England’s National Health Service (NHS) could have avoided the ransomware hack that crippled its systems in may, consistent with a government report. “Basic IT security” was all that was needed to prevent the “unsophisticated” WannaCry attack, that affected over a 3rd of NHS organizations, said the National Audit office (NAO). the full scale of the incident saw over 19,000 medical appointments canceled, and computers at 600 surgeries locked down.
The attack did not stop with the NHS, instead spreading to computers around the globe. Victims were confronted with a message on their machines declaring that their data had been encrypted, and will only be accessed if they forked out $300 (sent via bitcoin). The infection used a pc exploit, referred to as “ETERNALBLUE,” developed by the National Security Agency (NSA), and leaked on-line by hacking group The Shadow Brokers. Although, the hackers reportedly managed to extort more than $100,000 using the malware, it seems the NHS did not hand over a single penny. But, the overarching value of the disruption may ne’er return to light.
Still, the attack could have been prevented if the NHS had followed simple cybersecurity measures, suggested the NAO. It had repeatedly been warned to “migrate” away from old Windows XP software, that was susceptible to the hack. And, in March and Apr, NHS Digital issued more warnings to organizations to patch the bug in their systems that later allowed WannaCry to spread. A cybersecurity assessment was conducted on 88 out of 236 NHS organizations, and none had passed, said the NAO.
The WananCry virus was accidentally stopped by security scientist Marcus hutchins using a domain-based kill switch. But, not before it affected a number of big-name companies, including FedEx, Renault, Telefonica, and even Germany’s railway system. Since then, 2 more ransomwares have sprung up: NotPetya started in ukraine in June and quickly spread worldwide, and bad Rabbit plagued parts of Europe and Russia earlier in the week.