NHS Forth Valley staff warned after cyber attack


LONDON (AP) - Employees booting up computers at work Monday could see red as they discover they're victims of a global "ransomware" cyberattack that has created chaos in 150 countries and could wreak even greater havoc as more malicious variations appear.

It was reported up to 99 other countries had fallen victim to the attack - including the US, Russia, Spain and India - which had targeted a multitude of hospitals, companies and government agencies.

Wainwright described the cyberattack as an "escalating threat".

He said it was unclear so far how it had started but ransomware generally spread via a few different methods.

"We're not talking about a government organization or a hospital or anything like that".

"IT managers need to be extremely aware that new variants of this ransomware attack are being launched nearly hourly, so they can't just check that their computer systems are protected, then relax, assuming everything will stay that way", he said.

He says the motivation remains unknown but ransomware attacks are normally "criminally minded".

Cyber security experts have warned that the ransomware virus, that affected one in five NHS Trusts last week, could be reactivated by computers and devices that have not yet been switched on.

The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called "Eternal Blue". There were no reported cases in New Zealand.

More news: North Korea inches closer to striking the U.S. mainland

Another major cyber-attack is imminent after Friday's global hit that infected more than 125,000 computer systems and could come on Monday, a security researcher warned on Sunday.

Defence minister Michael Fallon told the BBC the government under Prime Minister Theresa May was spending around £50 million pounds on improving the computer systems in the NHS after warning the service that it needed to reduce its exposure to "the weakest system, the Windows XP".

"Expect to hear a lot more about this tomorrow morning when users are back in their offices and might fall for phishing emails" or other as yet unconfirmed ways the worm may propagate, said Christian Karam, a Singapore-based security researcher. The malware communicates using the anonymising Tor network and demands payments in the equally anonymous currency, bitcoin, making tracing those behind the attack more complicated.

The initial attack, known as "WannaCry", paralyzed computers that run Britain's hospital network, Germany's national railway and scores of other companies and government agencies worldwide in what was believed to be the biggest online extortion scheme ever recorded.

"Or we could potentially see copycats mimic the delivery or exploit method they used", he said.

The latest virus attack last week exploits a flaw in a version of Microsoft Windows first identified by United States intelligence.

Rudd, the home secretary, stressed Saturday that there was no evidence that patient data had been compromised but said there were lessons to learn.

And experts say the scope of the problem could expand as people return to work and fire up their computers.

It turned out that the ransomware code was written to connect to an unregistered domain and "if the connection is not successful it ransoms the system, if it is successful, the malware exits".