Image
"So our hospital is down … We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone."Locked computers? A ransom demand? It sounds like ransomware. This isn't the first time a hospital has suffered a ransomware attack. In February 2016, Hollywood Presbyterian Medical Center temporarily shut down its IT systems because of a Locky ransomware attack. The facility diverted patients to other facilities for treatment and shut down several departments before ultimately deciding to pay the ransom of 40 Bitcoins (approximately $17,000 USD at the time). More than a year later, it appears East and North Hertfordshire NHS is responding to this attack in a similar fashion. As quoted in a statement provided to The Register:
"Today, the Trust has experienced a major IT problem, believed to be caused by a cyber attack. "Immediately on discovering of the problem, the Trust acted to protect its IT systems by shutting them down; it also meant that the Trust’s telephone system is not able to accept incoming calls. "The Trust is postponing all non-urgent activity for today and is asking people not to come to A&E - please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency."The IT teams at East and North Hertfordshire NHS are currently working to address the issue. East and North Hertfordshire NHS isn't the only hospital to shut down its systems, either. https://twitter.com/DCHStrust/status/863034592613322753 Several hours after news of the attack first emerged, the National Health Service released a statement regarding its hospitals' recovery efforts:
Image
"A number of NHS organizations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organizations. "The investigation is at an early state but we believe the malware variant is Wanna Decryptor. "At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organizations to confirm this."Wanna Decryptor, aka WCry, WannaCry, and WannaCryptor, is a type of ransomware that's been in circulation since at least 10 February 2017. On 12 May, an independent security researcher named MalwareHunter discovered a new version of the malware. Since then, the ransomware has taken off. https://twitter.com/malwrhunterteam/status/862988042231054338 NHS notes in its statement "this attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors." Indeed, earlier in the day, news emerged in El Mundo that WannaCryptor had infected 100 computers at Telefonica, Spain's former state telecommunications company. The ISP, which instructed its employees to turn off their computers and disconnect from the internal Wi-Fi network, confirmed the attack in a statement:
"Earlier today Telefónica detected a cibersecurity incident affecting the PC's of some employees within the company's internal corporate network. Telefónica inmediately activated the security protocols for this type of incident in order to resolve the problem as soon as possible."According to International Business Times, the attackers have demanded that the company pay the ransom fee of approximately 300 dollars by 15 May. If not, the attackers will raise the price. Should they not receive payment by 19 May, WCry's handlers said they'll delete the encryption key.
Image
