What Happened at the NHS and What is Ransomware ?

Our in house experts have considerable experience working with large scale national computer systems, particularly those in the public sector. We believe that the recent ransomware attack on the NHS was almost an inevitability, but we also believe that the public awareness of this type of attack is now greater than ever. It is important that all business owners understand the implications of a ransomware attack and how to prevent one. We created this small article to help explain.

Importantly, as Digital Accountants we are responsible for helping businesses with their software systems. Our experts understand the risks and we are regularly advising our customers on how to avoid ransomware and other dangers. We are always available for a chat if you feel you want I.T. advice, or just to check that your systems are secure, this is all part of our service to you.

What Is Ransomware ?

Ransomware is a form of malicious software program, a virus. In particular, a virus which removes access to data and only restores access to that data once a ransom has been paid to the creators.

Ransomware uses a mathematical computing technique called encryption. Encryption works a bit like a lock and key. The lock is a mathematical formula which turns your important documents, photos, media and any other data into an unrecognisable stream of digital data. The mathematical formula can only be reversed using the correct corresponding ‘key’, something which the Ransomware creators have, but you don’t. Without this key, your data can never be converted back into it’s original form and therefore will remain lost forever. The ransomware attack usually pops up a notice instructing the user to take certain actions to make a payment of a substantial amount of money before the key is released and the data is obtainable again. To make matters worse, the attack usually gives you a very limited window to make your payment, after which the data is lost forever.

What Happened at the NHS ?

The NHS (like many organisations) has some difficult challenges which are met by creating bespoke software systems. The NHS in particular has to deal with a huge amount of data relating to patients, staff, medication, purchasing etc, many of these systems are created specifically for the task, and many of them were made a long time ago. Many government systems still rely on software that was written in the 70’s and 80’s. This is because those systems still work and are so largely integrated into the daily operation that to replace or remove them would be incredibly expensive.

In the case of the NHS, some of these software solutions were reliant on Windows XP to operate. However, Microsoft stopped supporting Windows XP in 2014. This means that any security vulnerabilities identified after this time would not be addressed, and this is the method of action used by the attackers of the NHS. The use of Windows XP was widespread, and it’s security features were flawed. The NHS was running the risk that it’s system could be infected, but no doubt the cost of upgrading these systems to a newer and safer Windows environment would have cost millions of pounds.

WannaCry Ransom Attack Screen

Wannacry Ransomware Screenshot Example

Can I Get My Data Back ?!!

Once you have fallen victim to a ransomware attack, the damage has been done. The only effective method is prevention.

It may be assumed that the encryption could be ‘cracked’, but ransomware attackers use some of the strongest forms of encryption available. The ‘solution’ keys are in the order of 620 digits long and it would take your average business computer over 6 quadrillion years to calculate the answer. This is the same form of encryption that is used to keep your banking details safe, perform online transactions safely and many other security applications.

Although there are examples of ransomware software being cracked, and the data being made recoverable, this is only due to flaws in the virus’s code. This is rare however, and prevention is the absolute line of defence when it comes to ransomware.

Why Not Follow The Money ?

Many people believe that because a financial transaction is part of the plan, why not follow this money to find out who the perpretrators are ?

Sadly, the ransomware attackers are very good at covering their tracks. Usually a digital currency, such as BitCoin, is required to make the payment. This method makes it virtually impossible to trace the money to the end recipient as a digital currency can be laundered much easier than cash from traditional banking systems.

Our Top Tips

Email Hosting

Most malicious software is spread through emails. Local anti-virus can help but your hosting provider should also provide anti-virus and anti-spam software on their sever. Many cheap hosting providers do not (because it slows their servers down). Llewellyns can provided fully protected hosting for you if you need it.

Operating System

Old software has security holes, it’s inevitable. The upgrade path to Windows 10 is free and is an excellent security upgrade as Windows Defender (free anti-virus) is included. Windows Vista is recently out of support and should not be used (nor any windows previous). Mac OS X should be kept fully updated, currently to Sierra.

Backup and Be Ready

No software is 100% secure. New viruses are created every day, and although most anti-virus software updates happen rapidly to catch them, some may slip the net. There is no better protection against data loss than keeping regular backups. Even better is to use a cloud service which stores all your valuable data off site ready for a disaster recovery situation.

Update, Update, Update

Keep your anti-virus up to date (new updates happen almost daily), keep your operating system up to date (ie.. Windows Update, Office Update, OS X Update etc). The only way to stay ahead of new threats is to keep all software fully updated. This is essential.

Is Anti-Virus Getting Better ?

1000s of Ransomware Attacks in 2016

Source : Microsoft Windows Defender 2016 Data

There is no doubt that anti-virus software (which prevents ransomware attacks along with many other malicous programs) has improved immessurably over the last decade. In the last few years, the inclusion of an effective free anti-virus solution built into Windows 10 has provided millions of people with an effective solution to the problem without any cost or expert computer knowledge required.

Ransomware itself has also seen a huge decline throughout 2016 (see left), but this is no reason to ignore the problem. Although their prevalance is reducing, the impact a successful ransomware attack can have is no less devastating. Despite all the tools available to us, new ransomware viruses and other malicious code are being produced all the time.