What happened during the attack?

NHS Cyber Attack

Over the weekend, a global cyber attack using hacking tools extensively believed by researchers to have been developed by the US National Security Agency crippled the NHS, hit international shipper FedEx and corrupted computers in 150 countries. Many organisations were affected worldwide, and are still dealing with the fallout of the attack. More than 300,000 computers were infected by this cyber attack, while the countries most affected were Russia, Taiwan, Ukraine, and India, according to Czech security firm Avast.

In addition, Spanish telecommunications company Telefonica was among many targets in the country. Portugal Telecom and Telefonica Argentina both said they were also targeted. In Germany, railway operator Deutsche Bahn was a high-profile target, with screens at many of the stations displaying the “ransomware” message.

Furthermore, a second wave impaired Asia as the working week began on the 15/05/2017. Chinese media state that more than 29,000 institutions across the country have been infected, while in Japan, 2,000 computers at 600 locations were reported to have been damaged by the attack.

Mikko Hypponen, chief research officer at the Helsinki-based cyber security company F-Secure, labelled the attack “the biggest ransomware outbreak in history.”

What was the attack?

Hackers have been spreading “ransomware” called WannaCry, also known as WanaCrypt0r 2.0, WannaCry and WCry. WannaCry exploits a vulnerability in Windows platforms. This type of mechanisation is customarily delivered via emails which deceive the recipient into opening attachments and exposing malware to their system in a technique known as phishing. Once your computer has been affected, it locks up the files and encrypts them in a way that you cannot access them anymore.

Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files increases the stakes after a few days, demanding more money and threatening to delete files altogether. It then demands payment in bitcoin in order to regain access, which is where the “ransom” part of the name forms.

Bitcoin is a kind of digital currency. You can buy it with dollars and euros, just like you can trade any other currency. You can spend bitcoin online and in the physical world for goods and services. Even PayPal supports bitcoin. However, Bitcoin is building a negative reputation as a technology that can facilitate crime. Users are able to use Bitcoin to make untraced payments anonymously for legal or illegal transactions. Bitcoin can be sold for cash in the physical world. In March 2017, the value of a Bitcoin, at $1,268, exceeded that of an ounce of gold ($1,233) for the first time.

What was the knock on effect?

The fallout from this cyber attack was and still is extreme. In Britain, the NHS was the worst hit. The normal communications have been disrupted as of Wednesday 17th May. This is 5 days after the initial attack, which shows just how much complication has been caused. Hospitals and GP surgeries in England and Scotland were among at least 16 health service organisations hit by the “ransomware” attack on Friday. Staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.

Hospitals and doctors’ surgeries in parts of England were forced to turn away patients and cancel appointments after they were infected with the ransomware, which scrambled data on computers and demanded payments of $300 to $600 to restore access. People in affected areas were being advised to seek medical care only in emergencies.

Factories have been shut in the hope that company technicians can reboot systems and amend any damage that has been caused. This is to ensure that the day-to-day process each organisation takes is smooth and efficient due to the fact that they have to rectify for lost time and profit.

How was it stopped?

Marcus Hutchins, labelled “accidental hero” found and inadvertently activated a “kill switch” in the malicious software that caused chaos for organisations including the UK’s National Health Service on Friday 12th May 2017, by registering a specific domain name hidden within the program for just $10.69 (£8.30).

Hutchins warned that the attack could return in a new form and advised people to patch their systems. He believes the attackers will realise how it was stopped, change the code and start again.

What actions have been taken by Microsoft?

On Friday, a spokesman said its engineers had provided additional detection and protection services against the WannaCry malware and that it was working with customers to provide additional assistance. The spokesman reiterated that customers who have Windows Updates enabled and use the company’s free antivirus software are protected.

What actions can be taken by you?

Security experts say users should ensure their computer software is always up to date. Important security updates should not be ignored because they can contain software developed to prevent known viruses from infecting a device.

You should also be vigilant in regards to any unfamiliar emails and not open any download attachments from unknown or possibly suspicious sources.

Other precautions which can be taken are to read permissions before installing apps, make sure the website is secure before entering personal information and keep an eye out for phishing scams.

We have eLearning services available at Fresh01 to help boost the awareness of cyber security, and how to improve it.