The Latest: FedEx confirms it hit by malware attack
Posted May 12
NEW YORK — The Latest on reported a global cyberattack (all times local):
FedEx Corp. is confirming that it is suffering a malware attack.
A statement from the delivery company Friday said its Windows-based systems were "experiencing interference" due to malware and that it was trying to fix the issue as quickly as possible.
It gave no further details.
Computer systems at companies and hospitals in dozens of countries were hit Friday, apparently part of a huge extortion plot. The so-called ransomware attack appears to exploit a weakness that was purportedly identified by the U.S. National Security Agency and leaked to the internet. It encrypts data on infected computers and demands payment before the information is unencrypted.
France's government cybersecurity agency is urging French Internet users to take measures to protect themselves from a new ransomware detected in several other countries.
An official with the ANSSI cybersecurity agency told The Associated Press that it has not detected any French targets of the new ransomware so far. The official was not authorized to be publicly named.
ANSSI issued a warning message Friday night suggesting upgrades to security systems and measures to protect servers. It says any device using Windows is vulnerable to the ransomware.
ANSSI has been investigating a hacking attack and document leaks targeting French President-elect Emmanuel Macron's election campaign.
A cyberattack that is forcing computer owners to pay hundreds of dollars in ransom to unlock their files has hit almost every corner of the world.
F-Secure on Friday says it's gotten reports from more than 60 countries. Mikko Hypponen, its chief research officer, calls it "the biggest ransomware outbreak in history."
Security experts from Kaspersky Lab and Avast Software say Russia was the hardest hit, followed by Ukraine and Taiwan.
Researchers believe a criminal organization is behind this, given its sophistication.
Kurt Baumgartner, principal security researcher at Kaspersky, says the malware has translations in dozens of languages, such that instructions for paying the ransom are displayed in the language set for that computer.
He and others say the malware takes advantage of an exploit purportedly identified by the National Security Agency.
Russia's Interior Ministry says it has come under cyberattack.
Agency spokeswoman Irina Volk says in a statement carried by Russian news agencies that Friday's cyberattacks hit about 1,000 computers. She said the ministry's servers haven't been affected.
Volk added that ministry experts are now working to recover the system and do necessary security updates.
Russian media also said that the Investigative Committee, the nation's top criminal investigation agency, also has been targeted. The committee denied the reports.
Megafon, a top Russian mobile operator, also said it has come under cyberattacks that appeared similar to those that crippled U.K. hospitals on Friday.
Security experts say a cyberattack that holds computer data for ransom grew out of vulnerabilities purportedly identified by the National Security Agency.
Microsoft has released fixes for vulnerabilities and related tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code. But many companies and individuals haven't installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn't fix.
Hospitals in the U.K. and telecommunications companies in Spain are among those hit by a "ransomware" attack that locked up computer data and demanded payment to free it. The attacks use a malware called Wanna Decryptor, also known as WannaCry.
Chris Wysopal of the software security firm Veracode says criminal organizations are likely behind this, given how quickly the malware has spread. He says "for so many organizations in the same day to be hit, this is unprecedented."
A spokesman for the European Union's police agency, Europol, says Britain and Spain have asked for its support as they investigate the ransomware cyberattacks in those countries.
The spokesman, Jan Op Gen Oorth, declined to give further details Friday so as not to jeopardize the ongoing investigations.
In a tweet, Europol Director Rob Wainwright said the cyberattack on British health care institutions "follows trend from US of ransomware attacks on health care trusts."
Romania's intelligence service says it has intercepted an attempted cyberattack on a government institution which it said likely came from cybercriminal group APT28 also known as Fancy Bear.
Cyberint, subordinated to the Romanian Intelligence Service, said Friday it thwarted a cyberattack to a government institution, without saying when it occurred, following notification from NATO and the Romanian foreign intelligence agency.
The foreign ministry did not confirm whether it was the institution in question.
The statement said "due to the efficient cooperation between the institutions, the attack was prevented as were damages, as the targets were identified as well as the methodology of the attack."
The statement said there were thousands of cyberattacks daily "and Romania is no exception."
A top Russian mobile operator says it has come under cyberattacks that appeared similar to those that have crippled some U.K. hospitals.
Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russia. He said that mobile communications haven't been affected. Lidov said that the attack involved demands of payment of $300 worth to free up the system.
He added that the company managed to restore the work of its call center but closed most of its offices for the day.
Some Russian media also have reported cyberattacks on the Interior Ministry and the Investigative Committee. The committee, the nation's top investigative agency, has rejected the claim.
British Prime Minister Theresa May says a cyberattack that has crippled some U.K. hospitals is part of a wider international attack.
May says there is no evidence that patient data has been compromised.
Hospitals across the country have been hit by a "ransomware" attack that froze computers, shutting wards, closing emergency rooms and bringing treatment to a halt. The infected computer screens demand payment for the data to be released.
Similar widespread attacks have been reported in Spain and other countries.
Spain has activated a special protocol to protect critical infrastructure in response to the "massive infection" of personal and corporate computers targeted in ransomware cyberattacks.
The National Center for the Protection of Critical Infrastructure says Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack even if basic services had not suffered any disruption.
The Ministry of Energy, Tourism and Digital Agenda says the attack Friday affected the Windows operating system of employees' computers in several companies. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.
Spain's Telefonica was among the companies hit.
The Spanish government says several companies have been targeted in ransomware cyberattacks.
The Industry Ministry says the attack affected the Windows operating system of employees' computers, blocking files and demanding a ransom to free up the system.
It said the attacks had not affected the companies' services or data protection of their clients.
Microsoft issued a security update on March 14 about vulnerabilities in the Windows system.
There were no details on which companies were targeted or the origin of the attack.
Britain's National Health Service says hospitals across the country have been hit by a "ransomware" cyberattack but there is no evidence that patient data has been accessed.
NHS Digital, which oversees hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which holds affected computers hostage while the attackers demand a ransom.
NHS Digital says the attack "was not specifically targeted at the NHS and is affecting organizations from across a range of sectors."
The attack is causing canceled procedures and appointments at hospitals across England. NHS Digital says 16 NHS organizations report being hit.
Hospitals across England have canceled appointments and turned away patients after suffering an apparent cyberattack.
Hospitals in London, northwest England and other parts of the country reported problems with their computer systems Friday. They asked patients not to come to the hospitals unless it was an emergency.
Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: "Ooops, your files have been encrypted!"
NHS Merseyside, which operates several hospitals in northwest England, tweeted that "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."
Bart's Health, which runs several London hospitals, said it had activated its major incident plan, cancelling routine appointments and diverting ambulances to neighboring hospitals.