NHS services have been hit by widespread IT failure across England – this has been caused by malware inadvertently downloaded by staff clicking on a link or attachment in an email sent by cyber criminals.

Hospitals in London and the rest of the country have been affected, and are unable to work – telling patients “don’t come to A+E”.

NHS hack

The type of malware affecting the NHS is known as “WannaCrypt”, a specific type of Ransomware taking advantage of a vulnerability in Windows systems (a patch has now been released for this vulnerability, which has been proactively installed by Netstar to our clients’ systems).

When ransomware gets onto your system it encrypts all of your files, effectively locking you out of them. Only the cyber criminals can unlock your files, and only if you pay them a hefty ransom in anonymous currency such as BitCoin. The WannaCrypt ransomware is capable of replicating itself, meaning only one PC needs to get the infection for it to spread to any machines connected to your network. This is why you should disconnect from the network immediately if you suspect you have downloaded the malware.

How did this happen?

Unfortunately, this is a widespread problem that we have seen time and time again. It usually happens because people click on suspicious links and attachments in emails from unknown senders. These emails are designed to pique your curiosity and get you to click. Some of them even target specific individuals and contain information mined from company websites and social media profiles to make them appear highly personalised.

When you click, you download the malware. It runs in the background encrypting all of your files. When it’s finished, you will only be able to see a screen informing you what has happened, and asking you to pay up. There is sometimes also a timer counting down until the point which your “decryption key”, needed to unlock the files, will be deleted. After this point they’ll be encrypted forever as the means of unlocking them has been deleted.

The malware itself is easily removed, but the only way to retrieve locked files is to either pay up, or restore from backups.

What You Should Do to Protect Your Business

  • Educate everyone on phishing emails (download our red flags below!) as part of your cyber security policy. Enrol in simulated phishing email test training for your employees – this means they’ll receive test emails designed to look like the real thing on a regular basis. You can monitor who falls for them and send them for more training!
  • Invest in a reliable backup system. If you get ransomware, it and it gets onto your network, you’ll be faced with a very tough decision: Lose all of your data, or pay an eye watering amount to get it back. If you have reliable backups in place – you will be able to safely and easily restore to the point before encryption began.