NHS England Cyberattack: Hospitals Throughout UK Hit By Ransomware
Update: Microsoft has issued a security patch to address the vulnerability exploited by the ransomware attack. The patch (MS17-010) addresses how Microsoft Server Message Block 1.0 (SMBv1) servers handle specific requests that allow remote code execution on compromised systesms.
Microsoft has rated the patch critical and has made it available for machines running Windows Vista, Windows 7, Windows 8.1, Windows RT, Windows 10 and Windows Server versions 2008, 2012 and 2016.
National Health Service (NHS) hospitals throughout England were hit by a cyberattack Friday, leaving much of the staff unable to access computers or phones and forcing the hospitals to divert emergency patients.
Hospitals in East and North Hertfordshire, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust have all been affected, the Guardian reported.
Read: Cyberattacks: Phishing, Ransomware Attacks Rose In 2016, Symantec Reports
The technical issues appear to have been caused by a widespread malware attack on NHS systems. A strain of ransomware known as “Wanna Decryptor” appears to be the culprit of the system-wide problems.
An NHS IT employee told the Guardian a message appeared on the screens of infected computers demanding users pay $300 in bitcoin in able to regain access to the machines. The message cannot be closed or ignored, and files on the machine are not accessible.
Often cases in ransomware attacks, the malicious program will encrypt the files on a machine, or create an encrypted backup and delete the original files to prevent any sort of system rollback. The ransoms often have deadlines, and if the fee is not paid by the time set, the files are deleted permanently.
Wanna Decryptor, the apparent malware variant hitting NHS computers, was first discovered in the wild in February of this year. It is believed to be primarily distributed via email phishing scams.
Read: Mac Ransomware: New 'Patcher' Attack Won't Decrypt User Files Even After Ransom Is Paid
According to NHS Digital, the attack was not specifically targeting NHS but managed to infect hospital systems. The ransomware is currently affecting organizations “from across a range of sectors.”
“A number of NHS organizations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organizations,” NHS Digital said in a statement.
“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organizations and to recommend appropriate mitigations.”
It is not clear if the attack has led to the access or compromise of any patient data. While some procedures are still able to be carried out without the computer systems operating, some hospitals have begun diverting emergency patients to other areas that have not been affected by the attack.
While the system-wide attack on NHS hospitals is one of the first widespread examples of malware hitting hospitals, it is not the first instance in which ransomware has held health services hostage.
Several hospitals have been held ransom in the past, including Hollywood Hospital in California, which was faced with a $3.5 million ransom demand. It eventually paid $17,000 in order to regain access to its vital systems.
“Patient safety is at risk today because of archaic security across much of the nation’s critical IT systems," Dan Sloshberg, cyber resilience expert at cybersecurity firm Mimecast, said.
"Studies consistently show that email is the number one attack method used to spread malware that holds critical services to ransom. A cyber resilient nation requires defense in depth security and continuity plans to keep critical services running every time they are attacked."
© Copyright IBTimes 2024. All rights reserved.