Science explained: Ransomware and the NHS cyber-attack

On Friday, a situation was declared in the UK as it was hit by a large-scale cyber-attack. 45 NHS organisations in England and Scotland were affected, with our shores being only one of the 99 countries targeted – telecoms companies and gas providers were shut down in Spain, Renault in France and various banks in Russia were affected. The situation is ongoing with security services still trying to take down the malicious technology, but we are starting to understand the malware used.

The NHS has been hit by something called ransomware – this particular variant is a form called WannaCry. It gets into a computer when the user either clicks on or downloads a malicious file. It is likely that someone clicked on something they shouldn’t have – all it could take is one email attachment from a sender you didn’t know. However, some security researchers have noted that the WannaCry infections also seem to be using a worm, and are therefore able to spread autonomously, without the need for humans to propagate it.

As any crime fan can tell you, paying the ransom does not guarantee you’ll actually get your access back.

When it hits a computer, the malware encrypts some of the files, then demands payment in order to regain access (for the NHS, it wanted a payment of $300 in Bitcoins). The pop-up features two countdown clocks – one with a three-day deadline, after which the ransom amount doubles, and another saying when the data will vanish forever. As any crime fan can tell you, paying the ransom does not guarantee you’ll actually get your access back.

Ransomware has been around for a while, but it’s really hitting headlines now because of attacks on hospitals (similar attacks, on a smaller scale, hit America last year). Hospitals are perfect targets for a ransom attack for two reasons. Firstly, they need access to patient information to function, and the cyberattacks have caused critical patient care to be rescheduled because patient history is unavailable. A lot of hospitals also use outdated software like Windows XP (because systems are built specially, making updates to newer operating systems difficult and unlikely to work), and these systems are not very secure.

A lot of hospitals also use outdated software like Windows XP (because systems are built specially, making updates to newer operating systems difficult and unlikely to work), and these systems are not very secure.

In case you’re worried about your own computers, there are some things you can do. Install an up-to-date antivirus, and make sure that all your software is updated too. Steer clear of links that look dodgy, and don’t open any email attachments from people you don’t know. It’s also a good idea to have backups of all your important files – essentially, just being safe and sensible online should be sufficient to protect your personal computer.

The situation is ongoing, but one cybersecurity researcher has had some luck in combatting it. The researcher, tweeting as @MalwareTechBlog, noticed that the virus appeared to be searching for a particular web address. When he registered it, the virus seemed to stop spreading. Sadly, this won’t help anyone whose computer is already infected, and he has warned that the perpetrators are very likely to try again.