UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Docs use pen and paper after computers scrambled amid global outbreak


Final update UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks.

Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, aka WanaCrypt aka Wcry, nasty. Users are told to cough up $300 in Bitcoin to restore their documents.

Doctors have been reduced to using pen and paper, and closing A&E to non-critical patients, amid the tech blackout. Ambulances have been redirected to other hospitals, and operations canceled.

It is understood WannaCrypt, which is raiding companies and organizations across the planet today, is being spread by a worm that exploits unpatched vulnerabilities in Windows machines – particularly MS17-010, an SMB bug attacked by the leaked NSA tool, EternalBlue. The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system.

A spokesperson for NHS Digital said: "We're aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware."

East and North Hertfordshire NHS confirmed in a press statement: "Today, the trust has experienced a major IT problem, believed to be caused by a cyber attack. Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust's telephone system is not able to accept incoming calls.

"The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency."

It said the trust's IT specialists were working to clean up the mess.

"I'm led believe that there is a major attack underway on the NHS with systems down nationwide," one reader told us. "My wife is a GP and their systems were just shut down and they were told it was because of a 'National hack of the computer health care system'."

Updated to add

Payments appear to be being made to the Bitcoin addresses given in the NHS ransomware attack – which in turn confirms that the same strain of malware has infected Telefónica Spain, Gareth Corfield reports.

There are at least two addresses visible in screenshots of the malware reported by British sources.

One of those addresses, 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn, is visible in BBC tech editor Rory Cellan-Jones' tweet of a London GP's view of the malware:

This same address is seen on computer screens in Spain and other countries hit by the WannaCrypt variant. A payment of 0.15 Bitcoin – worth roughly $266 dollars at the time of writing – was made to that address two hours ago, as the Blockchain tracker shows. It is not possible to say who paid this amount. The NHS attackers are asking for $300 worth of Bitcoin in ransom payments.

NHS Digital response

NHS Digital confirmed a number of organisations have reported they have suffered a ransomware attack which is affecting a number of different organisations.

It said: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." ®

Now read our analysis of the WannaCrypt epidemic.


Other stories you might like

  • NASA installs a new and improved algorithm to better track near-Earth asteroids

    Nearly 20 year-old software used to protect humanity gets an upgrade

    NASA has upgraded its near-Earth asteroid monitoring algorithm to model hazardous space rocks more accurately after nearly two decades, it announced on Tuesday.

    The new system, dubbed Sentry-II, is more powerful than its predecessor, Sentry. Astronomers working at the space agency's Center for Near Earth Object Studies can now automatically calculate thermal influences that nudge an asteroid’s orbit, potentially sending it hurtling towards our home planet.

    The so-called Yarkovsky effect describes the subtle and gradual change of motion when asteroids are heated by the Sun’s light. When asteroids spin, one side of its surface exposed to the star gets heated. As it continues to rotate, the hot region enters shade and cools down. Infrared energy is radiated outwards; the photons carry momentum and impart a tiny thrust on the asteroid. Over long periods of time, these small kicks can change their paths and knock them out of their original orbit.

    Continue reading
  • Facebook slapped with an eyepopping $150B lawsuit for spreading hate speech against Rohingya refugees

    Lawsuit claims social media giant's algos helped Myanmar military crackdown on the Rohingya

    Meta was sued on Tuesday for a whopping $150 billion in a class-action lawsuit for allegedly amplifying hate speech and aiding the Myanmar military in the genocide of the Rohingya people.

    The case, led by an anonymous Rohingya refugee living in the US, accuses the entity formerly known as Facebook of inciting hatred and inflicting real harm on the predominantly Muslim group for years. Not only did the social media platform ignore hate speech posts, it's alleged that the service's algorithms actively promoted anti-Rohingya propaganda as hundreds of thousands of people fled from Myanmar to escape persecution.

    Facebook has already acknowledged its role in the campaign, which saw an estimated 25,000 people perish and 700,000 forced from the country. The lawsuit also comes after ex-employee and whistleblower Frances Haugen leaked internal documents demonstrating how its algorithms prioritized engagement over safety.

    Continue reading
  • Power management IC shortage holding cars, laptops, hostage

    Couple of cents-worth of kit causing big problems for the year to come

    The shortage of power management chips is worsening and holding back companies from building cars, PCs and items with batteries or an on-off switch, Trendforce said in a study this week.

    Power management ICs cost just a few cents, and are among cheap chips that include display driver and USB-C components that are in short supply. These chips are as important to PCs and other electronics as CPUs or memory.

    The demand for PMICs has gone through the roof with the emergence of electric cars and growing demand for PCs and consumer electronics during the past 20 plus months. Trendforce expects the prices will go up by 10 per cent to a six-year high of $0.23.

    Continue reading

Biting the hand that feeds IT © 1998–2021