• Bristol Computer Support: 0117 244 0135

The NHS (and Deutsche Bahn, and Telefonica, and Renault, and FedEx, and Russian Interior Ministry…) Cyber Attack: What happened?

ByJack Anderson

The NHS (and Deutsche Bahn, and Telefonica, and Renault, and FedEx, and Russian Interior Ministry…) Cyber Attack: What happened?

Imagine coming into work one day, booting up your computer, and seeing this screen:

I suspect your first reaction would be confusion, then a rising sense of dread.  You would likely mention it to a colleague, only you would find that the person sat next to you has the same problem.  And the person sat next to them.  Eventually you would discover that all of the computers in the building are displaying the same screen.  Your boss telephones a different branch of your organisation, hoping they might be able to help, but the line is jammed because their systems are down as well.

This scene played out millions of times across the world over the last couple of days.  So what went wrong?  And is your business under threat?

How It Happened.

Arguably it started more than a year ago, when America’s NSA discovered a vulnerability in Windows XP.  Their findings were leaked online, possibly with the intention of forcing Microsoft to patch such a glaring security hole, which, in fairness, they did.  Unfortunately the patch was not universally applied, Windows XP has reached the end of its life and the company now charges for continued support.  For large organisations, such as the NHS, this is not an insignificant amount of money (£5.5 million, to be exact) and the UK Government had decided to cease paying for continued security patches for budgetary reasons.  This was an expensive mistake.

Certain cyber criminals clearly knew all of this.  They developed a piece of ransomware called ‘WannaCry’ and unleashed it onto the internet.  Contrary to earlier reports this was not a phishing attack, but a worm which seeks out vulnerable systems and forces its way in.  It spread uncommonly fast throughout the world, inflicting itself upon company after company, organisation after organisation, and rendering them completely inoperative until the demanded ransom was paid.

How It Was Stopped

By chance the blogger MalwareTech managed to halt the ransomware’s spread and most of the machines infected by the virus are now working again.  He noticed that the malware was using an unregistered domain and, after he registered it, discovered that he could use it as a form of ‘kill switch’ and prevent it spreading further.

Pure luck, essentially, put a stop to this attack.

Future Threats

This incident was a break from the norm.  Ordinarily hacking is far quieter, far more subtle, but this was closer to something from an SF novel.  And the threat is far from gone; it will take very little effort to rewrite the malware to simply use a different domain, or none at all, and it will start all over again.

Luckily there is a simple way to prevent this: update your software and keep it up to date.

If you’re having technical difficulties in the Bristol area try calling Postero IT on 0117 244 0135, we’ll be happy to help.

About the author

Jack Anderson administrator