NHS ransomware: UK government says it's North Korea's fault WannaCry happened

The Foreign Office said it will find, pursue and respond to the malicious activity

12/05/2017:NHS hospitals targeted by ransomware attack

The NHS has been hit by a major ransomware attack, shutting down multiple hospital IT systems - as well as companies and universities elsewhere.

NHS Digital said the NHS itself was not specifically the target of the attack but part of a wider "Wanna Decryptor" ransomware campaign. Telefonica was also hit by a similar attackas well as arange of other Spanish organisations, and reports on Twitter suggest universities are facing similar malware.

Hospital trusts across England and Scotland have admitted they've been caught up in the attack, with appointments cancelled, phone lines down and ambulances diverted. Doctors and other staff have also been sharing further details on Twitter, with one screenshot suggesting the ransomware is demanding $300 in bitcoin to decrypt files, with the price doubling after three days.

Advertisement - Article continues below
Advertisement - Article continues below

NHS Digital confirmed the attacks, with a spokesperson saying 16 NHS organisations had reported they've been impacted by ransomware. "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor," the spokesperson said. "At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this."

The statement added:"This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."

The East and North Hertfordshire NHS trust confirmed it was hit by the attack.

"Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust's telephone system is not able to accept incoming calls," a spokesperson said in a statement. "The trust is postponing all non-urgent activity for today and is asking people not to come to A&E - please ring NHS 111 for urgent medical advice or 999 if it is a life-threatening emergency."

"To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust's hospitals continued to receive the care they need," it added.

Blackpool Teaching Hospitals tweeted that it was having "issues with our computer system", asking people not to come to A&E unless it's an emergency, while North Staffordshire and Barts Health Trust in London have also said they've been hit by the ransomware.

Advertisement - Article continues below

"We are experiencing a major IT disruption and there are delays at all of our hospitals. We have activated our major incident plan to make sure we can maintain the safety and welfare of patients," a statement from Barts said. "We are very sorry that we have to cancel routine appointments, and would ask members of the public to use other NHS services wherever possible. Ambulances are being diverted to neighbouring hospitals. The problem is also affecting the switchboard at Newham hospital but direct line phones are working. All our staff are working hard to minimise the impact and we will post regular updates on the website."

Others have shared images of the screenshot that shows the ransom demand.

In a security alert, the Spanish National Centre for Cryptology stated: "The ransomware, a version of WannaCry, infects a computer, encrypting all its files and, using a remote code execution vulnerability through the SMB (server message block), distributes itself to the rest of the Windows machines connected to the same network."

The organisation stated that Windows Vista SP2 through to Windows 10, including RT 8.1, are all affected by the vulnerability that allows computers to be infected by the malware. Windows Server 2008 SP2 and SP1 through to Server 2016 are also affected.

Advertisement - Article continues below

Microsoft issued a patch for the vulnerability in March, but it would appear it hasn't been rolled out across all organisations. Windows XP isn't listed as one of the operating systems affected, however as support for the aged operating system ended in 2014, it's possible the vulnerability also affects that OS and will never be patched.

The researchers at MalwareHunterTeam reported earlier todaythat the particular strain of ransomware was quickly spreading, spotted in 11 countries within a few hours - and that's before the NHS attacks.

Research last year revealed that 90% of NHS trusts still used no-longer-supported Windows XP in some way, but it remains unclear how this ransomware infected the hospital trusts. Wanna Decryptor is also known as WannaCry or WCry. These attacks appear to be using the second version of the ransomware, based on the screenshots, which spreads via dodgy attachments in email.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020

Coronavirus starts to take its toll on the tech industry

6 Feb 2020