NHS ransomware attack – what has happened and what do you need to do?
It has been reported in the national news that the NHS has been affected by a major cyber attack this weekend – further attacks could occur this week.
The ransomware attack has infected the systems of over 200,000 users so far and looks to replicate further over the coming days. What has happened, why has it happened and what do you need to do?
What has happened?
There has been a global cyber attack affecting businesses and organisations in 150 countries which has exploited a vulnerability in unpatched Microsoft systems. The ransomware attack locks files so users cannot access any of their data and attackers are asking for $300 (£230) from each system affected to unlock the files. There is no guarantee that payment will result in the files being unlocked (or stop it happening again)
Why has it happened?
Computer systems that have not been updated with the latest security fixes from Microsoft mean they are vulnerable to exploits identified by hackers.
Microsoft have issued the following alert:
‘Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. We are using the MSRC blog – Customer Guidance for WannaCrypt attacks to post information and resources in one place, to help customers respond to this latest threat’.
What do I need to do?
Make sure your operating system is updated to the latest version. Microsoft have issued the following guidance . It is important to apply this update immediately and follow the instructions and apply relevant security updates for your system. Microsoft continues with the following advice:
‘The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010, if you have not done so already. Customers that have automatic updates enabled or have deployed this update are already protected from the vulnerability these attacks are trying to exploit.’
I addition it is important to ensure that you have updated your anti-virus and anti-malware to provide further protection and back up your data, in an off-line facility ie. disconnected from your network.
For further advice about ransomware
Read the SWCSC urgent help guide in advance to ensure that you have a plan and re prepared if this does happen to you.