Stay Updated on Developing Stories

UK prime minister: Ransomware attack has gone global

Story highlights
  • Cyberattack originally affecting computers at hospitals in England and Scotland has spread
  • Spanish government says the attack has extensively affected Telefónica

London(CNN) British Prime Minister Theresa May says a cyberattack initially believed to be targeting only hospitals in the UK has now gone beyond, involving potentially dozens of countries.

"We are aware that a number of NHS (National Health Service) organizations have reported they have suffered from a ransomware attack," May said, while speaking on the campaign trail in the UK. "This is not targeted at the NHS. It is an international attack. A number of countries and organizations have been affected."

A report from a security firm indicates more than 45,000 malicious computer attacks in 74 countries in the past 10 hours. CNN has not independently confirmed that number.

The problem appeared to begin Friday morning when hospitals in the UK were crippled by a large-scale cyberattack, which forced operations to be canceled and ambulances to be diverted.

Health workers reported being locked out of their systems and seeing messages demanding ransom payments to regain access. NHS England described the incident as a "ransomware" attack.

At least 16 organizations connected to the National Health Service in England and an unknown number in Scotland reported being affected. "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor," officials at NHS Digital said in a statement.

"At this stage, we do not have any evidence that patient data has been accessed. We will continue to work with affected (organizations) to confirm this."

Scottish Health Secretary Shona Robison said officials were convening an emergency meeting to deal with the problem.

Hospitals affected range from London North West Healthcare Trust in the capital to University Hospitals North Midlands in central England and York Hospitals in the north.

Other countries affected

Spain's government said the ransomware attack has impacted Telefonica and other Spanish companies. An Interior Ministry statement says 85% of Telefonica computers have been affected. Telefónica is one of the largest private telecommunications companies in the world.

Spain's Ministry of Energy, Tourism and Digital Agenda confirms the intrusion, describing it as "punctual attacks."

Russian Interior Ministry spokeswoman Irina Volk confirmed that there was a ransomware attack on its computers. She said less than 1% of its computers were affected, and that the virus is now "localized."

What is ransomware?

Security experts are still trying to get their arms around the problem.

According to Alan Woodward, a visiting professor of computing at the University of Surrey, this particular malware emerged in February, and it has one purpose: "to extort money in return for releasing the data it has encrypted."

And that's not even the worst of it. Woodward warned there are two problems. "First, there is no guarantee the criminals will release your data," he said, "and second, even if you do have your data released, there is no guarantee the criminals won't repeat the exercise."

Woodward said the malware "acts as a 'worm.' "

"Once inside a network it seeks out and affects any susceptible computer it can find on the network," he said. "The only sensible way to tackle it is to 'pull the plug' so that it can't spread any more until you can isolate the affected machines and work out a remediation plan."

He said most likely it occurred this time because some of the hospitals and other organizations affected may not have applied a patch that Microsoft released or they are using outdated operating systems no longer supported by the software giant.

He added, "It is a horrible lesson about why using supported software, and keeping that software updated, is so important."

Awais Rashid, a professor of software engineering at Lancaster University, said "the key question" to consider is how an attack such as Friday's could originate "from a noncritical system such as email" and then spread to other systems.

"Our society increasingly relies on interconnected systems to deliver key services such as health," he said.

Hospital disruptions and ambulances diverted

NHS Digital said it was working with the government's National Cyber Security Centre, the Department of Health and NHS England to help the organizations affected "manage the incident swiftly and decisively." It said the attack did not specifically target the NHS.

Barts Health NHS Trust in London was "experiencing a major IT disruption and there are delays at all of our hospitals," its website said.

It had to cancel routine appointments and ambulances were being diverted to neighboring hospitals, Barts said.

The problem also affected the switchboard at Newham University Hospital, Barts said.

The East and North Hertfordshire NHS Trust also was "experiencing significant problems with our telephone network," it said in an online statement.

A British medical student found widespread computer issues when visiting two London hospitals.

At St. Bartholomew's Hospital in central London, Sean, who did not want to give his last name, said he noticed problems with the network as soon as he arrived. When he tried to access patient files on a computer, he couldn't find them -- even though he knew they were there. He told CNN it appeared as if they had been deleted.

The most worrying development concerned problems with the hospital's referral system, Sean said. The program recommends certain patients for treatment with specialists and has a two-week availability window before the treatment is canceled. The cyberattack, he said, could cause a major backlog in referrals.

At Royal London Hospital, doctors who wanted to access patient scans to use as part of lessons for medical students could not do so, he said.

CNN's Katie Polglase, Julia Jones, Meera Senthilingam and Jeanne Bonner contributed to this report.