Ransomware ATTACK WORLD WIDE

Ransomware Is Tip Of The Iceberg: America’s Infrastructure At Risk
MAY 19, 2017
The Ransomware that began spreading across the globe on Friday is still going with more computers reportedly being affected today by new variants of the virus.  What we’ve learned is that the attack hasn’t just taken down personal computers, but core government and business networks affecting everything from health care systems and transportation in Europe, to ATM withdrawals in China.
It’s massive, to be sure. But in the grand scheme of things, up to this point, it has been a fairly minor inconvenience. But as Joe Joseph warns in his latest news report at The Daily Sheeple, this is just the tip of the iceberg, because now that we’ve seen how quickly such an attack can spread, it’s only a matter of time before rogue groups or state-sponsored players make a direct attempt at taking down core systems that keep millions of people in America alive. 
READ MORE http://www.prophecynewswatch.com/article.cfm?recent_news_id=1247

Ransomware Is Tip Of The Iceberg: America's Infrastructure At Risk
It's only a matter of time before rogue groups make a direct attempt at taking down core systems that keep millions of people in America alive.
Ransomware Is Tip Of The Iceberg: America's Infrastructure At Risk
image: http://www.prophecynewswatch.com/images/recent/ransomewaremay172017.jpg
News Image BY MAC SLAVO/SHTFPLAN.COM MAY 17, 2017:
The Ransomware that began spreading across the globe on Friday is still going with more computers reportedly being affected today by new variants of the virus.
What we've learned is that the attack hasn't just taken down personal computers, but core government and business networks affecting everything from health care systems and transportation in Europe, to ATM withdrawals in China.
It's massive, to be sure. But in the grand scheme of things, up to this point, it has been a fairly minor inconvenience.
But as Joe Joseph warns in his latest news report at The Daily Sheeple, this is just the tip of the iceberg, because now that we've seen how quickly such an attack can spread, it's only a matter of time before rogue groups or state-sponsored players make a direct attempt at taking down core systems that keep millions of people in America alive. 
As we've previously noted, U.S. cyber command has warned that power grids, physical infrastructure and commerce systems will be a major target of future cyber attacks, and the latest Ransomware attack utilizing NSA-created exploits proves just how serious the damage could be:
Experts are saying this is just the tip of the iceberg... what the NSA has done and the damage they have caused as the result of coming up with these exploits in the first place is criminal... but it's beyond criminal... in our society we have become so dependent on technology.. our computers... our cell phone...
We've become so hooked on it that if something happens and it looks like it can very easily happen... where some of these hacks are exploited... we could see an instantaneous change in the way that we live... to the point where you could see upwards of 80% or 90% of the population just in the United States dying as a result of a prolonged power outage because the grid gets hacked...
Joseph's figure of a 90% die off in the event of a grid failure is based on the work of EMP researcher Dr. Peter Pry, who recently testified before a Congressional panel on the dangers of "grid down" scenarios resulting from electro-magnetic pulse attack. 
Though Pry's research is primarily based on the threat of a nuclear device being detonated a couple hundred miles above the central United States taking out the entirety of the domestic power grid, the end result of a grid-down scenario, whether initiated by a cyber attack or something else, is very much the same.
Without the grid, all life in America would come to a standstill. Gas station pumps wouldn't work, which means trucks couldn't deliver food to grocery stores. And even if your local store still had food on the shelves, cash registers and bank payment verification systems would be unavailable, making hard currency like gold and silver the only means of transacting. 
As we've seen in China over the weekend, ATM's would likely be inaccessible. So, too, would be your access to clean water, as most utility plants are tied to the power grid.
image: http://www.prophecynewswatch.com/images/ads/TCC_banner1.jpg
In short, within about 72 hours, there would be pandemonium in the streets, as highlighted by The Prepper's Blueprint author Tess Pennington in her article The Anatomy of a Breakdown:
Read more at http://www.prophecynewswatch.com/article.cfm?recent_news_id=1247#sEQeDgdHzJC6PVWH.99


DEVELOPING: Second Global Cyber Attack Underway – Could Dwarf Recent Attack in Impact
MAY 17, 2017
Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a cyber security firm has claimed. The new attack is called Adylkuzz and targets the same “vulnerabilities” in computer systems as the WannaCry ransomware worm. But rather than lock files, it takes controls of computers and puts them to work “mining” a virtual currency which criminals can then exchange for real cash.

