Yahoo Finance Cyber attack: Latest evidence indicates 'phishing' emails not to blame for global hack
Thousands of computers in China and Japan hit by WannaCry virus
Putin says Russia had 'nothing to do' with global ransomware outbreak
Microsoft attacks US government over developing 'EternalBlue' exploit that led to hack
New strains of virus reported but having little effect
Jeremy Hunt says there has been no second wave of attacks
Latest evidence suggests "phishing" emails are unlikely to have caused the global cyber attack that wreaked havoc at dozens of NHS trusts and hit hundreds of thousands of computers in 150 countries.
Security experts have disputed claims that the virus was spread through suspicious emails, saying that computers were vulnerable to the bug regardless of how vigilant users were. Experts said that unless IT departments patched the virus and backed up their files they could be hit by the attacks.
Affected NHS trusts were criticised for not adding the patch despite warnings from NHS Digital a month ago that they were vulnerable to a possible attack.
Vladimir Putin has blamed the US for the global cyber attack that has crippled computer systems around the world since Friday.
Putin said Russia had "nothing to do" with the attack and blamed the US for creating the hacking software that affects Microsoft computers.
WannaCry ransomware map - locations of infection
"Malware created by intelligence agencies can backfire on its creators," said Putin, speaking to media in Beijing. He added that global leaders needed to discuss cyber security at a "serious political level" and said the US has backed away from signing a cyber security agreement with Russia.
Authorities fear a second wave of the "WannaCry" ransomware could hit systems as people return to work and switch on their computers on Monday morning.
Japanese computer experts said around 2,000 PCs had been affected while the Chinese news agency Xinhua reported that almost 30,000 had been hit.
Authorities had warned of a day of chaos ahead of Monday, with the National Cyber Security Centre saying that existing infections could spread through computer systems.
NHS systems appeared to be largely up and running on Monday, although seven out of the 47 trusts hit by last week's attack are still seeking emergency support, according to NHS Digital.
Patients are being warned of slow service at surgeries, but patient data does not appear to have been compromised. The Home Secretary Amber Rudd will hold a meeting of the emergency COBRA committee later today.
The WannaCry ransomware, which locks computer systems and demands $300 (£230) in Bitcoin, hit over 200,000 computers on Friday and the impact continued to be felt across the weekend. Around £33,000 in ransoms have been paid to date, according to analysis of Bitcoin wallets.
On Sunday night, Microsoft slammed the US spy agency that had originally developed software that allowed the ransomware attack to infect computers. The "Eternal Blue" tool developed by the National Security Agency had been dumped onto the public internet by a hacking group known as the Shadow Brokers.
It was then used by the still-anonymous cyber criminals to infect PCs with Friday's ransomware.
"The governments of the world should treat this attack as a wake-up call," In a statement, Microsoft president Brad Smith said. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.
Goodbye for now
That's it for the live blog for today. We'll be monitoring developments overnight and keep the news pages updated when we have more information.
Phishing emails "not likely" to have caused the cyber attack
Security researchers have told the Telegraph that phishing emails are not likely to have been the vessel through which the ransomware spread. Instead it is likely that it spread across machines through a Windows system used for file sharing between computers.
More information is in our piece here.
National Crime Agency 'identifying patterns' in attacks
The National Crime Agency has said it will "take time" to investigate who is behind the attacks, but said it has started "identifying patterns" in the swathes of data it has access to.
It said there is currently no indication that there will be a second wave of attacks in the UK, but warned people to still be careful.
Lynne Owens, director general of the NCA, said:
As things stand, there is no indication of a second surge of cases here in the UK.
But that doesn’t mean there won’t be one.
We’re trawling through huge amounts of data associated with the attack and identifying patterns.
The NCA is leading the criminal investigation into the attack, but for operational reasons we cannot give a running commentary.
Because of the quantity of data involved and the complexity of these kinds of enquiries we need to be clear that this is an investigation which will take time.
