United Kingdom working to restore hospital systems after cyberattack

05/14/2017 05:33 | 3

Computer users worldwide - and everyone else who depends on them - should assume that the next big "ransomware" attack has already been launched, and just hasn't manifested itself yet, said Ori Eisen, founder of the Trusona cybersecurity firm in Scottsdale, Arizona.

The attack froze computers at hospitals across the country, with some canceling all routine procedures.

So far there have been no confirmed reports Australian organisations have been hit.

"While the vast majority are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7%, with this figure continuing to decrease".

The prime minister's right-hand man on cyber security, Alastair MacGibbon, is working with officials and health agencies to determine any impact on Australia.

He said: "Since this attack occurred on Friday afternoon (May 12), we have been working with representatives from the national government, National Crime Agency, National Cyber Security Centre and cyber security experts to put in place mechanisms to mitigate the risk to systems in Northern Ireland".

Russia, Ukraine and Taiwan were the top targets, researchers with security software maker Avast has said.

Darien Huss, a researcher at security firm Proofpoint, first noticed that MalwareTech's sinkhole was preventing the ransomware from spreading.

A new ransomware named "Wannacry" is spreading globally that encrypts files on the infected Windows PCs.

"There's never going to be any shortage of unpatched systems or legacy systems that can not be patched", said Jim Walters, a senior research scientist at Cylance, which develops anti-virus software.

Hackers using malware "stolen from the NSA" crippled 45 National Health Service, NHS, trusts in Britain and caused disruption across at least 45,000 computer networks in 99 countries in an unprecedented global attack at the weekend. The attack carried out on a global scale has infected computers in the US, Europe, and Asia. At that point, WannaCry spreads to connected Windows computers through a Windows SMB Server vulnerability.

Several schools - including Nanchang University, Shandong University and University of Electronic Science and Technology of China - issued alerts on their Weibo social media feeds warning faculties and students to backup important files and not to open suspicious emails.

"At this stage we do not have any evidence that patient data has been accessed", the system says. Russia's central bank said Saturday that no incidents were "compromising the data resources" of Russian banks. The country's banking system was also attacked, although no problems were detected, as was the railway system.

They say the factory of Renault factory at Sandouville, in northwestern France, was one of the sites affected. The onslaught forced hospitals to cancel or delay treatments for thousands of patients, even some with serious aliments like cancer.

"We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack".

It said it was "working round the clock with United Kingdom and global partners and with private sector experts to lead the response to these cyber attacks". The payment must occur within three days, or the price double, and if the money is not paid within seven days the pirated files will be erased.

The ransomware is believed to be linked to an exploit, computer code that takes advantage of a vulnerability, known to have been used by the Equation Group, which many in the security world believe is connected to the NSA.

British media had reported a year ago that most public health organizations were using an outdated version of Microsoft Windows that was not equipped with security updates.

"The ransomware can spread without anyone opening an email or clicking on a link".

The sort of ransom demands seen on the NHS screens are not without precedent at medical facilities. It demands up to $300 in Bitcoin to be paid to a certain ID. Blocking future ransomware attacks will require cybersecurity personnel, new computers, and better network security.


Add comment