The British National Health System (NHS) has fallen victim to a massive cyber attack as part of a global action. Hospitals and businesses across the United Kingdom and other countries were affected.
The attack that took place on Friday has no precedent and it is known to have affected at least 74 countries, including 16 NHS trusts in the United Kingdom, in which case the IT systems that patient safety depend on were compromised as staff were locked out of accessing their computers.
At fault for this massive infestation is the WannaCry ransomware, which is locking people out of their computers at a rapid pace.
What’s worse is that this particular ransomware is based off a leaked NSA exploit exposed about a month ago by hacker group Shadow Brokers.
Why is this happening?
The WannaCry attackers are using a Windows exploit that was harvested from the EternalBlue tool of the NSA. Microsoft has already released a patch for this vulnerability, but it’s pretty clear that many users and organizations didn’t bother to deploy the patch to close off their systems to attacks.
Once the malware infects a computer, it does this by exploiting a vulnerability in the SMB file sharing. Customers running older versions of Windows are more affected by this, especially since Microsoft no longer supports Windows XP or 2003. The biggest problem is that this malware has a worm-like nature which makes it extremely dangerous as it is enough for one individual to get infected for others in the network to get it too.
“Today’s ransomware attack that hit the NHS, Telefonica and others in more than 70 countries is unprecedented in what has been seen from ransomware so far. Based on what is currently known, it seems this attack is a perfect storm of unpatched vulnerabilities coupled with encrypting ransomware,” said Travis Farral, Director of Security Strategy at Anomali and former ExxonMobil security intelligence supervisor. “The widespread nature of this attack suggests that organizations are still slow to patch significant vulnerabilities like the one currently being associated with this event. Considering the potential impact of these infections, ensuring that there are procedures in place for quickly patching urgent vulnerabilities and having a good business continuity plan in place to account for these types of attacks should be paramount priorities in any organization.”
Security researchers from Malwarebytes believe this malware is bad news because the encryption is done with RSA-2048 encryption, which means it’s pretty much next to impossible to decrypt without the attacker’s key.