Reports state that, by simply updating their software, the NHS could have avoided the crippling effects of the WannaCry ransomware outbreak in May 2017, which resulted in 19,500 medical appointments being cancelled, over 600 GP surgery computers being locked and five hospitals having to divert ambulances elsewhere.
The attack, which affected 81 NHS organisations across England, was stopped when a researcher, who identifies himself only as MalwareTech, purchased the domain that was being used to control the ransomware worm.
Unknown to MalwareTech, when the domain was purchased the ‘kill-switch’ was triggered – making him a very ‘lucky’ hero.
The spread of the worm involved a very long nonsensical domain name that the malware makes a request to – like that used to look up a website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
But MalwareTech warms “The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot” - making it critical for organisation to ensure software patches are kept up-to-date at all times.
More than 300,000 computers in 150 countries were infected with the WannaCry ransomware within a matter of days, using a computer exploit discovered by the NSA and leaked by a suspected Russian hacking group called The Shadow Brokers - more than £100,000 was eventually paid to the hackers.
Since WannaCry, two further ransomware attacks have been recorded: NotPetya, and Bad Rabbit. Highlighting just how important it is for organisations to manage IT security and protect data.
Organisations looking to improve their IT security should get in touch. QMS offer a range of information security services to help organisation protect themselves at different levels – ranging from Cyber Essentials to GDPR and ISO 27001 compliance.
To find out more about the services available, please call 0333 344 3646 or email firstname.lastname@example.org.