The National Health Service of the United Kingdom (NHS) has fallen victim to a large-scale ransomware attack that threatens patient safety as hospitals around the country are brought to a standstill.
Ransomware Attack Creates Turmoil in UK and Around the World
UK’s health system was thrown into disarray earlier today when it was hit with a wide-ranging cyber-attack. The ransomware affected everything; from patient records to the connections between computers and medical equipment. A sizable portion of the country’s healthcare infrastructure was brought down.
Apparently, one NHS trust had tried to get the word out before the ransomware spread any further, but by then it was too late. A message was sent out that warned of “a serious ransomware threat currently in circulation throughout the NHS.”
Additionally, it’s been reported that the hackers that carried out the attacks used one of NSA’s zero-day exploits that was recently leaked by The Shadow Brokers. Indeed, the very same exploit that Microsoft patched two months prior.
The hacking incident proved to be one that was not limited to the borders of the UK as the country’s Prime Minister, Theresa May, confirmed that it had negatively impacted institutions on a global scale.
Cyber security firm Kaspersky Labs estimated that 45,000 attacks had been carried out in 74 countries. The malware tool the hackers used is popularly known as Wana Decrypt0r.
Phishing and Insufficient IT Security to Blame
An anonymous source told The Guardian the attack appeared to be the result of a phishing scam that propagated via email though NHS trusts.
However, because of the fact that the ransomware was able to take advantage of an exploit that was fixed by Microsoft in March, two months ago, some are putting the blame on NHS for not being more prepared and, as a consequence, being the reason for why the attack happened at all.
Ross Anderson, of Cambridge University, is one of the people who believe this saying that the attack appeared to exploit a weakness in Microsoft’s software. He also went on to say that the exploit was fixed by a “critical” software patch earlier this year which NHS may have failed to install across their computers.
Ross reiterated this sentiment, saying:
“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?”
Christopher Richardson, the head of the cyber security unit at Bournemouth University said that the recovery of NHS computers would involve a tedious process of “deep stripping” infected computers.
Richardson went on to say how difficult the problem can be to resolve, explaining:
“If you’re talking national health, you’re talking a lot of machines on a single site and you’ve got to get them all because of these nasty pieces of malware, they float around, so they only have to remain on one machine and when you reboot it will deliver the same thing again.”
What do you think of the ransomware attacks? Do you think NHS is to blame for not applying Microsoft’s patch to fix the exploited vulnerability? Let’s hear your thoughts.
Images Via SWAP Working Holidays and NHS