Security News NHS hit by large-scale Ransom Cyber Attack

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients.

The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England said it was aware of the problem and would release more details soon.

C_n7v4BWsAAi8Sb[1].jpg

Source: gigi.h on Twitter
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Wasn't in work today so I'm unaware if my hospital or department has been hit by this. I did receive this email sent to all hospital staff from my IT department (had to remove parts to protect the location and names of some of our staff):
YwnwwlZ.png

Wouldn't doubt this is confirmation of the infection vector.
 
Last edited:

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
I wonder how they will deal with it. Do they risk losing peoples valuable medical history or do they pay up ? I don't know enough to know if they can get the files back some other way but i doubt the government would pay because in my opinion it is akin to a terror attack and we don't pay ransoms to terrorists or kidnappers (allegedly)

Several hospitals, GP and Dental surgeries have been hit in my immediate area and people have been asked not to attend A & E departments unless it is a genuine emergency. I hope that all the drunkards and eejits who turn up at A & E at the weekends actually take heed and let them deal with those who most need help.
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
I work in a UK Hospice (Charity) & they shut the server down just after after1:30pm & it was unclear what had happened, when I left a while ago they were trying to restore the system from backups, hope they are successful. Those people who distribute such malware are parasites & scum, absolute. The Hospice has to raise over £3,000,000 a year in donations just to keep open & we really could do without this.
 

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Big targets

National Health Service (NHS) England, and Telefonica, one of the largest telecom providers in the world, have each given out statements indicating that their systems have been brought to a grinding halt by a ransomware that Malwarebytes detects as Ransom.WanaCrypt0r. The ransomware has also been observed hitting companies in Spain, Russia, Ukraine, and Taiwan.

Method

The ransomware is spread using a known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits that we reported on our blog in April. Our research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake that we haven’t found yet.

Read more at WanaCrypt0r ransomware hits it big just before the weekend | Malwarebytes
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Apparently many companies are still using old and unpatched (missing MS17-010) windows versions ....and bad AV.
Yup. You can thank the British government for decimating NHS funding; forcing Trusts to cut IT budgets and fire knowledgeable IT staff who could have upgraded those systems still stuck on XP or applied those updates to W7 systems if it didn't cost too much for the downtime. It's okay though because my department only has four different managers who all take home 6 figure paychecks each year and that's apparently money well spent.
 

Viking

Level 26
Verified
Honorary Member
Top Poster
Well-known
Oct 2, 2011
1,531
Absolutely DISGUSTING that they're targetting hospitals! LIVES are at stake!:mad::mad::mad::mad:
I would love to catch the SCUMS responsible, inflict them with a cocktail of nasty drugs so they are in so much pain and the drugs also causes their organs to shut down. Put them on a operating table and tell them "if you want us to save your life, you must first pay us ransomware". And if they do ,fine. Then start the whole procedure again...
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
The real issue here is that SO many organizations are so locked in to the traditional method of malware Protection (Whatever AV) that they refuse to understand that NONE OF THESE will protect against a true zero day ransomware strain (until it's too late). There are many types of security products (like FireEye) that could have protected the infected organizations from this ransomware, but the "Braintrust" management of many IT departments just don't want to spend extra money on such protection (may impact their bonuses).

And this is the true mechanism of this ransomware- exploiting Fools who should have known better.
 

ElectricSheep

Level 14
Verified
Top Poster
Well-known
Aug 31, 2014
655
The real issue here is that SO many organizations are so locked in to the traditional method of malware Protection (Whatever AV) that they refuse to understand that NONE OF THESE will protect against a true zero day ransomware strain (until it's too late). There are many types of security products (like FireEye) that could have protected the infected organizations from this ransomware, but the "Braintrust" management of many IT departments just don't want to spend extra money on such protection (may impact their bonuses).

And this is the true mechanism of this ransomware- exploiting Fools who should have known better.
Sad but true:(
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top