How hackers made the NHS ‘WannaCry’

We’ve all done it at some point, opened an attachment within a suspicious looking email that tempts us into double-clicking. Falling prey to our digital temptations is not a crime, but a simple flaw that can have very drastic ramifications. Unfortunately, as long as we – computer users – have access to email, applications, software, and operating systems, it is highly unlikely this ‘flaw’ will ever completely disappear.

Unless you’ve been on a complete digital detox over the last few days, you will have likely heard about the latest Cyber Security Hack affecting Britains National Health Service, as well as many other global companies. The finer details are still unclear, but what we do know is numerous hospitals and GP surgeries all over England and Scotland were in total anarchy, due to several NHS systems being taken offline by a major ransomware attack.

A quick bit of history on Ransomeware:

Ransomeware, is one of the biggest problems on the Internet today. It can come from various channels, such as phishing emails containing malicious links and attachments, security exploits in vulnerable software, internet traffic re-direction, and even SMS text messages.

When executed, this malicious software encrypts all files on a PC and quickly spreads to every machine on the network. Think of every file on your local C:\ drive, and all the company data you also have access to via the corporate ‘mapped’ drives. Now, imagine every single file becomes inaccessible and your systems are completely locked out. Ouch. The files cannot be accessed unless the ransom is paid to the criminals, effectively holding your data hostage until you cough-up.

In short, Ransomware can quickly cripple your computer network and ultimately your business. Sometimes, it often can go undetected by traditional anti-virus software as some AV platforms lack the ability to find and remove second generation malware. Restoring from a clean backup is the only option, however, this recovery process is incredibly time consuming and laborious for the various IT teams involved. Hence, many affected organisations, and individuals, simply choose to pay the ransom: Cyber Criminals “earned” over $1bn (yes, Billion) from ransomeware attacks during 2016 alone.

Get Expert Help and Advice for your Digital Transformation

Now, back to the NHS…

On Friday evening, news broke out that Cyber Criminals had managed to infiltrate the NHS network with Ransomeware. ‘WannaCry’, (also known as WannaCrypt), encrypted entire NHS entity networks, making the systems completely inaccessible. This prevented staff from accessing any patient medical records, appointment systems, and all internal databases. Staff would return from a lunch break to find the below message on their screens:

This quickly led to major disruption as ambulances were re-directed, appointments cancelled, and major surgeries delayed all over the Country. The panic was widespread enough to get the attention of the Prime Minster, and all major news networks globally.

Meanwhile, the culprits sat back, demanding $300 BitCoins (roughly £233) per computer in exchange for a key-code to decrypt the affected files. Time literally was money, as 72 Hours later the price would rise to $600. If left for 7 days, the data would be permanently deleted. Do you pay the ransom and unlock the files, or do you restore from the last known-good backups, knowing that any errors now will cause further disruption and possibly more reputational damage?

Make no mistake, the NHS network is enormous and incredibly complex. The maintenance of which cannot be easy, with many moving parts and several third-parties involved to ensure it remains fully functional. Now throw in a huge lack of financial resources, time restrictions, and a totally burned-out workforce, and it’s understandable why some parts of the infrastructure are still running on out-of-date software. These are not excuses, they are simply facts.

Here’s another: a large number of NHS workstations are still running Windows XP. Technical Support for Windows XP was offically eXPired (see what I did there?) by Microsoft in April 2014.

Due to several factors, instead of upgrading to newer operating systems, the NHS setup a special agreement with Microsoft to continue to provide support for the legacy Windows XP. A year later that funding simply ran out, and Microsoft were no longer contractually obligated to provide further hot fixes to any NHS XP workstations. This inevitably meant that any machine running Windows XP instantly became vulnerable to attack; once WannaCry got in, it could run riot throughout the entire network within seconds.

It is doubtful that the authors of WannaCry had deliberately targeted the NHS, proven by the fact they also managed to infect other firms such as Nissan and Renault. However, what is evident is they found a known vulnerability, exploited it, and within a few short clicks had crippled the nations Health Care system. Pretty scary stuff.

Even if the NHS was running the latest and greatest hardware and software, no amount of bleeding-edge IT systems can ever prevent human error. However, running critical systems on a retired operating system, is like leaving your house keys in your front door and expecting not to get burgled!

Please forgive me if I sound obnoxious, I’m not here to cast aspersions over anyone’s efforts, I am genuinely trying to serve. In my personal opinion, the NHS is a fine institution, with some of the hardest working people from all over the world, making sacrifices everyday to keep services running as best they can, on very limited budgets. However, as an organisation handling extremely sensitive data, their lack of Cyber Security awareness and poor incident management, has really hit them hard this time.

As disappointing as this is to say, it’s safe to assume that the historic lack of Government funding is one of many contributing factors to this large-scale cyber attack.

Whilst the impact of the attack is still being measured, and the identification of the criminals still unknown, the lessons we can learn are:

  • Make sure all available Hot Fixes are applied to critical computer systems. This is not limited to just the Operating System. Applications such as Java and Flash also need to be kept regularly updated.
  • Don’t neglect your backups. Ever.
  • Keep Anti Virus software up-to-date.
  • REMAIN VIGILANT: If you’re in any doubt as to the validity of the email sender, and/or the attachment, DON’T OPEN IT!

Ransomware does not discriminate when it comes to devices and platforms. Remember this when it comes to your home computers; as they are equally at risk of becoming infected. You can quickly lose those precious family photos and important documents you’ve been planning to backup, unless you take the necessary precautions.

Our personal data, wherever it may be held, is a valuable commodity – the Oil of the 21st Century. We – as a society – must do everything we can to ensure its integrity, confidentiality, and availability remain as safe as possible.


Arrange a Conversation 


Article by channel:

Read more articles tagged: Cyber Security, Featured, Hacking, Ransomware

Cyber Security