The Latest: Russian Interior Ministry is hit by cyberattack
By Associated Press
May 12, 2017 3:10 PM CDT
An exterior view shows the main entrance of St Bartholomew's Hospital, in London, one of the hospitals whose computer systems were affected by a cyberattack, Friday, May 12, 2017. A large cyberattack crippled computer systems at hospitals across England on Friday, with appointments canceled, phone lines...   (Associated Press)

LONDON (AP) — The Latest on reported cyberattack on Britain's hospitals (all times local):

9:10 p.m.

Russia's Interior Ministry says it has come under cyberattack.

Agency spokeswoman Irina Volk says in a statement carried by Russian news agencies that Friday's cyberattacks hit about 1,000 computers. She said the ministry's servers haven't been affected.

Volk added that ministry experts are now working to recover the system and do necessary security updates.

Russian media also said that the Investigative Committee, the nation's top criminal investigation agency, also has been targeted. The committee denied the reports.

Megafon, a top Russian mobile operator, also said it has come under cyberattacks that appeared similar to those that crippled U.K. hospitals on Friday.

___

8:45 p.m.

Security experts say a cyberattack that holds computer data for ransom grew out of vulnerabilities purportedly identified by the National Security Agency.

Microsoft has released fixes for vulnerabilities and related tools disclosed by TheShadowBrokers, a mysterious group that has repeatedly published alleged NSA software code. But many companies and individuals haven't installed the fixes yet, or are using older versions of Windows that Microsoft no longer supports and didn't fix.

Hospitals in the U.K. and telecommunications companies in Spain are among those hit by a "ransomware" attack that locked up computer data and demanded payment to free it. The attacks use a malware called Wanna Decryptor, also known as WannaCry.

Chris Wysopal of the software security firm Veracode says criminal organizations are likely behind this, given how quickly the malware has spread. He says "for so many organizations in the same day to be hit, this is unprecedented."

___

8:25 p.m.

A spokesman for the European Union's police agency, Europol, says Britain and Spain have asked for its support as they investigate the ransomware cyberattacks in those countries.

The spokesman, Jan Op Gen Oorth, declined to give further details Friday so as not to jeopardize the ongoing investigations.

In a tweet, Europol Director Rob Wainwright said the cyberattack on British health care institutions "follows trend from US of ransomware attacks on health care trusts."

___

8:20 p.m.

Romania's intelligence service says it has intercepted an attempted cyberattack on a government institution which it said likely came from cybercriminal group APT28 also known as Fancy Bear.

Cyberint, subordinated to the Romanian Intelligence Service, said Friday it thwarted a cyberattack to a government institution, without saying when it occurred, following notification from NATO and the Romanian foreign intelligence agency.

The foreign ministry did not confirm whether it was the institution in question.

The statement said "due to the efficient cooperation between the institutions, the attack was prevented as were damages, as the targets were identified as well as the methodology of the attack."

The statement said there were thousands of cyberattacks daily "and Romania is no exception."

___

8:15 p.m.

A top Russian mobile operator says it has come under cyberattacks that appeared similar to those that have crippled some U.K. hospitals.

Pyotr Lidov, a spokesman for Megafon, said Friday's attacks froze computers in company's offices across Russia. He said that mobile communications haven't been affected. Lidov said that the attack involved demands of payment of $300 worth to free up the system.

He added that the company managed to restore the work of its call center but closed most of its offices for the day.

Some Russian media also have reported cyberattacks on the Interior Ministry and the Investigative Committee. The committee, the nation's top investigative agency, has rejected the claim.

___

7:15 p.m.

British Prime Minister Theresa May says a cyberattack that has crippled some U.K. hospitals is part of a wider international attack.

May says there is no evidence that patient data has been compromised.

Hospitals across the country have been hit by a "ransomware" attack that froze computers, shutting wards, closing emergency rooms and bringing treatment to a halt. The infected computer screens demand payment for the data to be released.

Similar widespread attacks have been reported in Spain and other countries.

___

5:30 p.m.

Spain has activated a special protocol to protect critical infrastructure in response to the "massive infection" of personal and corporate computers targeted in ransomware cyberattacks.

The National Center for the Protection of Critical Infrastructure says Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack even if basic services had not suffered any disruption.

The Ministry of Energy, Tourism and Digital Agenda says the attack Friday affected the Windows operating system of employees' computers in several companies. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.

Spain's Telefonica was among the companies hit.

___

4:55 p.m.

The Spanish government says several companies have been targeted in ransomware cyberattacks.

The Industry Ministry says the attack affected the Windows operating system of employees' computers, blocking files and demanding a ransom to free up the system.

It said the attacks had not affected the companies' services or data protection of their clients.

Microsoft issued a security update on March 14 about vulnerabilities in the Windows system.

There were no details on which companies were targeted or the origin of the attack.

___

4:20 p.m.

Britain's National Health Service says hospitals across the country have been hit by a "ransomware" cyberattack but there is no evidence that patient data has been accessed.

NHS Digital, which oversees hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which holds affected computers hostage while the attackers demand a ransom.

NHS Digital says the attack "was not specifically targeted at the NHS and is affecting organizations from across a range of sectors."

The attack is causing canceled procedures and appointments at hospitals across England. NHS Digital says 16 NHS organizations report being hit.

___

3:45 p.m.

Hospitals across England have canceled appointments and turned away patients after suffering an apparent cyberattack.

Hospitals in London, northwest England and other parts of the country reported problems with their computer systems Friday. They asked patients not to come to the hospitals unless it was an emergency.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: "Ooops, your files have been encrypted!"

NHS Merseyside, which operates several hospitals in northwest England, tweeted that "following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services."

Bart's Health, which runs several London hospitals, said it had activated its major incident plan, cancelling routine appointments and diverting ambulances to neighboring hospitals.

See 6 more photos