Topics
More on Operations

Hospitals in UK National Health Service knocked offline by massive ransomware attack

The network was likely taken down by the Wanna Decryptor, one of the most effective ransomware variants for which there's currently no decryptor avai

Jessica Davis, Associate Editor

The entrance to the Arthur South Day Procedure Unit at the Norfolk and Norwich University Hospital taken by FrancisTyers. Photo via Wikimedia Commons

The National Health Service in England and Scotland was hit by a large ransomware attack that has affected at least 16 of its organizations, NHS Digital announced this morning.

The attackers are asking for 415,000 pounds, or about $534,146, before May 19 or the hackers will delete the files, according to MetroUK.

The attack has crippled the health system's ability to treat patients, according to BBC News. Hospital staff are unable to access patient data. Further, ambulances are being diverted and patients are being warned to avoid some departments.

[Also: 'Warfare mindset' key to justifying cybersecurity investment, experts say]

The organization launched an investigation and determined the ransomware is likely the Wanna Decrytor. It's one of the most effective ransomware variants on the dark web, and at the moment, there is no decryptor available.

Officials said the attack didn't specifically target the agency and that organizations from other sectors have been hit, as well.

"At this stage we do not have any evidence that patient data has been accessed," officials said in a statement.

Spain said Friday that many companies, including the telecommunications giant Telefonica, were also dealing with ransomware attacks, according to Reuters. Portugal Telecom was also hit by a cyberattack that did not impact its services.

The ransomware campaign might be caused by leaked NSA hacking tools, according to Politico. The malware was included in the online dump by the hackers called Shadow Brokers, which they said were NSA tools.

[Also: Cyberinsurance options a 'Wild West' for healthcare organizations]

"This seems to be a very large scale attack, with earlier reports of infections in Russia, Ukraine, Taiwan, as well as all over Europe," Mounir Hahad, senior director of Cyphort Labs said in a statement. "There is cause for alarm in the U.S. as well, given the speed at which this attack as spread and the fact that it seems to know no border."

"This shows how quickly criminals are able to adopt newly exposed vulnerabilities and how slow the rest of us are to patch," he continued.

[Also: Health data breaches in March surpassed January and February combined, study finds]

NHS Digital is working closely with National Cyber Security Centre, the Department of Health and NHS England to help the organizations affected by the attack and to ensure patients are protected.

"Our focus is on supporting organizations to manage the incident swiftly and decisively, officials said. "But we will continue to communicate with NHS colleagues and will share more information as it becomes available."

Twitter: @JessiefDavis