LONDON — An extensive cyberattack struck computers across a wide swath of Europe and Asia on Friday, and strained the public health system in Britain, where doctors were blocked from patient files and emergency rooms were forced to divert patients.
The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency.
The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen N.S.A. hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems.
The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate it's targets.
Read more from The New York Times
As a reminder, best practices to avoid ransomware include:
1) Do not open or preview attachments to any suspicious email
2) Ensure file level backups are in place, running, and properly configured
3) Ensure there is an actively updated protection system in place such as OpenDNS that prevents the ransomware virus from “calling home” to retrieve its encryption key.