you're reading...
Information Security, Security

Large Ransomware attack hits NHS

This will be a story to watch in the commons days as multiple NHS Trusts are reported as closing their doors and shutting IT systems down due to a malware attack.

Nurse and doctors are being plagued by a wholly different threat than the usual biological bugs, viruses and so forth.

The official statement at the time of writing indicates sixteen NHS Trusts have reported the issue with the ransomware “Wanna Decryptor“, sometimes called “WannaCry” or “WCry“.  Like most ransomware the attack appears to request funds, $300, or risk losing all files.  The threat appears to indicate that the price will rise in 3 days and be irrecoverable in a week.  Currently there is no indications of personal information being accessed.

Ransomware uses advanced encryption techniques to render vital or valuable files unreadable without a unique key, held by the attacker.  At home this normally means Office documents, images/photos and music files but an attack on an organisation like the NHS may specifically look for more specific or unique file types for that sector.  Some ransomware is capable of rendering the entire machine unusable without the decryption key, effectively locking the user out of the system.  All of these are a type of blackmail or possible a denial of service attack if there is no intention of releasing the decryption key.

An attack of this scale will likely result in a swift investigation and in all likelihood some significant prosecutions if possible.  Attacks on the NHS may be escalated as an attack on Critical National Infrastructure (CNI).  The Centre for the Protection of National Infrastructure (CPNI) discuss cybercrime and “denial of service” briefly on their website but not specific threats.  The full weight of the new National Cyber Security Centre (NCSC) will kick in and this will be their first big job.

It’s going to be a busy time in the NHS and the investigators aiding them.

What may aid them is that this may be part of a wider attack across Europe.  That means more evidence and a greater chance of tracing the culprits.  Theoretically at least.

(Cynically I also thought about how a rapid response may affect the General Elector or indeed a poor response.)


  1. NHS: Statement on reported NHS cyber attack
  2. The Register: NHS hospital shut down due to cyber attack
  3. CPNI: Website
  4. NCSC: Website

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: