UK’s state-run National Health Service (NHS) was limping back to normalcy today, even as experts have warned of a second wave of ransomware cyberattacks on IT systems around the world. The NHS systems appears to be largely up and running, although seven out of the 47 trusts hit by the last week’s attack are still seeking emergency support, according to the NHS Digital. UK Home Secretary Amber Rudd and health secretary Jeremy Hunt are holding a meeting of the country’s emergency response committee, COBRA, to assess further action. The UK’s National Cyber Security Centre said: “Since the global coordinated ransomware attack on thousands of private and public sector organisations across dozens of countries on Friday, there have been no sustained new attacks of that kind.”
“But it is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks.” The UK government has insisted that the NHS had been repeatedly warned about the cyber threat to its IT systems, with Defence Secretary Michael Fallon stating 50 million pounds was being spent on NHS systems to improve their security. But Opposition parties have criticised the government, saying they had cut funding to the NHS IT budget and a contract to protect computer systems was not renewed after 2015.
The virus that hit the NHS in England and Scotland, known as Wanna Decryptor or ‘WannaCry’, has infected 200,000 machines in over 150 countries since Friday. The ransomware locks users’ files and demands a USD 300 payment to allow access. A 22-year-old IT researcher from a seaside town in England, Marcus Hutchins, has been credited with saving more than 100,000 computers from being affected by the malicious software after he registered a website domain name which inadvertently stopped its spread with a so-called “kill switch”.
Hutchins, who uses the name MalwareTech online, is now helping the National Cyber Security Centre with their investigations. On Sunday night, Microsoft blamed the US spy agency that had originally developed software that allowed the ransomware attack to infect computers. The “Eternal Blue” tool developed by the National Security Agency had been dumped onto the public internet by a hacking group known as the ‘Shadow Brokers’. Microsoft President Brad Smith said: “The governments of the world should treat this attack as a wake-up call”.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen.” Microsoft released a patch over the weekend for the Eternal Blue vulnerability that defends against it even with older versions of Windows.