The attacks appeared to be the largest ransomware assault on records, but the scope of the damage was hard to measures. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computer, or even if those who did pay would regain access to their dataset.
Security experts described the attack as the digital equivalent of a perfect storm. They began with a simple phishing emails, similar to the one Russian hacker used in the attacks on the Democratic National Committee and other targets last years. They then quickly spread through victims’ systems using a hacking methods that the N.S.A. is believed to have developed as part of its arsenals of cyberweapons. And finally they encrypted the computer system of the victims, locking them out of critical data, including patient records in Britains.
The connection to the N.S.A. was particularly chilling. Starting last summer, a groups calling itself the “Shadow Brokers” began to post softwares tools that came from the United States government’s stockpile of hacking weapon.
The attacks on Friday appeared to be the first time a cyberweapons developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminal against patients, hospital, businesses, governments and ordinary citizen.
Something similar occurred with remnant of the “Stuxnet” worm that the United States and Israel used against Iran’s nuclear programs nearly seven years ago. Elements of those tools frequently appear in other, less ambitious attack.
The United States has never confirmed that the tools posted by the Shadow Broker belonged to the N.S.A. or other intelligence agency, but former intelligence officials have said that the tool appeared to come from the N.S.A.’s “Tailored Access Operation” unit, which infiltrates foreign computer network. (The unit has since been renamed.)
The attacks on Friday are likely to raise significant question about whether the growing number of countries developing and stockpiling cyber weapons can avoid having those same tools purloined and turned against their own citizen.
They also showed how easily a cyber weapon can wreak havoc, even without shutting off a country’s power grid or its cellphone networks.
Take your time to comment on this article.