Ransomware Attack….NHS seeks to recover from global cyber-attack as security concerns resurface

NHS is currently working to bring its systems back online after being one of the highest-profile victims of a global ransomware attack and faced renewed concern about the strength of its infrastructure.

Because of the work being made by the NHS teams, operations being cancelled, ambulances being diverted and documents such as patient records made unavailable in England and Scotland.

Because of some technologies stolen from the National Security Agency in the US, malwares affected computers at hospitals and GPs surgeries in the UK were among tens of thousands hit in almost 100 countries.

British Prime Minister, Theresa May said that, “This is not targeted at the NHS, it’s an international attack and a number of countries and organizations have been affected.”

These extraordinary attacks, using software called WanaCrypt0r 2.0 or WannaCry, exploits a vulnerability in Windows. Microsoft released a patch – a software update that fixes the problem – for the flaw in March, but computers that had not installed the security update were defenseless.

Since Microsoft had stopped providing security updates in April 2014, it was found out last December that nearly all NHS trusts were using an obsolete version of Windows. Data acquired by software firm Citrix under freedom of information laws suggested 90% of trusts were using Windows XP, then a 15-year-old system.

It is not known how many computers across the NHS today are still using Windows XP or recent variants Windows 8 and Windows 10.

Because of the extreme attacks, 40 NHS organizations are thought to have been affected by Friday’s bug, which was released the day after a doctor warned that NHS hospitals needed to be prepared for an incident precisely of the kind seen. Also, in an article published in the British Medical Journal, Dr. Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology said that, ”hospitals will almost certainly be shut down by ransomware this year”

Ross Anderson of Cambridge University, said the “critical” software patch released earlier this year may not have been installed across NHS computers. “If large numbers of NHS organizations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Anderson said.

Alan Woodward, a visiting professor of computing at the University of Surrey, said that maybe the NHS computers were extremely attacked because they were no patch installed or they were using outdated operating systems.

“It’s easy to blame people who don’t upgrade, but in practice things are often more complicated: operations teams may not touch legacy systems for a number of reasons. In some cases they may even be unaware that such legacy systems are running in their infrastructure.”- said by Marco Cover, a systems security researcher.

The Patients Association condemned the criminals behind Friday’s attack, and said lessons from earlier incidents had not been learned.

Infected computers show a message demanding a $300 (£233) ransom per machine to be paid to a Bitcoin wallet address. It says: “Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service. ou only have three days to submit the payment. After that the price will be doubled. Also if you don’t pay in seven days, you won’t be able to recover your files forever.”

NHS Digital confirmed that number of NHS organizations were affected but refused to give the exact number. It said, “At this stage, we do not have any evidence that patient data has been accessed. We will continue to work with affected organizations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organizations and to recommend appropriate mitigations.”

British law enforcement agencies said they believed the attack was criminal in nature, as opposed to a cyber-attack by a foreign power, and was being treated as serious but without national security implications.

Dr. Christopher Richardson, the head of the cybersecurity unit at Bournemouth University, said the process of recovering the NHS’s IT systems would involve a painful and longwinded “deep strip” of affected computers. He said, “You go down to the basic machine, you take everything off it, you reconfigure it and then you build it back up again,” he said. “If you’re talking national health, you’re talking a lot of machines on a single site and you’ve got to get them all because these nasty pieces of malware, they float around, so they only have to remain on one machine and when you reboot it will deliver the same thing again.”