Researchers at the tech firm Proofpoint said the new virus was linked to WannaCry and may have infected hundreds of thousands of computers. Nicolas Godier, a researcher at the computer security firm, told AFP: “It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose.”
 FULL REPORT https://www.thesun.co.uk/tech/3585670/second-major-cyber-attack-is-already-underway-and-it-could-dwarf-last-weeks-hacks-experts-claim/

Ransomware Hits Small Number of U.S. Critical Infrastructure Operator
MAY 16, 2017
According to a new report, A small number of U.S. critical infrastructure operators have been affected by the global ransomware worm, but there has been no significant disruption in their work,
a Department of Homeland Security official told Reuters on Monday. There have been no victims of the cyber attack within the U.S. federal government at this time, the official said. 
CONTINUE http://news.trust.org/item/20170515151422-ori0j

http://itscart.com/computer-security-experts-brace-for-second-wave-of-biggest-ransomware-attack-ever/
Computer Security Experts Brace For Second Wave Of ‘Biggest Ransomware Attack Ever’May 15, 2017 Computer Security Experts Brace For Second Wave Of ‘Biggest Ransomware Attack Ever’2017-05-16T04:15:32+00:00
Computer Security Experts Brace For Second Wave Of ‘Biggest Ransomware Attack Ever’
It primarily targeted users of Windows XP, an aging operating system for which Microsoft largely ended support in 2014.

The malicious “ransomware” attacks that seized computers worldwide Friday and held those systems hostage are likely to worsen this week as millions of people return to work – forcing them to discover the hard way whether they have been affected, security analysts said.

With much of the world still reeling from the digital breach that prevented people from receiving hospital care, a second wave of what European officials have called “the biggest ransomware attack ever” could be devastating.

“They’re going to turn on their computers in the morning and find out if they were protected or not,” said James Barnett, a security expert at Venable and retired Navy rear admiral.

The software, which first affected Britain’s National Health Service before spreading to as many as 150 countries, locked down victims’ computers and threatened to delete their files unless they paid $300. It primarily targeted users of Windows XP, an aging operating system for which Microsoft largely ended support in 2014.

Much of the potential damage from Friday’s attack was quickly contained by the efforts of a 22-year-old security researcher, who goes by @MalwareTechBlog on Twitter. The researcher discovered that the unnamed attackers had accidentally included a “kill switch” in their software that would allow the owner of a particular website to stop the attack. By paying about $10 to acquire the domain name, the researcher was able to thwart the malware.

But that victory could be short-lived, experts said, because the software, known as WannaCry or Wanna Decryptor, is likely to be modified soon and continue its spread in a slightly different form.

For IT workers and security researchers, the episode highlights the challenge of fighting an ever-mutating foe whose motives are rarely clear.

WannaCry is the most high-profile example of a type of attack that analysts have been predicting would surge in 2017 after a substantial uptick in such attacks last year.

“If you looked at what the biggest trends all the security companies were highlighting at the beginning of the year, ransomware was in all of their lists,” said Peter Warren Singer, a technologist and senior fellow at the New America Foundation. He added that interventions by independent researchers such as @MalwareTechBlog highlight the benefits of supporting private hacking.



“If there is a lesson from that,” Singer said, it’s that “you want to enable security research and information exchange. You want the curiosity of the good guys to be unleashed as much as possible.”

