Search This Blog

Search Tool

May 14, 2017

Cyber-Attack Could Escalate as Working Week Begins, Experts Warn | The Guardian

Robert Booth

NHS chiefs and Europol have warned of possible fresh disruption from the global cyber-attack when workers switch on their computers for the first time at the start of the working week.
The pan-EU crime-fighting agency said the threat from the attack was escalating and predicted the number of “ransomware” victims was likely to grow across the private and public sectors.
Many of England’s 8,000 GP surgeries have been closed all weekend following the attack, which started on Friday afternoon. The NHS fears many could be affected for the first time on Monday.
“Given the timing of the cyber-attack, some parts of the NHS will not have clocked there is an issue,” a spokeswoman for NHS Digital told the Guardian. “If that is going to happen it is more likely to be primary care trusts.”
Surgeries were sent a bulletin on Sunday advising them what to do if they discover their computers have been hacked and how to get support from NHS Digital and the National Cyber Security Centre, which is handling the response.
Speaking about the impact of the malware attack, which not only disrupted patients and doctors at one in five NHS trusts but also hit companies around the world from Australia to Russia, the director of Europol, Rob Wainwright, said: “The numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on on Monday morning. The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”
About one in five NHS trusts responsible for hospitals have already been affected by the cyber-attack using “WannaCry” malware, which disables computer systems and presents users with a ransom demand. Six trusts were still affected 24 hours after it began, amid concerns networks were left vulnerable partly because they still used outdated Windows XP software and also because security upgrades issued last month had not been installed.
Ambulances were directed away from some A&E units, some non-urgent operations were cancelled, and diagnoses were delayed as doctors had to wait for porters to bring hard copies of patients’ scans.
Organisations across the globe, including investigators from Britain’s National Crime Agency (NCA), are hunting for those behind the attack in what is described by Europol as a complex international investigation. As yet, the culprits have not been found.
“Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice,” said Oliver Gower from the National Crime Agency.
A computer security expert credited with stopping the spread of the ransomware on Saturday by activating a digital “kill switch” warned on Sunday that a fresh attack was likely.
The expert, known only as MalwareTech on Twitter, said hackers could upgrade the virus. “Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw,” he said on Twitter. “You’re only safe if you patch ASAP.”
On Sunday, Microsoft issued a security bulletin marked “critical” including security updates that it said “resolves vulnerabilities in Microsoft Windows”.
It emerged over the weekend that NHS Digital last month emailed 10,000 individuals in NHS organisations warning them to protect themselves against the specific threat of ransomware and included a software patch to block such hacks on the majority of systems. However, it would not work with outdated Windows XP systems that still run on about 5% of NHS devices.
NHS Digital said it did not yet know how many organisations installed the update and this would be revealed in a later analysis of the incident.
The hack sparked a bitter political row, with Labour blaming the Conservatives for cutting funding for NHS infrastructure.
The shadow health secretary, Jon Ashworth, on Sunday demanded the publication of the Department of Health’s “risk register” to show how seriously the government had taken a potential cyber-attack.
“If the Conservative prime minister thinks they were taking it seriously, then she shouldn’t have any problem in publishing that register,” he said.
He accused the government of “huge investment cuts in the infrastructure of the NHS” and said £1bn had been taken out in the last year.
He said “a big priority” of Labour’s promise to spend an extra £10bn on NHS infrastructure would “go to investing in cyber security and upgrading our IT”.
On Saturday, the Liberal Democrat home affairs spokesman, Brian Paddick, said: “A combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cyber security.”
Amber Rudd, the home secretary, who is leading the response to the attack, said the same day: “I don’t think it’s to do with ... preparedness. There’s always more we can all do to make sure we’re secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack.”