But I want to reassure the public that investigators are working round the clock to secure evidence and have begun to forensically analyse a number of infected computers.
Specialist cyber-crime officers from the NCA and our partner regional organised crime units are speaking directly with victims.
That includes visiting NHS sites to help protect victims and secure and preserve evidence. Those visits are continuing.
More than 150 countries have been affected, and we’re in constant communication with international partners, including Europol, Interpol and the FBI and the collaboration has been strong and effective.
The agency advised:
Make sure your security software patches are up-to-date
Make sure that you are running anti-virus software
Back-up your data in multiple locations, including offline
Avoid opening unknown email attachments or clicking on links in spam emails
Victims of fraud should report it to Action Fraud
We encourage the public not to pay any ransom demand
Jeremy Hunt: No second wave of attacks
The Health Secretary has made his first public statement since last Friday's attack.
He told BBC News:
I have this morning been briefed by GCHQ and the National Cyber Security Centre. According to our latest intelligence we have not seen a second wave of attacks and the level of criminal activity is at the lower end of what we had anticipated.
But the message is very clear, not just for organisations like the NHS but for private individuals and businesses: although we have never seen anything on this scale with regards ransomware attacks they are relatively common and there are things that you can do, all of us can do to protect ourselves against them.
In particular making sure data is properly backed up and making sure that we are using the software and antivirus patches that are sent out by manufacturers. These are things we can all do to reduce the impact of what we have seen in the last 48 hours.
Are new strains of WannaCry emerging?
The original ransomware was effectively neutered on Friday night after a British security expert bought the domain name that acted as a "kill switch"
However, new strains of the virus appear to have emerged over the weekend, with other cyber criminals seeking to make money by exploiting vulnerable systems.
Matthieu Suiche dealt with the first by registering a new killswitch address.
Since registering the 2nd killswitch yesterday, we stopped ~10K machines from spreading further - mainly from Russia. #WannaCry#OKLMpic.twitter.com/eQziRoq8UN
— Matthieu Suiche (@msuiche) May 15, 2017
However, the second, found by security company Kaspersky, does not have a killswitch at all, making it difficult to disable.
This second version does not seem to work, but it suggests hackers are trying to create a strain that cannot be so easily disabled.
NHS trusts ignored warning last month to upgrade systems
Dozens of NHS trusts fell victim to ransomware after failing to upgrade their systems despite a warning from NHS Digital, Sky News reports.
NHS Digital has said it told NHS trusts to upgrade their systems last month or risk falling victim to a cyber attack. The warning came after hackers leaked details of a Microsoft vulnerability stolen from the NSA.
The security patch could have prevented the ransomware attack from spreading across NHS computer systems.
NHS Digital has told Sky News NHS England trusts were sent details of security patch last month that would have prevented ransomware attack
— Sky News Newsdesk (@SkyNewsBreak) May 15, 2017
Renault shuts one of largest factories
Henry Samuel, our correspondent in Paris, says Renault has shut one of its largest factories in France as a "preventative measure". Here's his full dispatch:
One of carmaker Renault's biggest factories in France remained closed on Monday as a "preventative" measure in the wake of the global cyberattack.
Renault had to temporarily lay off 3,500 staff at their Douai factory in northern France, giving them a collective holiday on Monday while they try and limit damage to the factory's computers, which run into hundreds of terminals.
Unions were warned on Sunday.
The company gave no details on the degree to which the plant was affected by the malware.
"Our IT teams are working at the site today, along with logistics to maintain supply, and they will do everything possible to secure the site so that work can start up again tomorrow," said a spokesman.
The work is "essentially preventative but requires great vigilance," he said.
The Douai factory employs 5,500 staff and produces Talisman, Scenic and Espace vehicles.
A spokesman for Renault told AFP that production would start up again on Tuesday and that 90 per cent of the group's factories were running as normal worldwide in the wake of the attack.
