NHS England has been hit by a devastating cyber-attack. Dubbed as WanaCrypt0r 2.0 Ransomware, vulnerabilities found in outdated Windows XP operating systems has left the healthcare system in a state of emergency.

NHS ransomware cyber attack

Ransomware recapped

Ransomware is a variant of malicious software or “malware” that encrypts your computer and network in return for a fee.

Effectively holding your data to hostage, the sum for restoring access to files may continue to rise whilst non-payment can lead to a complete loss of information.

There is no guarantee payment will work, and historically recovery from similar attacks have been met with varying degrees of success.

Often delivered by email, the ransomware executes via message attachments typically appearing as pdf, Microsoft Word or other common and seemingly friendly document types.

Sadly, this is not the case and these Trojan files will install the malware to encrypt data, eventually spreading through the computer and into the wider network.

WanaCrypt0r 2.0 Ransomware

Also known as Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2, this form of ransomware is the particular strain to have hit the NHS.

WannaCrypt Ransomware demand screen

WanaCrypt0r 2.0 ransomware demand screen

The WanaCrpt0r 2.0 ransom appears to demand $300 in Bitcoin – the digital currency which is virtually impossible to trace, making prosecution incredibly difficult.

Spanish telecoms giant, Telefonica have also been attacked by WanaCrypt0r 2.0, among the 150 countries and 200,000 computers affected worldwide.

Result of an untargeted phishing email scam, it’s likely recipients have unwittingly allowed the malware programme to run by opening malicious attachments. Security vulnerabilities, such as those found within Windows XP can also be blamed – and has been confirmed as the responsible cause of attack now being suffered by the NHS.

The real cost of cyber-attack

For any size of organisation, the implications of cyber-attack can be severe. Without access to critical data and systems, even the simplest functions cannot be performed. Employees become stressed and unproductive, and there’s a long-term damage to reputation and customer confidence.

For the NHS, attacks of this nature are potentially life threatening. Doctors have been forced to treat patients with zero access to medical records, and communications by email and IP telephony are both reported to be down at many locations.

Since the initial announcement, NHS patients have been turned away from hospitals, GP practices closed and ambulances subject to a logistical nightmare.

Previously, critics have slammed the NHS stating their over reliance on Windows XP is not only leaving them open to this kind of attack, but in breach of current and upcoming changes to data protection regulations.

With just over a year until the General Data Protection Regulation (GDPR) on 25th May, 2018, it’s high time to make the switch from this vulnerable Windows platform.

Failure to do so will leave companies like the NHS open to GDPR fines of up to 4% of gross worldwide annual turnover, where breaches are found to stem from a lack of appropriate preventative measures.

Windows XP Vulnerabilities

Windows XP logo

Microsoft ended its support of the Windows XP operating system on 8th April, 2014. This means that critical security patches and updates were ceased and customers were urged to migrate to more modern operating systems, such as Windows 10 – the latest OS in Microsoft’s offerings.

Despite this, many businesses are still running outdated and unsupported versions of Windows XP.

Preventing Cyber-attack

There are certain steps to take in your defence against cyber-crime. Up-to-date hardware and software must be a priority.

Cyber Essentials, a Government backed cyber-security scheme and the National Cyber Security Centre’s Ten Steps to Cyber Security offer businesses access to do-it-yourself cyber security frameworks. These should be considered as part of your approach to corporate governance and risk management.

There are other simple measures you can take to help prevent ransomware attacks:

  • Don’t run outdated hardware and software

Ensure all operating systems, servers and applications are fully up-to-date and running the latest versions. Replace any outdated systems at your earliest chance e.g. Windows Server 2003, Windows XP operating system.

  • Proactive patching and updates

Ensure patching and updates are applied regularly, to fix known exploits and vulnerabilities. If not already done so, apply the critical MS17-010 security patch as a matter of urgency.

Windows XP and Windows Server 2003 users should apply the special patch Microsoft has released, after describing seeing the individuals and business affected by WanaCrpt0r 2.0 as “painful”.

  • User privileges

Grant users access only to the areas of your network they need to perform their jobs. Limiting access in this way can help control the spread of any potential attacks on your network.

Aside from these pointers, employee awareness is increasingly important.

James Healey, Managing Director of Air-IT comments:

The time to take cyber security seriously is well past overdue. Companies need to plan and build cyber security measures into their overall business continuity and risk management strategies.

A combination of staff training, preventative technologies such as firewalls, anti-virus, anti-spam and patching are essential. For resilience, backup should preferably be kept in at least two locations. This is the last resort and the most effective means to restore from ransomware and the wider risks to business continuity, not just limited to cyber-attack.

James Healey

Managing Director, Air-IT

Our Managed Cyber Security & Ransomware Protection

At Air-IT, we provide a managed cyber security service for businesses of all sizes. Combining several methods of protection and full expertise, our approach will keep you ahead of the ever-evolving threat landscape.

Our industry-leading vendor solutions, award-winning services and bespoke ransomware blocker tool will automatically detect, limit and block the attempt of any ransomware attacks. A unique capability to Air-IT, this tool comes with the latest protection and intelligence against ransomware. It is already equipped to tackle thousands of known ransomware extensions, including the file extension .wncry – the culprit of the WanaCrpt0r 2.0 ransomware kit.

Deployed to all of our clients as standard, and backed by our remote monitoring and event management systems, our clients benefit from the assurance that their systems are protected and flagged for attention in the event of any unusual activity on their network.

As best practice, anti-virus and anti-spam products should be used to reinforce and bolster your defence.

Built in to our layered cyber security approach, our backup and disaster recovery solutions provide the ultimate assurance that you can get your systems working as quickly as possible in the event of attack. This must not replace vigilance – prevention is better than cure and far outweighs the cost of possible looming penalties from the GDPR and other regulatory bodies.

Want to find out more about how we can help?

If you’d like more information about our cyber security services, would like to arrange an audit or perhaps need help recovering from a ransomware attack, then please contact us today or call 0115 880 0044.