Among those waking up Monday to a nasty surprise could be government officials, some analysts said. Many public computers still have Windows XP installed, and they could be susceptible to the malware if IT administrators have not downloaded the appropriate security patches.

Some federal agencies have moved more quickly than others to stamp out Windows XP, said R. David Edelman, an Obama administration official who advised the White House on technology matters. How adept each agency has been at upgrading its systems has largely to do with available resources.

“There are certainly still systems in the government that are running XP,” Edelman said. “Some of them are almost certainly Internet-connected; some of them might be further back-end or otherwise not as vulnerable.”

In 2015, the Navy agreed to pay Microsoft $9 million a year for continued Windows XP support. Since then, officials have sought to end the Navy’s reliance on outdated software by developing a “Microsoft Eradication Team.” Now the Navy is moving rapidly to transition to Windows 10.

By this point, federal officials largely have a handle on XP, Singer said. But, he added, state and local governments that lack expertise or funding may face greater troubles.

By drawing attention to the shortcomings of legacy computer systems, WannaCry could indirectly drive more demand to companies such as Google and Microsoft that have built massive cloud computing businesses, said Stewart Baker, a former general counsel at the National Security Agency.

“This may well force a lot of legacy systems finally into the cloud, is my guess,” Baker said, “which is probably where they’re going in the long run – but they’ll get there faster [now] because the idea of continuing to run XP is not credible.”

In a blog post Sunday, Microsoft chief legal officer Brad Smith said the incident highlights the dangers of stockpiling digital weapons, and called for a “Digital Geneva Conventions” to govern their use.

“The governments of the world should treat this attack as a wake-up call,” Smith wrote. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”

‘Accidental Hero’ finds kill switch to stop spread of ransomware cyber-attack
MAY 13, 2017
An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware. The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software. The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. 
READ MORE https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

More victims expected in unprecedented cyberattack as users log on Monday
MAY 14, 2017
An unprecedented global “ransomware” attack has hit at least 100,000 organizations in 150 countries, Europe’s police agency said Sunday — and predicted that more damage may be seen Monday as people return to work and switch on their computers. The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading
chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide. Steven Wilson, Head of Europol’s European Cybercrime Centre, told Sky News that it was now important that IT departments checked their systems on Monday morning to ensure they had not been compromised. 
READ MORE http://www.foxnews.com/tech/2017/05/15/more-victims-expected-in-unprecedented-cyberattack-as-users-log-on-monday.html

UPDATE: Hacking Attack Has Security Experts Scrambling to Contain Fallout
MAY 14, 2017
Governments, companies and security experts from China to Britain raced on Saturday to contain the fallout from an audacious global cyberattack amid fears that if they did not succeed, companies would lose their data unless they met ransom demands. The global efforts came less than a day after malicious software, transmitted via email and stolen from the National Security Agency,
targeted vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record. The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service. 
READ MORE https://www.nytimes.com/2017/05/13/world/asia/cyberattacks-online-security-.html  

24 Hours Later: “Unprecedented” Fallout From “Biggest Ransomware Attack In History”
MAY 14, 2017
24 hours after it first emerged, it has been called the first global, coordinated ransomware attack using hacking tools developed by the NSA, crippling over a dozen hospitals across the UK, mass transit around Europe, car factories in France and the UK, universities in China, corporations in the US, banks in Russia and countless other mission-critical businesses and infrastructure.
According to experts, “this could be one of the worst-ever recorded attacks of its kind.” The security researcher who tweets and blogs as MalwareTech told The Intercept, “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over 9 million computers in nearly 200 countries. 
READ MORE http://www.zerohedge.com/news/2017-05-13/24-hours-later-unprecedented-fallout-first-global-coordinated-ransomware-attack

