Grangemouth operator 'refused advice'
More cyber attacks feared amid ‘escalating threat’
Companies and public sector bodies are preparing for a second wave of cyber attacks that crippled scores of organisations last week.
Europol said the number of victims had risen to 200,000 in 150 countries and warned of an “escalating threat”.
The National Cyber Security Centre has advised firms how to protect computers as they start the working week. It urged them to install anti-virus software services and back up their data.
It said it knew of attempts to attack organisations other than the NHS, and warned more cases could “come to light” in the UK and elsewhere as the new working week begins.
Microsoft has said the ransomware cyber-attack should be a “wake-up call” for countries.
The software vulnerabilities hoarded by governments had caused “widespread damage”, Microsoft’s chief legal officer Brad Smith said.
The latest virus exploits a flaw in a version of Microsoft Windows first identified by US intelligence.
The attack involved ransomware – known as WannaCry and variants of that name – struck industry and public sector organisations around the world amid concerns that repeat attacks may be imminent.
It was launched using tools believed to have been stolen from the US National Security Agency (NSA) by a group of hackers known as The Shadow Brokers, who made it freely available in April, saying it was a “protest” about US President Donald Trump.
They tricked victims into opening malicious malware attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files.
The ransomware encrypted data on the computers, demanding payments of between $300 and $600 to restore access. Researchers observed some victims paying via the digital currency bitcoin, though no one knows how much may have been transferred to extortionists because of the largely anonymous nature of such transactions.
A big concern is that staff will have left work on Friday without realising they have been sent an email containing the ransomware virus.
“Most of the attacks are arriving via e-mail, so there are many ‘landmines’ waiting in people’s in-boxes,” said Michael Gazeley, managing director of Network Box, a Hong Kong-based cybersecurity company.
UK Health Secretary Jeremy Hunt was criticised as it emerged that the NHS – a major target for the attackers – has been struggling on 20-year-old computer systems that are vulnerable to cyber gangs.
His colleague the Defence Secretary Michael Fallon was forced to defend Mr Hunt’s department during a television interview. He said cyber threats were identified in a recent review and that a “large chunk” of capital allocated was spent on the NHS.
As companies were issued with a warning to protect their IT systems, there were claims that Ineos which operates key energy installations in Scotland, declined protection against hack attacks.
Ineos, which operates the Grangemouth chemicals plant and recently bought the key oil pipeline that connects the North Sea fields with the mainland, said it could not afford the extra security to defend its installations, according to leaked documents.
The government papers, obtained by Greenpeace Energydesk, claim that Ineos rejected security recommendations made by the Centre for the Protection of National Infrastructure (CPNI) – an agency accountable to MI5 – reportedly arguing that they were unaffordable and would not benefit the company.
Ineos struck a deal with BP last month to purchase the Forties pipeline – which is considered to be one of the most strategically important pieces of North Sea infrastructure.
According to one briefing document drafted by officials: “Ineos has explained that it is not prepared to undertake any of these mitigations because it cannot afford to do so and, even if it could afford this expenditure, it does not see itself as the beneficiary of the enhancements proposed.”
Further, according to the documents, Ineos was “the first and only example to date” of an owner of critical national infrastructure ever to have refused the advice of the CPNI.
Ineos is also reported to have said that if the UK and Scottish governments wanted to improve counter-terrorism security at Grangemouth they should pay for it themselves.
An Ineos spokesperson played down the claims, stating: “We cannot go into detail on our security arrangements at our sites, some of which is confidential for obvious reasons.
“However, I can say that the safety and security of each of our sites around the world is our highest priority. Our sites vary considerably in terms of their size, composition and location and so the security arrangements, that are reviewed on a regular basis, are specifically developed to take into account the specific risk and situation of each facility.”
A security expert on Friday night helped halt the spread of the bug by simply paying a few dollars to register a domain name that, once active, performed the role of a “kill switch” that deactivates the malware.
However, the bug infected many out of date machines and this increased the risk of fresh attacks spreading in the coming days and weeks.
Car makers Nissan in Sunderland and Renault in France were among the latest to be hit. Spanish telecoms firm Telefonica, Portugal Telecom, the US delivery company FedEx and a local authority in Sweden were also affected.
The Scottish Government said there have been no further reported problems with NHS systems in Scotland following the global cyber-attack.
Health Secretary Shona Robison has confirmed that 13 boards have been affected and measures to isolate any issues are now in place, with some systems expected to be operational over the weekend.
- The boards affected are: NHS Borders, NHS Dumfries and Galloway, NHS Fife, NHS Forth Valley, NHS Lanarkshire, NHS Greater Glasgow and Clyde, NHS Tayside, NHS Western Isles, NHS Highlands, NHS Grampian, NHS Ayrshire and Arran, NHS National Services and Scottish Ambulance Service
- In many areas, with the exception of NHS Lanarkshire, the number of PCs or systems affected is in single figures.
- There is no evidence that patient data has been compromised and patient services, including emergency service, are continuing to operate across Scotland.
- Other public bodies are currently running checks on their systems as a precaution ahead of the working week starting on Monday.
The First Minister and Ms Robison have been updated on the situation and Justice Secretary Michael Matheson has participated in the UK Government COBR meeting chaired by the Home Secretary.
Ms Robison said: “This has been a global cyber-attack which has impacted…across the world and clearly any incident of this nature is hugely concerning – but it’s important to stress that there is no evidence to suggest patient data has been compromised.
“This week’s incident emphasises the importance for all of us – the public and private sectors as well as the general public – to have the appropriate measures in place to protect against these kinds of attack.
“We have taken all necessary steps to ensure the cause and nature of this attack is identified and have managed to isolate the issues within the NHS in Scotland. Boards are currently working on protecting and restoring those systems where possible, with a view to getting most operational by Monday.”
Ms Robison added: “The National Cyber Security Centre (NCSC) is leading the response to these attacks and we continue to receive updates on the situation and their efforts to rectify the issues faced. We are working closely with them and are being guided by their expert knowledge in this field.
“Again, our priority is ensuring boards get all the support they need and get systems back normal as soon as possible, so there is as little impact on patient care as possible.
“I would like to thank all of the NHS staff who are working round the clock to rectify this and keep any impact to an absolute minimum. I have complete confidence that they will continue to provide the excellent care for which they are famous.”
Amber Rudd, the Home Secretary (left), issued an update on efforts to tackle the crisis. She said: “We are not able to tell you who is behind that attack. That work is still ongoing.
“We don’t know anymore about where it has come from at the moment. We know it has affected up to 100 countries and it wasn’t targeted at the NHS.
“We know from the information we have on the type of virus that it feels random about where it has gone to and where it was opened.
“It is the type of virus that works particularly effectively between systems that are connected to each other so it is more likely to impact larger organisations than individuals. No patient data has been accessed or transferred in any way, thats the information we’ve been given.”
She expects the NHS to upgrade its computer systems following reports that it outdated Microsoft software may have made it more vulnerable.
Microsoft said it has released a solution for all Windows users, regardless of whether they are supported or not. It said it was “painful” to see how businesses and individuals had been affected by the attack.
In a statement, Prime Minister Theresa May said: “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.
“This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.
“The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety. And, we are not aware of any evidence that patient data has been compromised.”
« Jobless to rise as Brexit grips economy (Previous News)
(Next News) May challenges Labour as party of working class »