Tag: wannacry

Horizon: The Day the NHS Died

We all watched in shock as the NHS was forced  to shut hospitals, send patients home, cancel operations and close surgeries due to the WannaCry ransomware that disabled many of the NHS systems in mid May 2017.

The BBC Horizon programme “The Day the NHS Died” tells the story of what happened – how the NHS coped and the guys who stopped the ransomware in its tracks.

The presenter, Kevin Fong,  is a doctor so the programme was very much about the medical effects of what happened.  The attack started on May1 2th and rapidly spread across the NHS because of certain old computers still on the network and newer computers that weren’t up to date with security patches.

Much of the NHS relies heavily on computer systems – especially radiology  and once the attack was recognised much of that equipment had to be turned off to prevent the attack spreading to those systems as well.

The two guys who stopped the attack work in cyber security and looked at the ransomware code and discovered a website address which turned out to be an off switch for the ransomware and they used it to stop the attacks.

The programme is interesting but also worrying at how badly the NHS fared compared to other organisations. There’s a lot of work to do on the NHS computer systems to make them secure and that means a lot of money needed.

Watch now on iPlayer at

http://www.bbc.co.uk/iplayer/episode/b08vfzm0/horizon-2017-cyber-attack-the-day-the-nhs-stopped

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

The Hero Who Stopped NHS Ransomware Attack

The WannaCry ransomware attack of May 2017 wasn’t aimed at the NHS, it was spread across Europe and Asia and happened to hit the NHS very hard for a series of reasons including that they had old Windows 95 machines on their network and because their network has a huge number of computers attached to it.  The ransomware demands users pay $300 worth of online currency Bitcoins to retrieve their files, but the price goes up if they don’t pay quickly and of course there is no guarantee that payment allows file retrieval.

An anonymous  UK cybersecurity researcher (known by the Twitter handle @malwaretechblog)  with the help of Darien Huss from security firm Proofpoint looked at the ransomware and discovered the name of a website which was being accessed by the ransomware. But the website address hadn’t been registered by anyone. He bought the domain name in order to track the activities of the ransomware but in fact it was a “kill switch” that stopped the ransomware from spreading any further. Well done, if unintentionally.

That didn’t help the people whose computers had already been infected but it stop the outbreak from continuing.

Unfortunately once the scammers realised how the malware had been stopped, they created and released a version that ignored the kill switch. But at least people had time to build defences against another attack.

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic.

MalwareTech explained that he bought the domain because his company tracks botnets (automated networks of controlled computers), and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.

He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.

“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

Well done hero – he’s now an honorary Ninja.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.