UPDATE: Hacking Attack Has Security Experts Scrambling to Contain Fallout
MAY 14, 2017
Governments, companies and security experts from China to Britain raced on Saturday to contain the fallout from an audacious global cyberattack amid fears that if they did not succeed, companies would lose their data unless they met ransom demands. The global efforts came less than a day after malicious software, transmitted via email and stolen from the National Security Agency,
targeted vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record. The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service.
 READ MORE https://www.nytimes.com/2017/05/13/world/asia/cyberattacks-online-security-.html

A sign outside the Royal London Hospital, in Central London. The hospital was one of a number of hospitals and institutions operated by Britain’s National Health Service hit Friday by a large-scale ransomware cyber attack. Credit Will Oliver/European Pressphoto Agency
Governments, companies and security experts from China to Britain raced on Saturday to contain the fallout from an audacious global cyberattack amid fears that if they did not succeed, companies would lose their data unless they met ransom demands.

The global efforts came less than a day after malicious software, transmitted via email and stolen from the National Security Agency, targeted vulnerabilities in computer systems in almost 100 countries in one of the largest “ransomware” attacks on record.

The cyberattackers took over the computers, encrypted the information on them and then demanded payment of $300 or more from users to unlock the devices. Some of the world’s largest institutions and government agencies were affected, including the Russian Interior Ministry, FedEx in the United States and Britain’s National Health Service.

In Romania on Saturday, the carmaker Dacia, owned by the French carmaker Renault, sent home some employees at a large factory complex in the city of Mioveni because the attack had disrupted its systems.

Continue reading the main story
As people fretted over whether to pay the digital ransom or lose data, experts said the attackers might eventually pocket more than $1 billion worldwide before the deadline ran out to unlock the computers.

But as of Saturday afternoon, the money raised by the attackers, who demanded payment using the virtual currency Bitcoin, was much lower. Funds totaling the equivalent of about $33,000 were deposited into several Bitcoin accounts associated with the ransomware, according to Elliptic, a company that tracks online financial transactions involving virtual currencies.

That figure is likely to increase as deadlines approach for payment, security researchers said. Victims may also start digging into their wallets as others publicly confirm that paying the ransom actually unlocks their files.

“There’s no guarantee of service even if they do pay,” said Becky Pinkard, vice president for service delivery and intelligence operations at Digital Shadows, a cybersecurity firm. “No one on Twitter is going to care about your complaint on this one.”

The coordinated attack was first reported in Britain on Friday and spread globally. It has set off fears that the effects of the continuing threat will be felt for months, if not years. It also raised questions about the intentions of the hackers: Are they acting for mere financial gain or for other unknown reasons?

“Ransomware attacks happen every day — but what makes this different is the size and boldness of the attack,” said Robert Pritchard, a cybersecurity expert at the Royal United Services Institute, a research organization in London. “Despite people’s best efforts, this vulnerability still exists, and people will look to exploit it.”

While most cyberattacks are inherently global, this one, experts say, is more virulent than most. Security firms said it had spread to all corners of the globe, with Russia hit the worst, followed by Ukraine, India and Taiwan, said Kaspersky Lab, a Russian cybersecurity firm.

The attack is believed to be the first in which such a cyberweapon developed by the N.S.A. has been used by cybercriminals against computer users around the globe.

While American companies like FedEx said they had also been hit, experts said that computer users in the United States had so far been less affected than others because a British cybersecurity researcher inadvertently stopped the ransomware from spreading.

The hackers, who have yet to be identified, included a way of disabling the malware in case they wanted to shut down the attack. They included code in the ransomware that would stop it from spreading if the virus sent an online request to a website created by the attackers.

The 22-year-old British researcher, whose Twitter handle is @MalwareTechBlog and who confirmed his involvement but insisted on anonymity because he did not want the public scrutiny, found the kill switch’s domain name — a long and complicated set of letters. Realizing that the name was not yet registered, he bought it himself. When the site went live, the attack stopped spreading, much to the researcher’s surprise.

