Two years ago, the WannaCry ransomware attack unfolded and hit thousands of computers all around the globe.
One of the most high-profile victims of this attack, which has been described as unprecedented in terms of both scale and impact, was the NHS.
After chaos ensued with patient appointments being cancelled and critical operations being pushed back, the incident was successfully dealt – but not before it left a lingering and far-reaching impact on the British health system.
What has the UK tech industry learnt from the attack and how has it evolved since then?
The WannaCry attacks
The WannaCry crisis unfolded between May 12 and 15 of 2017. It is still unknown who was behind it, even though several allegations have been made, most notably that hackers linked to North Korea were responsible for the ransomware attack. Interestingly, the attackers exploited a vulnerability within the Windows OS which exploits the system’s Server Message Block.
The exploit was dubbed EternalBlue. What made this news even more sensational was the fact that the US National Security Agency later admitted that they had already discovered the flaw, but instead of letting Microsoft know so that they could release a security patch, they decided to exploit EternalBlue themselves, and develop their own offensive tools.
It seems that eventually the code found its way into the hands of hackers and was released by a hacker group called The Shadow Brokers a month before the attacks, along with instructions on how to take advantage of it.
A wave of lower-level attacks started occurring within a few days of that release, but WannaCry would not hit for another month.
Once it was launched, the WannaCry cryptoworm infected computers, locked and encrypted data, and demanded ransom payment in Bitcoin to allow users to access it again.
While IT experts were frantically trying to contain and stop the attack, a lone security researcher is widely credited for taking action in order to prevent WannaCry from spreading further, by identifying and activating a kill switch that prompted the ransomware not to encrypt the data.
The impact of the attack was devastating. According to a report published online on Sky News on 14 May 2018, 80 out of a total 236 NHS trusts were successfully targeted across England, while over 600 other organisations were infected, with a total of 595 GP surgeries among them. Five A&E wings decided to send their patients elsewhere due to the attack, and roughly 20,000 appointments and operation had to be cancelled because of WannaCry.
How did the government and companies respond?
Even when users paid the “ransom”, reports indicate that in some cases, they were still not able to recover their data.
These losses showcased the importance of adhering to a strict Data Loss Prevention (DLP) strategy, which is especially pertinent to companies that host client data and organisation like the NHS. DLP describes the process of detecting and protecting against data breaches or other types of unwanted loss of data.
The most common sources of data leaks include not only external intruders such as hackers, but also insider threats like careless users or even malicious insiders that abuse their access privileges to inflict harm.
shutThe WannaCry attack demonstrated that the NHS still had a long way to go in securing its systems from threats, and the government vowed to take measures immediately after the full cost of the ransomware was disclosed.