The largest global ransomware attack crippled digital infrastructure in UK’s NHS on Friday, bringing chaos to the country’s healthcare services as the WannaCry virus locked thousands of people out of their computers sparking widespread panic.

Combined with a worm application to maximise the malware’s spread to other computers, WannaCry (also known as WannaCrypt) caused disruption that led to some patients being turned away from hospitals and doctors’ surgeries, operations cancelled, ambulances diverted and people in affected areas urged to seek medical care only in urgent cases.

The UK’s Daily Mail covers the breaking story.

The NHS insisted no patient data had been compromised and urged people to be patient with staff given the impact of the global cyber attack, conceding that some surgeries had resorted to using paper-based records.

The Barts Health group, which manages major London hospitals including The Royal London and St Bartholomew’s Hospital, was one of the NHS organisations hard hit and by Sunday the system still hadn’t been fixed.

“As our hospitals are still experiencing some delays and disruption, we would ask the public to use other NHS services wherever possible,” said a spokesperson.

“All of our hospitals remain open for emergency care, though some ambulances continue to be diverted to neighbouring hospitals.”

WannaCrypt demands Bitcoin payments equivalent to $406 to $812 to restore each affected computer’s access. The amount will double if not paid in three days, with files deleted if payment hasn’t been received within seven days, according to the ransom demand.

The NHS has said it refuses to pay. By Monday, the cyber blackmailers had received $42,000 from 100 victims of the attack.

According to European Union crime fighting agency Europol, more than 200,000 victims in at least 150 countries have been affected.

Australia has withstood the brunt of the sinister attack, but numbers of victims continues to grow, with the number of infections currently at 12.

Russia was one of the worst-hit countries, where reports claimed 1000 computers had been locked down in the nation’s interior ministry, while China’s state media reported more than 29,000 institutions there – including hospitals – had been infected.

Two major Indonesian hospitals, carmakers Renault and Nissan, German transport operator Deutsche Bahn, Spanish telco Telefonica, as well as Chinese universities and schools are some of the organisations worldwide caught up in the digital bloodbath.

An electronic billboard in Thailand. Source: Twitter

Ransomware is not a new development. It has been around since about 2005 but the increasingly sophisticated “hacker economy” – estimated to now be worth around $1 trillion – has increased its effectiveness.

The malicious WannaCry attack exploited a flaw in older Microsoft Windows operating systems, such as unpatched Win7 and Server 2008, but the spread of this attack shows that outdated systems have remained in widespread use.

The origins of the WannaCry ‘superweapon’ lie in the US intelligence services, where agents developed the software for use in spying on Windows machines. But in 2016 a cyber gang called the Shadow Brokers hacked the National Security Agency (NSA) and stole the software. Last month it was leaked online together with passwords needed to unleash the virus, ostensibly in protest against US military strikes in Syria.

Edward Snowdon, currently in exile in Russia for leaking NSA phone tapping data, tweeted that the US Government had a responsibility to issue a warning.

Microsoft president Brad Smith lashed out at the US Government, claiming that cybercrime software, whether government sanctioned or otherwise, should be seen as a weapon of war.

An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organised criminal action,” Smith said.

Although some didn’t accept the blame-shifting, with the University of North Carolina’s Zeynep writing in the New York Times that while Microsoft had released a patch in March to fix vulnerabilities in its operating systems, it was available only to customers who had purchased custom support. The cash-strapped NHS was not among them.

"At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, 'pay extra money to us or we will withhold critical security updates' can be seen as its own form of ransomware."

As governments and institutions scrambled to resolve the chaos caused by the ransomware, a 22-year-old self-taught UK security researcher, Marcus Hutchins, who goes by the online moniker of Malware Tech, activated a kill switch he had identified in the malware’s code by registering a domain for $14.47 and pointing it at a sinkhole server in Los Angeles.

Hutchins, working from his home on Britain’s south coast, didn’t realise at first that he had brought the attack to a temporary halt. Once it became apparent, he was handed immediate fame and the title of “accidental hero”.

The reprieve was short-lived, however, as malicious coders quickly found their way around the fix and new variations of the WannaCry emerged containing different kill switches or none at all. A fight between the white knights of the Internet and nefarious elements out for money or thrills was underway.

Meanwhile, as organisations worked furiously to get their systems back online, the hunt for those responsible for the biggest ever hacking attack of its kind escalated with Europol, the European Union’s crime fighting agency, announcing its European Cybercrime Centre had launched a major investigation into the “unprecedented” attack and was working with cybercrime units from affected countries, including the FBI, to catch those responsible.

“The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” a Europol spokesperson said.



White papers