A cyber attack using ransomware has hit hundreds of users worldwide, including the U.K.’s National Health Service (NHS), which is the highest authority concerning the country’s hospitals and clinics.

In the attack, the computers were rendered useless unless a $300 ransom was paid in Bitcoin, hence the name “ransomware.” The vulnerabilities exposed by the attack have shaken worldwide governments and health services, forcing them to focus on upgrading their cybersecurity before it is too late.

The attack affected an estimated 45,000 targets globally. Image Credit: Flickr.

A world-scale cyber attack affects health institutions

Hundreds of surgeries and chemotherapy sessions were suspended due to the attack, as health facilities are now relying on computer systems to schedule and monitor most of their processes. Databases containing information on supplies, staff, and even patient admittance are all contained in information systems, making them vulnerable to a mass scale cyber attack such as this one. A total of 48 NHS institutions were affected.

Most health institutions saw delays in their operations, as doctors were forced to take notes by hand and update patient records with pen and paper. X-rays and other necessary exams had to be delivered by hand from nurses to treating doctors, and minor surgeries were postponed until the damages were sorted out.

Ransomware attack
A computer shows a message generated by the ransomware attack. Image credit: Cover 365.

Trusts who are to choose when and how to upgrade the tools used in hospitals are yet deciding whether or not they were prepared for the attack, as it affected at least 90 different countries. Former NHS Digital chairman Kingsley Manning assured that a cyber attack of this kind is always likely to happen, and NHS trusts purposely diverted funds to upgrade cybersecurity because they do not have control over individual trusts which are the ones that decide how and when to use the funds in specific instances.

On the other hand, the Ministry of Defense stepped forward and claimed that its submarines were not vulnerable to the attack, even if they use Microsoft Windows as their operative system, which was the designated target of the “WannaCry” ransomware.

Even if the user paid the ransom, nothing says that the hacker could not try and attack the same computer once more.

Wanna Decryptor or WannaCry ransomware

The Wanna Decryptor or WannaCry ransomware would encrypt the user’s files and ask for a $300 ransom. The user needs to transfer the money to a Bitcoin wallet address displayed on the screen before the on-screen timer reaches zero. Otherwise, all of the user’s files would be inaccessible.

The malware is the result of hackers exploiting a security breach in Microsoft found by the NSA. A leak led to the exploit being published online, and although Microsoft released security patches to protect its clients from the exploit, most of the people and companies that use Windows do not update their systems regularly.

Image credit: Free Formers.

“If you want to decrypt all your files, you need to pay. You only have 3 days to submit the payment. After that the price will be doubled. Also, if you don’t pay in 7 days, you won’t be able to recover your files forever. We will have free events for users who are so poor that they couldn’t pay in 6 month,” the Wanna Decryptor reads after infecting a computer.

The problem is that many companies still use Windows XP as their main operating system, which was deemed obsolete by Microsoft as it is 15 years old. Fully upgrading these systems in a cost-effective manner could still cost millions, as system upgrades are expensive. A solution would be to completely overhaul the whole array of computer systems by obtaining new models, but this would require the data and software used by the organization to be passed down to the new computer. This adds a cost to each upgrade, making it potentially unaffordable on a large scale.

Nothing stops hackers from developing more malware similar to WannaCry. Luckily, a software engineer found a way to halt the program from working.

He talked about the process on his blog, where he described how he accidentally found a backdoor to the malware. It appears that the program tried to access a web domain after it encrypted the files. The code showed that if the program could not successfully connect to the web domain, then it would ransom the system.

The web domain was purchased by a blogger known as MalwareTech, which allowed him to render the malware useless for the time being. He called the exploit a “kill switch in case something goes wrong,” but then he wrote that it was probably a mistake from the hacker. When the web domain was purchased, the malware was unable to spread anymore, as it automatically checks up on it before encrypting the files.

MalwareTech warned that the solution only stops the current version of WannaCry. Hackers could easily remove the exploit and re-launch the ransomware.

Even if the problem has been fixed, for now, the long-term issue persists, where millions of unprotected systems are still widely used. Furthermore, people can’t seem to agree on who’s to blame for the problem.

Source: The Telegraph