Author Gary Hibberd
Need Help: NHS ‘Wanna Decryptor’ Virus
Another day, and another Cyber attack. But today the ‘BREAKING NEWS’ across the airwaves is that a large Ransomeware attack across Europe has hit a number of organisations, including 16 NHS trusts.
Over the coming days more will become apparent, but at the moment what IS known is that this appears to be a variant of the ‘Wanna Decryptor’ encryption tool. What is also known is that there is going to be some serious disruption to NH Services, meaning that operations and individuals will have operations cancelled, and this will be investigated by the National Cyber Security Centre (and other agencies). These are the certainties we know, but as one might expect there is already a lot of speculation on who is behind the attack, and why. So here’s my views, before the smoke clears … or gets in your eyes!
- This is unlikely to be a ‘co-ordinated’ attack. It’s bad, but it’s unlikely to be targeted or ‘co-orindated’ in the way that is being described.
- Hitting the NHS is not nice, but lets be clear – the Cyber criminals behind this are unlikely to have ‘targetted’ the NHS. This is relatively obvious because of the amount demanded ($300) and because attacking the NHS will galvanise the strongest of responses (as is happening). Cyber criminals would prefer the attack to be ‘unremarkable’ and go unnoticed by Central Government agencies like the NCA.
- The best defence against Ransomware is to think of the problem as both a technology and people problem. We MUST get better at ensuring we have backup processes in place, but we must train our staff to understand the importance of security and what to do if they suspect there’s a problem.
The attack appears to be have been highly co-ordinated and aggressive.” The Patients Association
What can we do to prevent becoming the next headline?
Actions you MUST perform today;
- Speak to your IT provider about your backup processes – and test these backups too
- Ask them about the patching of your computer systems
- Ask them about your Malware protection tools (Antivirus and Malware identification)
- Speak to your teams about this attack [on the NHS] and ask them what they think? What do they think the impact on the NHS will be? What lessons could YOU learn from the attack?
- Speak to the Board and ask how THEY would respond to such an attack? Ask them what steps do they believe are missing? What documented processes do you have in place and are they accurate?
- Speak to your team and ask them how you could all work together to prevent such an event?
If you need more targetted advice and guidance on preparing for managing a Ransomware attack please get in touch. Whilst this ‘feels’ like an IT problem, it needs to be approached and managed in with a consistent and ‘holistic’ approach.
There will be a lot of advice given over the next few hours and days (mine included), but whoever you listen to, ensure you take action. Don’t fall into the trap that this was a ‘co-ordinated’ or ‘targeted’ attack, because if you do you’ll let your guard down and possibly will be the next victim. Although your story might not be the ‘BREAKING NEWS’ story of tomorrow.