“The kill switch is why the U.S. hasn’t been touched so far,” said Matthieu Suiche, founder of Comae Technologies, a cybersecurity company in the United Arab Emirates. “But it’s only temporary. All the attackers would have to do is create a variant of the hack with a different domain name. I would expect them to do that.”

GRAPHIC
Animated Map of How Tens of Thousands of Computers Were Infected With Ransomware
A new strain of ransomware spread rapidly around the world on Friday.


 OPEN GRAPHIC
Across Asia, universities, companies and other organizations said they had been affected.

In Taiwan, threads soon began popping up on the popular online message board PTT with users’ tales of how their computers had been infected and tips on how to avoid the virus.

In China, the virus hit the computer networks of both companies and universities, according to the state-run news media. News about the attack began trending on Chinese social media on Saturday. Most attention was focused on university networks, where there were concerns about students losing access to their work.

Newsletter Sign UpContinue reading the main story
Morning Briefing
Get what you need to know to start your day in the United States, Canada and the Americas, delivered to your inbox.

Receive occasional updates and special offers for The New York Times's products and services.

SEE SAMPLE PRIVACY POLICY
The attack spread like wildfire in Europe, including to companies like Deutsche Bahn, the German transport giant, and Telefónica, a Spanish telecommunications firm, though no major service problems had been reported across the region’s transportation or telecommunications networks.

Nissan, the Japanese auto giant, said its manufacturing center in Sunderland in the north of England had been affected. A spokesman declined to comment on whether production had stopped.

In Britain, the National Health Service may be one of the largest institutions affected worldwide. It said that 45 of its hospitals, doctors’ offices and ambulance companies had been crippled. Surgical procedures were canceled and some hospital operations shut down as government officials struggled to respond to the attack.

“We are not able to tell you who is behind that attack,” Amber Rudd, Britain’s home secretary, told the BBC on Saturday. “That work is still ongoing.”

In Russia, Leonid Levin, the chairman of the parliamentary committee on information policy, said the attack showed the need for the country to add to legislation protecting “critical information infrastructure.” That body of laws has drawn criticism in recent years from rights groups for blocking the free flow of information into and out of Russia.

On Saturday, Russian news reports detailed attacks against computers used by the country’s traffic police to deliver new drivers’ licenses. The report followed confirmation that more than 1,000 computers using the Windows operating system had been affected at the country’s Interior Ministry.

The cyberattack was able to spread so quickly in part because of its high level of sophistication. The malware, experts said, was based on a method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. Last summer, a group calling itself the “Shadow Brokers” posted online digital tools that it had stolen from the United States government’s stockpile of hacking weapons. 

The connection to the N.S.A. is likely to draw further criticism from privacy advocates who have repeatedly called for a clampdown on how the agency collects information online.

Industry officials said law enforcement officials would find it difficult to catch the ringleaders, mostly because such cyberattacks are borderless crimes in which the attackers hide behind complex technologies that mask their identities. And national legal systems were not created to handle such global crimes.

Brian Lord, a former deputy director for intelligence and cyberoperations at Government Communications Headquarters, Britain’s equivalent to the N.S.A., said that any investigation, which would include the F.B.I. and the National Crime Agency of Britain, would take months to identify the attackers, if it ever does.

By focusing on large institutions with a track record of not keeping their technology systems up-to-date, global criminal organizations can cherry-pick easy targets that are highly susceptible to such hacks, Mr. Lord said.

“It was well thought-out, well timed and well coordinated,” he said of the current attack. “But, fundamentally, there is nothing unusual about its delivery. It is still fundamentally robbery and extortion.”

Microsoft took the unusual step of releasing free security patches for older versions of Windows, including Windows XP, that it no longer routinely updates. It said the patches could help protect users from attacks, which have not targeted Windows 10, the latest edition of the software.

“Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful,” Phillip Misner, principal security group manager at Microsoft’s security response center, wrote in a blog post.

Yet security experts said the software upgrade, while laudable, came too late for many of the tens of thousands of machines that were locked and whose data could be erased.

