'WanaCrypt0r 2.0' attacks NHS hospitals, causing national emergency

20170516070000, Brenda Lau
International investigators are also hunting for those behind the cyberattack that was being described as the biggest-ever cyber ransom attack.
Malicious software 'WanaCrypt0r 2.0' has crippled computer systems across the globe, leading to computers and data being encrypted and held for ransom.

The ransomware has also affected hospitals across England on 12 May, with phone lines down, appointments cancelled and patients turned away.

NHS Digital, which oversees hospital cybersecurity has said that the attack used the Wanna Decryptor variant of malware, displaying images on NHS computers demanding payment of USD300 worth of online currency Bitcoin, saying: "Ooops, your files have been encrypted!"

The ransom was then increased to USD600 three days later and if no payments are received within a week, the files will be deleted. It was deemed as "low-level" stuff, according to Ori Eisen, who founded the Trusona cybersecurity firm in Scottsdale, Arizona.

Experts and governments are also warning against ceding to the hackers' demands as payment did not guarantee the encrypted files would be released.

NHS only accepting emergency patients, cancelling appointments


Hospitals in London, northwest England and other part of the country – which were already facing financial and overcrowding pressures this year - reported problems and turned patients away unless it was an emergency. No problems were reported in Scotland and Wales.

All hospitals have shut down all computer systems as a protective measure and called off all non-urgent activity. Affected hospitals have also cancelled routine appointments and diverted ambulances to neighbouring hospitals.

Technicians have since rushed to restore Britain's crippled hospital network and secure computers that run factories, banks, government agencies and transport systems.

The attack was so unprecedented that Microsoft has quickly changed its policy, announcing security fixes available for free for older Windows systems used by millions of individuals and smaller businesses.

Assume next attack has been launched, say experts


An emergency government meeting on 13 May revealed that one in five of 248 National Health Service groups have been affected.

Home Secretary Amber Rudd said 48 NHS trusts were affected and all but six were now back to normal. However, Eisen said all computer users should assume that the next big "ransomware" attack has already been launched, and just has not manifested itself yet.

"Today, it happened to 10,000 computers," Eisen said. "There's no barrier to do it tomorrow to 100 million computers," he added.

First ransomware has been accidentally stopped


Map shows countries affected in first few hours of cyberattack, according to Kaspersky Lab research, as well as Australia, Sweden and Norway, where incidents have been reported since. Photo credit: Kaspersky Lab's Global Research & Analysis Team
Map shows countries affected in first few hours of cyberattack, according to Kaspersky Lab research, as well as Australia, Sweden and Norway, where incidents have been reported since. Photo credit: Kaspersky Lab's Global Research & Analysis Team

The spread of the first wave of attack has been stopped by 22-year-old Marcus Hutchins on 14 May, by accidentally triggering a "kill switch". It took him just a few hours to stop the breach, which had already spread to more than 200,000 victims across 150 countries.

Also known as Malware Tech, Hutchins managed to stop the attack by registering a domain name used by the malware.

"Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading," Hutchins said. He still warned people to "update their systems ASAP" to avoid attack.

"The crisis isn't over, they can always change the code and try again," he added.

Authorities hunt for those behind the attack


International investigators are also hunting for those behind the cyberattack that was being described as the biggest-ever cyber ransom attack.

"The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits," sad Europol, Europe's police agency.

"It's one of the most significant cyberattacks that we've seen," Europol Director Rob Wainwright said. "We've never seen anything in this scale... It's a wakeup call, I think, to many sectors around the need to take cyber security absolutely seriously as a top line strategic priority." MIMS

Read more:
Cyber attack hits largest NHS hospital trust
Ransomware: growing threat to healthcare institutions
Cyber security: Why should healthcare professionals care?

Sources:
https://www.statnews.com/2017/05/12/uk-hospitals-cyberattack/
https://www.statnews.com/2017/05/13/global-ransomware-attack-slows/
https://www.nst.com.my/lifestyle/bots/2017/05/238764/researcher-finds-kill-switch-cyberattack-ransomeware
http://www.telegraph.co.uk/news/2017/05/14/revealed-22-year-old-expert-saved-world-ransomware-virus-lives/
https://www.nst.com.my/world/2017/05/238930/manhunt-hackers-behind-global-cyberattack
http://abcnews.go.com/International/global-cyberattack-hit-100000-organizations-150-countries/story?id=47400573
https://www.theguardian.com/technology/2017/may/12/nhs-ransomware-cyber-attack-what-is-wanacrypt0r-20