Computers in the UK’s hospitals were hacked. They were hit with a piece of ransomware called WannaCrypt(similar in spirit to Cryptolocker). How would this work? You would receive an email that looks suspiciously like it came from your bank(or some company that you deal with). You then click on a document to download it and open it in Microsoft Word(or your word processing application of choice). At this point, you will then see something similar the above screenshot.
As shown in the above screenshot, if you don’t pay up within 3 days then the amount you will have to pay increases. If you don’t pay up in 7 days, then you will lose access to your files forever.
Why does this matter at all? Well, hospitals around the country were sending some patients who had booked appointments home. Additionally some operations had to be postponed. It gets worse: access to patient records, X-rays, emails and much more was blocked thanks to this attack.
So what is ransomware? Well it’s a type of malicious software which basically blocks you from accessing the data on your computer (e.g. any documents, or photos you might have). To then get your data back, you would have to pay money to the bad guy. In this case, they are asking for bitcoin(a digital currency).
That’s not all, the attack has spread to other countries as well.
Whilst the root cause of the issue has not been found, my hunch is that someone had downloaded something and opened it to trigger the ransomware. It might also be the fact that many of the hospitals in the UK still have computers running Windows XP (an operating system which Microsoft stopped supporting in 2014).
What’s the potential fix to this? Well, on the back of this massive security breach, Microsoft has decided to release an emergency update for Windows XP, Windows, Windows Vista and Windows 8. If you have a computer with any of those operating systems then I would strongly urge you to grab it from this page.
The other fix to this in general is that we all need to be more careful in terms of opening links or attachments in emails.
Most important of all, these hospitals are run under the National Health Service (the NHS) here in the UK and the NHS is funded by the government. The government needs to put more funding into securing their computer systems and training staff in hospitals so that this won’t happen again.
Generally, my policy is that if you were not expecting an email with some document(or other kind of file) attached to it, delete the email immediately. Same goes for emails with links in them.
Another telltale sign is an email that has poor spelling, punctuation or grammar in it. Lastly, an email might not use your name at the start (e.g. it might start with “Dear friend”/”Dear colleague”, instead of “Dear Adi”).
Another thing we can do is keep our software up-to-date. Microsoft normally releases updates for it’s Windows Operating System on the second Tuesday every month. By default the important updates are downloaded and installed automatically, so for the vast majority of you part of the work is already done.
So I have a few question for you:
How many of you out there are still running Windows XP? (if you still are, there’s no shame in that).
If you are running Windows XP? Why?