May 12, 2017

Hacking group used leaked NSA tool for global cyberattack

Patrick Semansky / AP

A massive cyberattack that hit over 74 countries across Europe and Asia and led to major breakdowns in England's NHS hospitals Friday involved a type of malware that is used by the National Security Agency, called ransomware, according to The New York Times.

The ransomware was leaked by a hacker crew called Shadow Brokers, which has been leaking NSA hacking tools for the past year. Microsoft has since developed a better protection system to strengthen the NSA tool, but the hackers discovered that certain places, like NHS hospitals, hadn't updated their software yet.

The targets, which were all hit with the same type of ransomware, were reported in over 12 countries — including the U.K., Spain, Portugal, Russia, Turkey, Vietnam, the Philippines, and Japan. Hospitals and telecommunications companies were among the most common institutions affected.

Broader implications: Phil Reitinger, President and CEO of the Global Cyber Alliance, told Axios that cyber weapons, like ransomware, "proliferate at internet speed":

"A use, any use, of a cyber weapon, bears the risk of telling the bad guys, even the less sophisticated ones, how to use that attack. It's like a nation used a smart bomb once, and thereafter, terrorists around the world could build and deploy that same bomb. Once a technology is deployed, it's almost impossible to put it back in the bottle."
Go deeper