Skip to main content

NHS cyber attack: Everything you need to know about 'biggest ransomware' offensive in history



A global cyberattack using hacking tools widely believed by researchers to have been developed by the US National Security Agency crippled the NHS, hit international shipper FedEx and infected computers in 150 countries.
More than 300,000 computers were infected while the countries most affected by WannaCry were Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.
A blog showing where the attack hit
A blog showing where the attack hit CREDIT: @MALWARETECHBLOG
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history."


Here's everything you need to know.
Amber Rudd: 97% of NHS trusts operating 'as normal'
02:12

What was the attack and how does it work?

Hackers have been spreading "ransomware" called WannaCry, also known as WanaCrypt0r 2.0, WannaCry and WCry. It is often delivered via emails which trick the recipient into opening attachments and releasing malware onto their system in a technique known as phishing.
Once your computer has been affected, it locks up the files and encrypts them in a way that you cannot access them anymore. It then demands payment in bitcoin in order to regain access. 
Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.
A computer at Greater Preston CCG 
A computer at Greater Preston CCG  CREDIT: @FENDIFILLE/TWITTER
WannaCry exploits a vulnerability in Microsoft, which released a patch to fix it in March. However, people don't always install updates and patches on their computers and so this means vulnerabilities can remain open a lot longer and make things easier for hackers to get in.
With advanced anti-virus software, it is possible to remove the virus from a computer. It can also be done manually by putting a computer into safe mode" and manually removing the infected files.
However, prevention remains the best form of defence.
A cyber gang - called Shadow Brokers - is being blamed for the hack
A cyber gang - called Shadow Brokers - is being blamed for the hack CREDIT: REUTERS

Who was affected?

In Britain, the NHS was the worst hit. 
Hospitals and GP surgeries in England and Scotland were among at least 16 health service organisations hit by a "ransomware" attack on Friday, using malware called Wanna Decryptor - with reports potentially dozens more were affected.
Staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.
Hospitals and doctors' surgeries in parts of England were forced to turn away patients and cancel appointments after they were infected with the ransomware, which scrambled data on computers and demanded payments of $300 to $600 to restore access. People in affected areas were being advised to seek medical care only in emergencies.
Show more
The countries most affected by WannaCry to date were Russia, where the Interior Ministry was hit, Taiwan, Ukraine and India, according to Czech security firm Avast.
Leading international shipper FedEx Corp was another high-profile victim, while in Spain telecommunications company Telefonica was among many targets in the country. Portugal Telecom and Telefonica Argentina both said they were also targeted.
In Germany, railway operator Deutsche Bahn was a high-profile target, with screens at stations showing the ransonware message.
A second wave then struck Asia as the working week began on Monday. Chinese state media say more than 29,000 institutions across the country have been infected, while in Japan, 2,000 computers at 600 locations were reported to have been affected.
In Indonesia, the malware locked patient files on computers in two hospitals in the capital, Jakarta, causing delays.

Who was behind the attack?

A cyber gang - called Shadow Brokers - is being blamed for the hack. The mysterious organisation said in April it had stolen a ‘cyber weapon’ from the National Security Agency (NSA), America’s powerful military intelligence unit.
The hacking tool, called ‘Eternal Blue’, gives unprecedented access to all computers using Microsoft Windows, the world’s most popular computer operating system. It had been developed by the NSA to gain access to computers used by terrorists and enemy states.
The gang in turn ‘dumped’ the computer bug on an obscure website on April 14 and it is believed to have been picked up by a separate crime gang which has used it to gain remote access to computers around the world. 
The gang, having gained access to computers, then deployedWannaCry, the ransomware, to hijack the computing system and encrypt all the files contained on it. The only way to unlock the files is to pay a ransom. One computer security expert said ‘Eternal Blue’ was used as the ‘crowbar’ that effectively opened the doors to computers, making them vulnerable to attack.
Symantec and Kaspersky Lab said on Monday some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.
The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than others, and have been blamed for the theft of $81 million from a Bangladesh bank.
They were also blamed for the attacks on Sony Pictures Entertainment - in retaliation for the comedy film “The Interview” - and on Polish banks in February. 

What has Microsoft done to tackle it?

Microsoft issued a patch on March 14 to protect users from Eternal Blue. On Friday, a spokesman said its engineers had provided additional detection and protection services against the WannaCry malware and that it was working with customers to provide additional assistance. 
The spokesman reiterated that customers who have Windows Updates enabled and use the company's free antivirus software are protected.
Microsoft took a swipe at the US government over the global hack
Microsoft took a swipe at the US government over the global hack CREDIT: GETTY
Two day later, Microsoft attacked the US government for developing the computer vulnerability that was used in a cyber attack.
"The governments of the world should treat this attack as a wake up call," Microsoft's president and chief legal officer, Brad Smith, wrote in a blog post.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

How to stop it spreading

A cybersecurity researcher appears to have discovered a "kill switch" that can prevent the spread of the WannaCry ransomware - for now. 
The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.
'I'm no hero', says IT expert Marcus Hutchins
01:07
"Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading," @MalwareTechBlog told Agence France-Presse in a private message on Twitter.
The researcher warned, however, that people "need to update their systems ASAP" to avoid attack.
"The crisis isn't over, they can always change the code and try again," @MalwareTechBlog said.
The cyber expert who saved the NHS - in 60 seconds
01:03

Can the criminals be caught?

