NHS hit by global cyber attack

15/05/2017 22:48

Some have called it the 'biggest ransomware' offensive in history.

What was initially reported to be an NHS targetted attack has now emerged that this was actually a global infection.

 Across the world, 150 countries and 300,000 systems fell at the hands of a ransomware orginally discovered by the NSA. WannaCry is a new strain of self-replicating ransomware that is thought to have been released by a group known as Shadow Brokers.

What is WannaCry?

The ransomware is a dangerous combination of a Trojan/ransomware and a worm which once embedded onto a system can lead to dangerous concequences including loosing data, access to systems and in worst cases, money.

WannaCry uses this deadly combo of malware to penetrate it's target system and dumps the exploit known as EternalBlue.

Once the attackers have compromised the target, there is nothing the user can do to get thier data back... apart from pay the ransom.

The attack has already gone through several variations after it's initial release.The first release was responisble for the global hack that took down the NHS. Although a fair bit of damage was caused a 'kill switch' present in the first version meant the the advance was slowed substantially.

Since then, various versions have made their way to the wild that have evolved and are much harder, if not impossible to slow down,

Not that any ransomware isn't dangerous, but WannaCry is even more so due to lack of a decryption method. Basically, if you're infected, you have two choices. Remain encrypted or pay the ransom (which is strongly advised against).

As far as delivery goes, the most commom method for is via phishing email. This is evident in the companies affected being larger corportations- more staff equal more email and more chance of infection.

It's likely the attack was distributed in an innocent looking email that can be easily opened and ran by an unsupecting user.

How did it effect the NHS?

In the UK, the NHS was the biggest organisation to be hit with the ransomware. The attack saw NHS trusts be taken offline and computers across hospitals, A&E and doctors surgeries.

Declared as a major incident, the organisation reverted to offlline methods of pen and paper to record patient notes.

At least 16 organisations were known to be affected by the attack.

 

Old systems responisble for attack

A survey suggests 90% of machines in the NHS are still running on Windows XP which is well over a decade old. 

The exploit was known to affect end-of-life status Microsoft Windows OS which XP comes under.

By the time Mircosoft brought out the patch to address the vunerability in the OS, it was too late. Additionally, the attack still remains dangerous to any organisations that haven't introduced the patch onto their machines

 

 

Posted in News By Just Firewalls