Two unspecified sites were not currently running abroad, he added.
The carmaker had earlier halted production at sites in France and Romania to prevent the spread of ransomware.
Theresa May says Government warned the NHS about possible attack
Theresa May has denied accusations that the Government failed to alert the NHS about a possible cyber attack despite warnings from security experts.
"Clear warnings were given to hospital trusts," said May, speaking at an event in Oxfordshire. "But this is not something that focused on attacking the NHS here in the UK."
Vladimir Putin blames US for hack
Vladimir Putin has blamed the US for causing the global cyber attack. He said Russia had "nothing to do" with the cyber attack, adding that the US had indirectly caused it by creating the Microsoft hack in the first place.
"Malware created by intelligence agencies can backfire on its creators," said Putin, speaking to media in Beijing.
He added that the attack didn't cause any significant damage to Russia. Russian security firm Kaspersky said hospitals, police and railroad transport had been affected in the country. Another report suggested Russia was one of the worst hit locations.
More than 45,000 attacks of the #WannaCry recorded by #Kaspersky in 74 countries around the world, mostly in Russia. https://t.co/Agtr2rFDt2pic.twitter.com/r3JCpXf9MR
— Odisseus (@_odisseus) May 12, 2017
Putin said:
As regards the source of these threats, I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the intelligence services of the United States.
Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators.
So this question should be discussed immediately on a serious political level and a defence needs to be worked out from such phenomena.
Health Secretary refuses to answer questions on NHS negligence
Jeremy Hunt was asked whether he had ignored warnings about NHS IT security as he left his house this morning.
The Health Secretary, who has been criticised over his lack of public statements over the attack, declined to answer any questions.
Universities, police and petrol stations hit in China
Here's a dispatch from Neil Connor in Beijing:
More than 4,000 educational organisations were among the 30,000 ‘institutions' to have been paralysed by the global cyberattack, which is known as Wanna Decryptor ransomware, or WannaCry, Qihu 360, an anti-virus software firm said.
Reports in China said more than 20,000 petrol stations operated by China National Petroleum Cooperation could only process cash payments because of Internet issues over the weekend.
The National Business Daily reported on Monday that the company’s computers went down at 1pm on Saturday, with 80 percent of the systems returning to normal by midday on Sunday.
"Petro China has taken emergency measures to cope with WannaCry ransomware attacks," a company official told the media outlet.
Chinese media also cited university students complaining about pop-ups appearing on their computers which demanded ransom payments, or else they would lose all their documents.
Wu Xingyong, an official from Yunnan Agricultural University, in south-west China, told thepaper.cn that eight students had been hit by the attack.
Other reports said breaches had occurred at Hangzhou Normal University, Shandong University and Jiangsu University in eastern China.
Beijing’s Tsinghua and Peking Universities, and Guilin University Of Electronic Technology were also affected.
Police officers in Shandong province were forced to unplug all of their computers when the cyber attack struck, reports said.
A Chinese expert criticised the United States over the breach, following suggestions by researchers that it used hacking tools developed by the US National Security Agency.
Qin An, director of the China Institute of Cyberspace Strategy, told the Global Times newspaper that the attack “again reminds the world of the great harm the US' network hegemony and its network weapons can bring about.”
Cybersecurity is one of the most contentious issues between the US and China.
'Limited blood tests and no x-rays'
Patients still being turned away here at Barts in East London due to #CyberAttack . More on @BBCNewsbeat 1245 pic.twitter.com/LJVn2hZXFM
— Rick Kelsey (@RickKelsey) May 15, 2017
'Significant delays' at A&E
The Royal London Hospital in Whitechapel is continuing to report "significant delays" due to IT problems.
Surgeries turning away patients
At a GP in East London and people are being turned away. Unclear if they're infected or if it is linked to nearby hospital issues.
