Cybergeddon: What do NHS hospitals do now following crippling ransomware cyberattack?

The NHS has gone into meltdown following a computer virus but what can they do about it?

Amber Rudd: UK government prepared for cyberattacks before NHS was crippledITN

The NHS has been hit with a major ransomware attack that has forced critical computer systems of trusts and organisations across the UK offline, resulting in patients being sent home and staff unable to work.

The identity of the cybercriminals responsible for the attack are as yet far unknown and are demanding $300 worth of Bitcoin for any files that are locked-down.

Reports from multiple NHS trusts said that entire systems were shut down, including vital services such as test results, patient admin systems and x-rays.

Advertisement

So what do the affected NHS hospitals do now?

In order to stop the ransomware spreading the NHS has been shutting down the computers of its staff. This is to prevent further data loss and until a solution can be found – thus rendering its staff incapacitated.

Option One: Pay up

The first option for the NHS is to pay up. This is a contested and highly divisive decision, however.

The question is whether the cybercriminals would actually honour the deal of providing decryption tools so data can be retrieved even if they were paid. It also opens up the issue that such action would simply perpetuate ransomware attacks as criminals see that crime pays.

The FBI, on occasion, has advised those affected by ransomware to pay up. "To be honest, we often advise people just to pay the ransom," admitted Joseph Bonavolonta, assistant special agent in charge of the FBI's Cyber and Counter-Intelligence Program last year.

However to cybersecurity experts, this is a big no-no. The belief is this attitude would simply feed the fire and see the ransomware industry thrive.

"Keep in mind that the only reason these thieves keep making these attacks is because people are paying them," Troy Gill, manager of security research at US-based security firm AppRiver, told IBTimesUK. "If victims stopped paying ransoms, they wouldn't have a business model," he added.

The WanaCrypt0r 2.0 strain of ransomware however is demanding a suspiciously low amount of money rather than the thousands that have been demanded from hospitals (and paid) in the past.

Advertisement

It is unknown as yet whether that $300 ransom is per terminal infected or a one-off payment. If it was the latter, one wonders whether the NHS may reluctantly stump up given the attention the attack has been given.

The East and North Hertfordshire NHS Trust, which was also hit by this latest strain, revealed last year that is has been hit several times by malware in the past. "In both cases for the Trust, we did not pay the ransom, we simply recovered the data from an internal backup," it said in a statement.

Option Two: Remove and recover

If the NHS stands firm and doesn't pay this is exactly the route they would take.

It could look to using tools to remove the ransomware and use recovery tools to retrieve data to the last point of backup. UK intelligence agency GCHQ has said it is currently working with the NHS to resolve the attack.

Advertisement

One online service called No More Ransom has the keys to unlock systems crippled by numerous strains of ransomware. The free service was created by Europol, the Dutch National police, Intel and Kaspersky, but at time of writing it does not have support for the WanaCry strain.

This may soon change.

As stated, if the individual trusts have been religiously backing up their data then this cyberattack may not have any damaging repercussions for any terminals affected. If they haven't, they may have to accept the consequences.

Option Three: Patch

According to experts, nine out of 10 NHS trusts are still using Windows XP, with many still operating Windows 7. Both operating systems are out of date and do not have support from Microsoft anymore, leaving systems dangerous and vulnerable to use if they are not maintained and regularly security patched. A patch for this ransomware came out in March this year.

Option Four: Upgrade and invest

With the vulnerability hopefully fixed this major incident will see calls for the government to invest more money into cybersecurity to resolve critical weakness in its IT systems.

Shockingly, this is not the first or even second time this has happened.

Hospitals have become prime targets for cybercriminals inflicting ransomware due to the large and often insecure computer networks they run on. According to cybersecurity firm NCC Group, which researched 60 NHS Trusts, nearly 50% of them were infected by ransomware in 2015.

According to Sky News, seven trusts serving more than two million people spent nothing on cybersecurity. The average annual spend they claim was £22,000. With ransomware attacks on the rise, the need for investing in up-to-date systems has never been more important.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.