A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack. The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. At this stage we do not have any evidence that patient data has been accessed. NHS Digital statement
Screenshot of apparent ransomware attack message sent to NHS England trusts https://t.co/jODkWomGPA pic.twitter.com/uc2HlGH9yM
— BBC Breaking News (@BBCBreaking) May 12, 2017
[If] if want to decrypt all your files, you need to pay. You only have 3 days to submit the payment. After that the price will be doubled. Also, if you don’t pay in 7 days, you won’t be able to recover your files forever. We will have free events for users who are so poor that they couldn’t pay in 6 months. Ransomware message seen on NHS computersAt least 16 NHS organizations in England were known to be affected by the large-scale attack, although media reports indicate many more are impacted. Trusts have been affected in London, Blackburn, Nottingham, Cumbria, Debyshire, Northumbria, Blackpool and Hertfordshire, according to the BBC. The Scottish government said it was working with NHS after four surgeries were reportedly affected by the malware. As many as 11 NHS boards in Scotland and the ambulance service were impacted, according to The Guardian.
.@scotgov working with NHS boards to minimise the impact of potential cyber incidents, confirms @ShonaRobison https://t.co/XxWvr0WOke
— Scottish Government (@scotgov) May 12, 2017
WannaCry ransomware
The Guardian explained that the malware affecting NHS computers took down other systems, including the telecom Telefonica in Spain. The software identified by NHS Digital as Wanna Decryptor is also called WanaCrypt0r 2.0, WCry 2 and WannaCry 2. It targets a vulnerability in Windows operating systems. Security researchers MalwareHunterTeam detected the software at 9:45 a.m. on May 12, and it had spread to NHS computers four hours later.There is a new version of WCry/WannaCry ransomware: "WanaCrypt0r 2.0".
— MalwareHunterTeam (@malwrhunterteam) May 12, 2017
Extension: .WNCRY
Note: @Please_Read_Me@.txt@BleepinComputer pic.twitter.com/tdq0OBScz4
36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge. pic.twitter.com/EaZcaxPta4
— Jakub Kroustek (@JakubKroustek) May 12, 2017
#WannaCry Full Spectrum Cyber Pew Pew Live map showing realtime botnet check-ins around the world. https://t.co/RB4E4MSa0Z pic.twitter.com/HpqSr0YaDN
— 乇メoイノc アムリレoムd丂 (@0c0d_) May 12, 2017
Obsolete systems
CNBC reported the malware was first leaked by a group called Shadow Brokers, which released a number of hacking tools purportedly stolen from the US National Security Agency. Microsoft patched the vulnerability in March, but many of the computers affected by WannaCry had not been updated or used operating systems that were no longer supported by the company, including the 15-year old Windows XP.Microsoft releases #WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003: https://t.co/ZgINDXAdCj
— Microsoft (@Microsoft) May 13, 2017
Ukip health spokesperson Suzanne Evans says "I simply cannot understand the mentality of the pathetic geeks" behind the NHS cyber attack
— Sky News Breaking (@SkyNewsBreak) May 12, 2017
Our A&E is open for critical or life-threatening situations requiring medical attention, such as loss of consciousness, heavy blood loss…
— Colchester Hospital (@ColchesterNHS) May 12, 2017
UK hospitals divert ambulances after 'ransomware' cyber attack https://t.co/WS4TnzLMYS
— Reuters (@Reuters) May 12, 2017
A list of NHS organisations who have fallen victims to today's nationwide ransomware attack: pic.twitter.com/LeXTO6YqFI
— Shaun Lintern (@ShaunLintern) May 12, 2017
Shadow Health Sec: hack highlights risk to data security in health service & reinforces need for cyber security at heart of govt planning
— Sky News Breaking (@SkyNewsBreak) May 12, 2017