— Thomas Fox-Brewster (@iblametom) May 15, 2017
This is in Barts Health area. Receptionists are saying systems are down... People getting kinda angry. https://t.co/InF5hLInF4
— Thomas Fox-Brewster (@iblametom) May 15, 2017
Boris weighs in
From the Press Association:
Arriving in Brussels for a meeting of EU foreign ministers, Foreign Secretary Boris Johnson said: "Cyber-security is a huge issue for all of us in all our countries.
"It's not specifically on the agenda today, but a huge amount of work goes on between the UK Government and all our friends and partners around Europe, and indeed in the United States, where they are now stepping up their precautions against cyber attacks of these kinds."
Hackers have made £33,000
Bitcoin, the digital currency that the ransomware hackers demanded payments in, is anonymous but not quite untraceable. We are able to follow transactions into the online wallets set up by the hackers.
This Twitter bot is tweeting live updates on the payments. At present, they total 24.75 bitcoins, or £33,600.
The three bitcoin wallets tied to #WannaCry ransomware have received 151 payments totaling 24.75899797 BTC ($42,640.91 USD).
— actual ransom (@actual_ransom) May 15, 2017
Amber Rudd to hold COBRA meeting
The Home Secretary will chair another emergency Cobra meeting to discuss the cyber attack on the NHS later today.
— LBC Breaking (@lbcbreaking) May 15, 2017
22-year-old cyber hero revealed
The spread of the "WannaCry" ransomware was limited over the weekend after a quick-thinking IT expert registered the "kill switch" web domain found deep in the software's code.
22-year-old Marcus Hutchins now says he is working with GCHQ to try and fend off another attack.
Jeremy Hunt spotted
The Health Secretary Jeremy Hunt was mysteriously silent over the weekend, with the Home Secretary Amber Rudd left to field questions about Friday's attack and the NHS's security.
Here's Mr Hunt's last tweet, for example:
Thanks for warm welcome and delicious coffee at the excellent Little Barn cafe in Elstead - great asset for community pic.twitter.com/W578SsI8wT
— Jeremy Hunt (@Jeremy_Hunt) May 8, 2017
Mr Hunt was accused of ignoring warnings over NHS security, with many trusts running unpatched systems or continuing on Windows XP.
The Health Secretary has now been spotted leaving for work on his bicycle.
Microsoft: 'This is a wake-up call'
Embarrassingly for the US government, Friday's attack can trace its way back to the US spy agency. The National Security Agency's "Eternal Blue" tool, built to spy on enemy computers, helped spread the WannaCry ransomware tool by exploiting a flaw in Windows systems that had not been patched, including the obsolete Windows XP.
We need collective action to apply the lessons from last week’s cyberattack. And we need it now. https://t.co/pAVBV0VOpD
— Brad Smith (@BradSmi) May 14, 2017
Microsoft had released a patch in March, but many organisations had not updated, and it was not until Saturday that a patch for XP was released.
Microsoft attacked the US government on Sunday for building the Eternal Blue tool.
This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.
An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.
NCSC warns of further ransomware attacks
Here's the latest from the National Cyber Security Centre:
Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind. But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.
Our latest statement on the ransomware attack https://t.co/eHZqlHupgJpic.twitter.com/kgyUbJZuLs
— NCSC UK (@ncsc) May 14, 2017
Surgeries face 'Monday meltdown'
Good morning. Patients are being warned this morning not to visit their GPs amid fears that the fallout from the NHS cyber attack could continue.
Official advice from the health service says that patients should continue to visit surgeries if they have an appointment, but warns that services should be slower than usual and urged to seek other options if possible.
Seven out of the 47 trusts hit by last week's attack are still seeking emergency support, NHS Digital has said.
Latest guidance for the NHS on protecting against cyber attack issued by @NHSDigital#nhscyberattackhttps://t.co/M9Yb7xuw3a
— NHS England (@NHSEngland) May 14, 2017
