AUDIE CORNISH, HOST:
Cyber extortion attacks spread across the world today. They hit organizations ranging from a telecom giant in Spain to the National Health Service in England. The attacks used ransomware, which demands payment before allowing users to access their own data again. NPR's Frank Langfitt begins our coverage from London.
FRANK LANGFITT, BYLINE: The ransomware attack struck more than 30 facilities in England's vaunted National Health Service, or NHS, forcing some hospitals and clinics to shut down their computer systems to prevent the malware from spreading. Physicians had to return to working with pen and paper. Hospitals told patients not to come to emergency centers unless their condition was urgent. Malware typically gets into a computer when someone clicks on an infected attachment. Craig Williams, a cybersecurity specialist with Cisco Talos, the firm's threat intelligence unit, explains how ransomware generally operates from there.
CRAIG WILLIAMS: It searches your hard drive for valuable file types - so things like word docs, spreadsheets, pictures, things like that. And then it takes those files and encrypts them so that it can hold them for ransom.
LANGFITT: Williams says the ransomware that infected the NHS, which the Government Health Service said was called Wanna Decrypter, doesn't require a user to click an attachment. The malicious code can just worm its way into a computer system without human prompting.
WILLIAMS: This one's significantly worse. You could just walk up to your computer, and it's infected even if you didn't even touch it.
LAWRENCE JONES: They're happening every minute of every day, and that's globally.
LANGFITT: Lawrence Jones says ransomware attacks have become increasingly common. Jones is CEO of UKFast, which provides web hosting and cybersecurity for thousands of clients, including parts of the NHS. He says ransomware is a business that operates on volume. For instance, the attacks on the NHS asked users to pay the equivalent of about $300 to get access to their data.
JONES: We see people asking for quite small amounts of money in relation to the damage that they're threatening. So it's easier in a situation like this just to pay the ransom. There's nothing really you can ever do. You've given permission to people to lock down your systems, and you're never going to get that data back. So you have to pay that money or retrieve from previous backups you may have.
LANGFITT: Jones says the people behind ransomware attacks can range from sophisticated criminal gangs to teenagers, and they're very hard to catch. Frank Langfitt, NPR News, London. Transcript provided by NPR, Copyright NPR.