Yes, but it's difficult. Security experts say the amount of ransom collected so far appears small relative to the extent of the outbreak. Tom Bossert, President Donald Trump's adviser for homeland security and counterterrorism, said it appeared less than $70,000 had been paid in ransoms.
It's possible, though, that there are unknown accounts beyond the three identified.
In order to find the perpetrators, investigators can track the money and see where the bitcoin ends up. 
“Despite what people tend to think, it's highly traceable,” Clifford Neuman, who directs the University of Southern California's Centre for Computer Systems Security. told the Washington Post.
“You can see the flow of funds through the bitcoin system.” 
For now, the three accounts tied to the ransomware attack appear untouched - and it'll be difficult for perpetrators to cash in anytime soon without getting traced.
Hackers are also able to hide the bitcoin in many different ways. 

How can you protect yourself?

Security experts say users should ensure their computer software is always up to date. Often important security updates are contained within these downloads and can prevent known viruses from infecting a device.
Users should also be vigilant in relation to email and not open any links or downloading attachments in emails from unfamiliar or possibly suspicious sources.
Experts also warn that software, apps and other programs should never be downloaded from unofficial sources as this is another common method for hackers to secretly install malware onto computers.
Pete Turner, from cyber security firm Avast, said: "It's critical that organisations and employees, particularly those in our most critical sectors like healthcare, start to think pro-actively about how to protect themselves from ransomware."

Comments

Popular posts from this blog

Why States Still Use Barrel Bombs

Smoke ascends after a Syrian military helicopter allegedly dropped a barrel bomb over the city of Daraya on Jan. 31.(FADI DIRANI/AFP/Getty Images)

Summary
Barrel bombs are not especially effective weapons. They are often poorly constructed; they fail to detonate more often than other devices constructed for a similar purpose; and their lack of precision means they can have a disproportionate effect on civilian populations.

However, combatants continue to use barrel bombs in conflicts, including in recent and ongoing conflicts in Africa and the Middle East, and they are ideally suited to the requirements of resource-poor states.

Analysis


Barrel bombs are improvised devices that contain explosive filling and shrapnel packed into a container, often in a cylindrical shape such as a barrel. The devices continue to be dropped on towns all over Syria. Indeed, there have been several documented cases of their use in Iraq over the past months, and residents of the city of Mosul, which was recently …

Russia Looks East for New Oil Markets

Click to Enlarge


In the final years of the Soviet Union, Soviet leader Mikhail Gorbachev began orienting his foreign policy toward Asia in response to a rising Japan. Putin has also piloted a much-touted pivot to Asia, coinciding with renewed U.S. interest in the area. A good expression of intent was Russia's hosting of the Asia-Pacific Economic Cooperation summit in 2012 in Vladivostok, near Russia's borders with China and North Korea. Although its efforts in Asia have been limited by more direct interests in Russia's periphery and in Europe, Moscow recently has been able to look more to the east.

Part of this renewed interest involves finding new export markets for Russian hydrocarbons. Russia's economy relies on energy exports, particularly crude oil and natural gas exported via pipeline to the West. However, Western Europe is diversifying its energy sources as new supplies come online out of a desire to reduce its dependence on Russian energy supplies.

This has forced…

In Yemen, a Rebel Advance Could Topple the Regime

Shia loyal to the al-Houthi movement ride past Yemeni soldiers near Yaz, Yemen, in May. (MOHAMMED HUWAIS/AFP/Getty Images)

Summary


The success of a rebel campaign in northern Yemen is threatening to destabilize the already weak and overwhelmed government in Sanaa. After capturing the city of Amran, a mere 50 kilometers (30 miles) from the capital, in early July, the rebels from the al-Houthi tribe are in their strongest position yet. The Yemeni government is developing plans to divide the country into six federal regions, and the rebels believe this is their chance to claim territory for the future bargaining.

The central government is nearly powerless to fend off the rebels; its forces are already stretched thin. Neighboring Saudi Arabia has intervened in Yemen before and still supports Sunni tribes in the north, but the risk of inciting a Shiite backlash or creating space for jihadists to move in could deter another intervention.

Analysis


Followers of Zaidi Islam, a branch of Shiism, rul…