How the NHS Ransomware attack occurred and how to prevent it

On 12th May 2017 the NHS was hit by a ransomware attack which bought many hospitals, GP surgeries and Accident & Emergency departments to their knees. The cyber attack locked thousands of NHS staff members out of computer systems and encrypted data so that records, emails and other documents could not be accessed. By the end of the day, one IT software company said that it had observed over 75,000 infections in 99 countries.

The attack had been predicted by computer experts for years and older technology used in the NHS system left it vulnerable to attack. The hackers initially used spy tool stolen from the United States called ‘Eternal Blue’ to deploy the ransomware.


What is Ransomware?

Ransomware is a computer program which is inadvertently installed onto a computer running the Windows Operating System, usually by a user unknowingly opening an attachment in an email containing the ransomware, downloading it from an email link or by installing software from an untrusted source.

Once allowed onto the computer, the ransomware (in the case of the NHS called WannaCry, WanaCrypt0r 2.0, WannaCry and WCry, encrypts all of the users files and prevents access to the computer. It then attempts to move across a computer network and can infect other computers and file servers on the network as it goes.


Why did the NHS ransomware attack occur?

The cyber attack on the NHS was caused mainly by the use of out-of-date Microsoft Windows operating systems on computers across the country. Although the fight against the hackers who write ransomeware programs is often retrospective, Microsoft did release a security patch to prevent vulnerabilities within their operating system some months ago. However, the patch is unlikely to have been installed on all computers and left those machines open to attack.

This wasn’t a targeted attack; but it was entirely avoidable.

How is ransomware removed?

There are three methods of removing ransomware:

  1. Pay the scammers who installed the software – usually around $300 USD or £230 per infected computer to un-encrypted your files – a bad idea as will be discussed
  2. Remove the ransomeware manually – can be very difficult but is possible
  3. Format the computer’s hard disk entirely and re-install the Operating System from fresh – meaning any files which haven’t been backed-up will be lost

Paying the criminals who write the ransomware is a bad idea for a number of reasons.

Firstly, you have no idea who you are paying and what the funds will be used for. Sure, it might be going to a spotty 20 year old student but you might also be funding illegal activity.

Secondly, paying to have the malicious program removed this time will make you a target for the future; once the hackers know they can get you once they’ll try and get you again. There is also no guarantee that the criminals will remove the encryption once you pay.

Thirdly, there are people out their who can help you remove the ransomeware and you may even be able to do it yourself with a little research, time and effort.


How does an organisation the size of the NHS cope with a ransomeware attack?

The priority for the NHS will obviously be to get computers clear of the infection and files restored as quickly as possible. Presumably the NHS will already have a contingency plan in place for such an attack. If not, someone’s head needs to roll, because an attack of this type has been predicted for many years.

Going forward, every NHS trust will need to look closely at how it implements policies for preventing further attacks, including improving staff training and awareness, ensuring the operating systems are updated as soon as new patches become available and also by considering moving away from Windows operating systems in the future to a more secure system.

How to prevent ransomeware attacks

Ransomware attacks are avoidable and it’s actually very simple to avoid them. By following good computing practice you can protect yourself from becoming the victim of ransomeware:

  • Always ensure that you install the very latest in Windows Updates from Microsoft. Windows 7, 8, 8.1 and 10 should do this automatically but you can turn updates on manually – Microsoft released an update to prevent ransomware attacks in March 2017 but some users failed to install it
  • Do not use legacy versions of Windows such as XP which are no longer supported, especially of that computer is on a network on has access to the Internet
  • Use antivirus software – there are plenty of free applications available that offer a good level of protect – see do I need to pay for antivirus for more information
  • If you’re techie, consider using a different operating system such as Apple’s OSX or an open-source Linux system such as Ubuntu which are much more resilient to cyber attacks

Leave a Reply

Your email address will not be published. Required fields are marked *