Dozens of countries affected by ransomware cyberattack

Hospitals across the U.K. diverted ambulances and cancelled appointments after their computers and phones were disrupted by a cyberattack, which soon spread globally.

U.K.'s National Health Service 1st target of attack

An ambulance waits outside the emergency department at St Thomas' Hospital in central London on Friday. British hospitals were forced to divert emergencies after a ransomware attack disrupted computer systems at multiple locations. (Stefan Wermuth/Reuters)

Hospitals across the U.K. diverted ambulances and cancelled appointments Friday after their computers and phones were disrupted by a cyberattack, which soon spread globally.

About 45,000 incidents affecting 74 countries have been recorded, according to Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab. He noted that most of them took place in Russia.

In the U.K., the attack has affected at least 16 organizations within the state-run National Health Service, according to an NHS statement.

NHS sites appear to have been hit across the country simultaneously, according to a report in The Guardian. The newspaper said users had been locked out of affected computers, on which pop-up messages were demanding a ransom payment in exchange for regaining access. 

NHS described the incident as a "ransomware" attack, adding that the malware appeared to be the variant known as Wanna Decryptor, but did not provide further details. The attack is being dubbed "WannaCry."

No patient data appears to have been accessed, the NHS said. 

A photo tweeted under the hashtag #nhscyberattack appeared to show one of the affected computers. A message on the screen said the files on the computer had been encrypted. It demanded a payment of $300 in bitcoins within three days. 

"After that the price will be doubled," the message read. 

Britain's National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.

A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

Hospitals have been hurt by ransomware attacks before, including a Los Angeles-area facility that paid some $17,000 US to hackers to regain control of its network. The Ottawa Hospital and Norfolk General Hospital in Simcoe, Ont., suffered similar attacks last year. 

About 1,000 computers hit in Russia

Russia's Interior Ministry said Friday it had come under cyberattack.

Agency spokesperson Irina Volk said in a statement carried by Russian news agencies that Friday's cyberattacks hit about 1,000 computers. She said the ministry's servers haven't been affected.

Volk added that ministry experts are now working to recover the system and do necessary security updates.

Russian media also said that the Investigative Committee, the nation's top criminal investigation agency, also has been targeted. The committee denied the reports.

Megafon, a top Russian mobile operator, also said it has come under cyberattacks that appeared similar to those that crippled U.K. hospitals on Friday.

Spreads to Spain

The NHS said it had not been specifically targeted and, within hours, the problem appeared to have spread beyond British hospitals.

Spain's government said Friday a large number of Spanish companies had been attacked by cyber criminals who had also infected computers with ransomware, though it was not immediately clear if the attacks were linked.

In response to the "massive infection" of both personal and corporate computers, Spain said it had activated a special protocol to protect its critical infrastructure — including energy, transportation, telecommunications and financial services.

The Ministry of Energy, Tourism and Digital Agenda said the attack affected the Windows operating system of employees' computers in several companies. It described the culprit as a version of the WannaCry ransomware. 

The telecommunications giant Telefonica was among the companies hit.

Portugal Telecom was also hit by a cyberattack but no services were affected, a spokesperson for the company said.

With files from Reuters and CBC News