The recent cyber-attack which has affected British hospitals among other highlights a number of important topics in the cyber-security community.
I’ll start with a brief explanation of the attacks for those of you who have not seen the news. The attacks are the result of the infection of NHS computers with a type of ransomware. While it will take some time to get to the bottom of the attacks as well as find out all of the factors involved, initial reports are that the malware is suspected to be from an infected email sent. This phishing attack appears to have exploited a vulnerability in the operating system used by the computers. While the vulnerability has been known, these computers were not on a modern operating system, leaving them vulnerable to an exploit that has been fixed in newer versions of supported operating systems. Currently, while it is not suspected that information has been stolen, the NHS is unable to access their patient information, leaving them crippled. There are reports of parents unable to take their newborns home, as well as operations unable to continue do to the system infection. The mistakes made which led to this infection could potentially have massive financial repercussions, and worse, could certainly lead to the loss of life.
Just this last week I made posts discussing both phishing and the rise of ransomware as a threat. These attacks highlight the absolutely devastating amount of damage that is able to be done by malware when systems are not properly secured. Additionally, if these computers are not all completely repaired and the vulnerability is removed, they could quickly see themselves the targets of another even more sophisticated and damaging attack.
This situation highlights why it is critical that all companies spend an adequate amount on protecting themselves from viruses. This includes having modern up to date equipment, as well as training employees. If phishing was involved, then it is possible that some training could have prevented this. Similarly, if the machines were running a modern operating system, they could have escaped from the malware.
If a machine is potentially infected, it is absolutely critical that all vestiges of the malware are removed. This is why professional computer repair experts are necessary. In particular when you are dealing with a full computer system, leaving malware on one individual machine can cause the whole network to be compromised.