Follow Mark Scott @markscott82 on Twitter. 

Mark Scott reported from Riga, Latvia, and Nick Wingfield from Seattle. Reporting was contributed by Keith Bradsher from Beijing, Paul Mozur and Gerry Mullany from Hong Kong, Alison Smale from Berlin, Chris Horton from Taipei, Andrew Kramer from Moscow and Kit Gillet from Bucharest. Carolyn Zhang provided research from Shanghai.
A version of this article appears in print on May 14, 2017, on Page A15 of the New York edition with the headline: Clock 

https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?action=click&contentCollection=World&module=RelatedCoverage®ion=EndOfArticle&pgtype=article
Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool
Leer en español
By NICOLE PERLROTH and DAVID E. SANGERMAY 12, 2017
Continue reading the main storyShare This Page
Ambulance staff at a National Health Service hospital in London on Friday. Several hospitals across Britain were hit by a large-scale cyberattack, causing failures to computer systems. Credit Andy Rain/European Pressphoto Agency
SAN FRANCISCO — Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.

The attacks amounted to an audacious global blackmail attempt spread by the internet and underscored the vulnerabilities of the digital age.

Transmitted via email, the malicious software locked British hospitals out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met.

By late Friday the attacks had spread to more than 74 countries, according to security firms tracking the spread. Kaspersky Lab, a Russian cybersecurity firm, said Russia was the worst-hit, followed by Ukraine, India and Taiwan. Reports of attacks also came from Latin America and Africa.

Continue reading the main story
The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computers, or even if those who did pay would regain access to their data.

Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.

The connection to the N.S.A. was particularly chilling. Starting last summer, a group calling itself the “Shadow Brokers” began to post software tools that came from the United States government’s stockpile of hacking weapons.

The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens.

Something similar occurred with remnants of the “Stuxnet” worm that the United States and Israel used against Iran’s nuclear program nearly seven years ago. Elements of those tools frequently appear in other, less ambitious attacks.

The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N.S.A. or other intelligence agencies, but former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.)

The attacks on Friday are likely to raise significant questions about whether the growing number of countries developing and stockpiling cyberweapons can avoid having those same tools purloined and turned against their own citizens.

They also showed how easily a cyberweapon can wreak havoc, even without shutting off a country’s power grid or its cellphone network.
GRAPHIC
Animated Map of How Tens of Thousands of Computers Were Infected With Ransomware
A new strain of ransomware spread rapidly around the world on Friday.

 OPEN GRAPHIC
In Britain, hospitals were locked out of their systems and doctors could not call up patient files. Emergency rooms were forced to divert people seeking urgent care.

In Russia, the country’s powerful Interior Ministry, after denying reports that its computers had been targeted, confirmed in a statement that “around 1,000 computers were infected,” which it described as less than 1 percent of its total. The ministry, which oversees Russia’s police forces, said technicians had contained the attack.

Some intelligence officials were dubious about that announcement because they suspect Russian involvement in the theft of the N.S.A. tools.

But James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said he suspected that criminals operating from Eastern Europe acting on their own were responsible. “This doesn’t look like state activity, given the targets that were hit,” he said.

Those targets included corporate computer systems in many other countries — including FedEx in the United States, one of the world’s leading international shippers, as well as Spain’s Telefónica and Russia’s MegaFon telecom giant.

It could take months to find who was behind the attacks — a mystery that may go unsolved. But they alarmed cybersecurity experts everywhere, reflecting the enormous vulnerabilities to internet invasions faced by disjointed networks of computer systems.

There is no automatic way to “patch” their weaknesses around the world.

“When people ask what keeps you up at night, it’s this,” said Chris Camacho, the chief strategy officer at Flashpoint, a New York security firm tracking the attacks. Mr. Camacho said he was particularly disturbed at how the attacks spread like wildfire through corporate, hospital and government networks.