers running one of these versions: Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2012 and R2, Windows 10, and Windows Server 2016.