Leaked alleged NSA hacking tools appear to be behind a massive ransomware campaign disrupting hospitals and companies across Europe.
In Spain, the country’s Computer Emergency Readiness Team said that the ransomware is a modified version of the WannaCryptor toolkit. The malware was included in an online April dump from a group calling itself the Shadow Brokers, which released what they said were NSA tools. Experts have said the leaked tools appear legitimate.
Spain’s CERT said the ransomware that is spreading “infects the machine by encrypting all its files" and allows the attackers to remotely control the network. The malware is also then "distributed to other Windows machines in that same network,” Spain’s CERT said.
The Spanish organization pointed to a Microsoft security update from March offering a fix for the flaw.
Security researchers generally assume that the NSA secretly notified Microsoft about this and other code flaws once it discovered that they had been stolen.
Britain’s National Health Service confirmed that the ransomware was a WannaCry variant called WannaCryptor.
The cyberattack has forced at least two London hospitals to stop admitting new patients with serious medical conditions, according to a British health reporter.