NHS attack: Is WannaCryptor one of the biggest threats to cyber security?

On Friday, the NHS became the victim of a huge cyber attack from hackers threatening to delete all data unless they pay $300 (£233) per machine to a Bitcoin wallet address.

In addition, telecommunication and utility companies around the world were also hit, with the full long term effects still to be fully realised.

The large scale attack was from the new family of ransomware called WannaCryptor.

Cyber security solutions provider Bitdefender, has been analysing WannaCryptor and sagest that it is one of the biggest threats that both end users and companies have had to face recently.

Because the list of vulnerable Windows PCs can be found through a simple internet scan and the code can be executed remotely, no interaction from the user is needed. Once the PC is infected, it acts like a worm, it replicates itself in order to spread to other computers.

Bitdefender’s analysis reveals that the wormable component is based on the EternalBlue exploit that had been leaked out in a data dump allegedly coming from the NSA. This strain of malware is one of the few that combine the aggressive spreading mechanism of a cyber-weapon, with the irreversible destructive potential of ransomware. Up until now, more than 120,000 computers worldwide have been infected.

The CVE07-010 vulnerability affects almost all versions of the Windows operating system, including those who are not actively supported anymore, such as Windows XP, Windows Vista and Windows Server 2003. Because of the extremely high impact, Microsoft has decided to issue patches for ALL operating systems, including the unsupported ones. If your operating system does not have the specific hotfix installed, then you are vulnerable and need to update immediately.

What you can do to stay protected?

  1.       Disable the ‘Server Message Block’ service on the computer if patching is impossible
  2.       Install the patch
  3.       Back up your data on offline hard drives. The ransomware malware will encrypt files on external drives such as a USB thumb drive, as well as any network or cloud file stores
  4.       Patch and Update your software and make sure you have all Windows updates on your machine.
  5.       Use a reputable security suite

Damian Skeeles, Principal Solution Engineer at Anomali, commented on the attack: “Ransomware attacks are becoming ever more targeted and effective, with attackers targeting specific verticals, companies, and even choosing time periods when an outage is most damaging to try to discourage any alternatives to paying the ransom. Certainly, staff training, anti-phishing controls, and reliable backups to meet recovery objectives are the most effective mitigations here. Automating and streamlining the sharing of intelligence on these threats can also help organisations work together in both defence and remediation in ongoing attacks.”


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.