NHS Ransomware Attack: A Look Back

Posted on June 29, 2017 by Suzanne Mitchell

What happened?

In May 2017, the UK’s National Health Service (NHS) was brought to a halt by malicious software which locked up its computer systems.

At least 16 local NHS services around the company were affected.

At least 16 local NHS services around the company were affected. As a result, patients were turned away from appointments, emergency patients had to be diverted to other hospitals, and in some cases surgeries had to be postponed, with GPs resorting to pen and paper.

What sort of attack was it?

Known as WannaCry, or WanaCrypt0r2.0, it was a ransomware attack which simultaneously affected large companies in over 150 countries. The bug worked by locking up all the files on an infected PC and encrypting them, meaning they could not be accessed.

A message demanded bitcoins, a type of online currency, in return for the files, and threatened permanent deletion.

How did hackers access systems?

This virus exploits a vulnerability in a Microsoft operating system. A patch had actually been released to fix the weakness in March, but it was not installed on all PCs, possibly due to outdated computers and funding issues. Once it had infected a single PC, it spread between computers using local networks.

What can my business do to prevent similar attacks?

Prevention is the best form of defence. If all your information is backed up daily, the threat of deleted files shouldn’t worry you too much. If you only have one copy, however, you may be in trouble. Make sure you back up all your files regularly.

As in the case of WannaCry, the infected PCs had not been updated. Don’t ignore those pesky pop-ups telling you to update your computer, as they often contain patches to fix known issues.

Finally, be wary of opening emails and links from unknown or unusual-looking senders. If you become the victim of a ransomware attack, official advice is not to pay up, as there is no guarantee you will receive your files back. Advanced anti-virus software can remove the virus, as can putting a PC into “safe mode” and removing infected files. Talk to your broker about dedicated cyber liability insurance, which can help your business recover from a cyber attack or data loss.

Got a question about cyber insurance? Call us on 0113 2500377.