By Tamlin Magee
May 17, 2017
Described as "unprecedented" in scale by Europol, the wave of WannaCry ransomware attacks over the last four days brought hospital infrastructure to its knees. But ransomware is no new threat: will WannaCry finally act as a catalyst to a wider infosec wake-up call?
WannaCry was launched on Friday 12 May, and over the weekend had affected more than 200,000 IT systems worldwide. Independent researcher Kafeine discovered WannaCry was using code based on the NSA's EternalBlue exploit, which was publicly leaked by a hacker group called the Shadow Brokers in April this year. EternalBlue uses a vulnerability in the Microsoft Server Message Block protocol for file-sharing to distribute itself on the local network as well as a network worm. An infected device will display a message demanding up to roughly $600 (£460) in bitcoin payment to decrypt locked files.
Home secretary Amber Rudd confirmed that one in five NHS England trusts were hit by the attack. She said that no patient data had been stolen - and while that's a plus, operations were affected, with hospitals and GP surgeries turning patients away.
Many of the trusts were running Windows XP, an operating system that has not been officially supported for most users since April 2014. Microsoft patched the offending exploit but older, legacy software and operating systems without Windows Update, such as XP, would have remained at risk. Following the wave of attacks, Microsoft took the unusual step to issue a patch to older versions of Windows in order to make moves towards resolving the problem.
And a report from Citrix found through a Freedom of Information request, the majority of NHS Trusts were still running Windows XP. The government ended a £5.5 million contract in 2015 for customised support for the dated operating system.
Britain's National Cyber Security Centre claimed it was working closely with the National Crime Agency "around the clock" to address the problem.
But critics have claimed that health secretary Jeremy Hunt was warned last year in the Caldicott Report that NHS security infrastructure was a ticking timebomb.
After days of silence, Hunt appeared on Sky News. Speaking of the attacks, he said: "According to our latest intelligence we have not seen a second wave of attacks and the level of criminal activity is at the lower end of the range that we had anticipated so I think that is encouraging.
"But the message is very clear not just for organisations like the NHS but for private individuals for businesses - although we've never seen anything on this scale when it comes to ransomware attacks they are relatively common and there are things that you can do, that everyone can, do all of us can do to protect ourselves against them."