A computer at Greater Preston Clinical Commissioning Group in England is attacked. | @fendifille via AP White House calls emergency meetings as global cyberattack spreads

The Trump administration hastily called emergency meetings Friday and Saturday to contain fallout from the ongoing global ransomware campaign that has now hit victims in at least 150 countries, including the U.S.

On Friday, when the attacks started spreading throughout Europe and Asia, White House Homeland Security Adviser Tom Bossert chaired a meeting of the federal government’s so-called Cyber Response Group, which helps agencies coordinate their reactions to digital assaults, a source familiar with the matter told POLITICO.


The group met to assess the rapidly expanding ransomware attack, which locks up a computer network's files until a ransom is paid. The attacks forced several hospitals in England to stop admitting new patients with serious medical conditions and drove other companies to shut down their networks, leaving valuable data unavailable.

In total, European authorities said the ransomware assault has crippled more than 200,000 victims in those 150 countries. The malware that helps spread the attack is repurposed from apparent National Security Agency hacking tools that were leaked online earlier this year.

Friday's emergency White House meeting included the National Security Council's entire cyber directorate, led by cybersecurity coordinator Rob Joyce.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

After the meeting, the NSC checked in every four hours with the government’s seven cyber watch centers to assess the situation, the source said. Those seven centers include places like the DHS' cyber threat info-sharing hub, the National Cybersecurity and Communications Integration Center, or NCCIC, as well as similar cyber-focused units within the Pentagon, U.S. Cyber Command and various intelligence community agencies, such as the FBI and NSA.

The Cyber Response Group was formalized only last year in a presidential policy directive from then-President Barack Obama. In addition to getting all agencies on the same page during a cyberattack, the group helps coordinate broader digital defense policies.

On Saturday morning , after it had become clear the world was dealing with a unique digital ambush of unprecedented scale, Bossert also chaired a meeting of the NSC principals committee, which is composed of the senior-most administration officials, including Cabinet secretaries.

A senior administration official confirmed the meetings, which were first reported by Reuters.

Several Cabinet secretaries, deputy secretaries and "appropriate staff" attended the Saturday meeting, the official told POLITICO.

The ransomware campaign — which has gone through at least two phases as researchers worked to halt its advance — mostly affected Europe and Asia.

A DHS official told POLITICO late Friday that the malware had not yet infected U.S. government agencies and critical infrastructure organizations, such as hospitals and power plants.

CORRECTION: A previous version of this article incorrectly identified which institutions had been victims of the cyberattack. According to a spokeswoman for a cyber information sharing organization dedicated to state and local governments, no public American universities have reported infections.

