The scale of damage the global WannaCry ransomware attack had on the state-run National Health Service has been publicized in a damning report from the U.K.’s government’s watchdog, highlighting the lack of preparedness the organization had to protect itself and the public from such an attack. The National Audit Office criticized the Department of Health for being too slow to improve critical IT systems, in a report published Friday. It said reports from the National Data Guardian and Care Quality Commission published in July 2016 warned the government that cyber attacks could jeopardize patient security, but the health-care department had not made significant enough improvements by the time WannaCry struck.
Separately, the U.K. Security Minister Ben Wallace said North Korea was behind the attack, which could have been prevented. He made the comments in an interview with the BBC.
“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice,” the head of the NAO, Amyas Morse, said in an emailed statement. After WannaCry began infecting Microsoft Corp. Windows-powered computers via the internet on May 12, users were given 72 hours to pay £300 in bitcoin — chosen by the hackers because the crypto currency is harder to track than conventional payments — or pay twice as much.
If they refused to pay after seven days, their computer would be permanently locked. The NHS was not specifically targeted — companies such as FedEx Corp. and Nissan Motor Co. were also compromised — but the NAO concluded Friday that 81 of the 236 NHS trusts were affected in some way by the attack, either by direct infection or voluntary shutdown of networked hardware as a precautionary measure. Trusts include regional hospitals and ambulance services.
In addition, 595 local doctor’s offices were infected with the virus. Keith McNeil, chief clinical information officer for Health and Care at the NHS, said in a statement that “many lessons had been learned” from the incident, but “as the NAO report makes clear, no harm was caused to patients and there were no incidents of patient data being compromised or stolen.” He said an extra 21 million pounds (£28 million) has been made available “to increase the cyber resilience of urgent and emergency care, starting with major trauma centers.”
While NHS computers and email accounts were inaccessible during the attack, local medical staff would communicate with each other via Facebook Inc.’s WhatsApp messenger service, as well as telephone.
In part, doing so was the result of what the NAO concluded was a lack of clear guidelines for responding to a major cyber attack. The use of WhatsApp in particular was in stark contrast to NHS guidance in 2015 that said the service “should never be used for the sending of information in the professional health-care environment.” The organization had appeared to have softened its stance as soon as May 25, when an NHS Digital guide to the use of social media said services like WhatsApp should not be used for work or official communications “unless it is part of your responsibilities”.
Home Secretary Amber Rudd said earlier this year that WhatsApp should open its encryption to security services to help combat terrorism — a so-called backdoor that would make it technically possible for a third party to access the platform’s encrypted contents. Many security experts have criticized the demand, and Facebook has resisted them. Dan Taylor, head of security at NHS Digital, the health service’s IT provider, welcomed the outcome of the NAO’s report and said WannaCry’s impact on Britain’s health services was significant.
The NAO’s report concluded that although no ransom was paid by the NHS to regain access to medical systems, the organization would have spent additional money to cover additional IT support, national and local staff working overtime and canceled appointments.
A US judge has set bail of £30,000 for a well-known British cyber security researcher accused of creating and distributing software designed to steal online banking credentials and credit card information. Marcus Hutchins, gained celebrity status within the hacker community in May when he was credited with neutralising the global “WannaCry” ransomware attack which brought servers in Britain’s National Health Service to a standstill – and later spread to 150 countries. Hutchins, who is also known as MalwareTech, was arrested by the FBI while he was returning to the UK after joining Def Con 25, the annual international cyber security gathering, at Las Vegas.
The 23-year-old’s Twitter account shows he sent several tweets on Wednesday, but later went silent. His lawyer said the 23-year-old hacker would contest the charges but added he would not be released until Monday because there was not enough time to post bail after Friday’s afternoon ruling in Las Vegas. Hutchins has broad support in the information-security community.
Lawyer Adrian Lobo said: “He is going to be released pending certain conditions that he has attached to the bond, and that he has to post a £30,000 cash bond – that’s coming from a variety of sources, he has tremendous community support, local and abroad and in the computer world.”
Support from MP
In a statement issued on Friday, British MP Peter Heaton-Jones expressed his concern at Hutchins’ arrest. He says in his statement he had written to British Foreign Minister Alan Duncan seeking urgent assurance that Hutchins was receiving consular assistance and would get independent legal representation. “I will continue to monitor his case carefully and to seek the necessary assurances from the government that the UK is doing everything in its power to assist Marcus and his family at this very difficult time,” he said.
Activists and friends of Marcus have initiated a fundraising campaign for his legal support.
“This campaign is intended to fund MalwareTech’s legal fees, costs, and expenses,” wrote hacker Tara Wheeler on Lawpay. “These funds are to be spent solely on Marcus’ legal fees, costs, and expenses, or in the event it’s not all used up, donated to the Electronic Frontier Foundation,” she added. Nicholas Thompson, the editor of Wired Magazine, voiced doubts about the circumstances of Hutchins’ arrest.
“Three months ago, Marcus Hutchins was a hacking hero. Now he’s arrested and something seems fishy,” he wrote on Twitter US prosecutors say Hutchins created the malware known as Kronos – marketed as a way to steal logins for banking websites – and sold it for £2,000 back in 2015.
If downloaded from email attachments, Kronos left victims’ systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts. Hutchins’ lawyer says he denies all charges and many cybersecurity experts say arresting him could backfire. They are essentially saying ‘don’t cooperate with us, because if you do you are going to attract our attention and we’ll, potentially, going to throw you in jail.’ I just don’t understand why they are doing this,” said Tor Ekeland, the managing partner of Tor Ekeland PC.
The so-called WannaCry ransomware attack had infected about 200,000 computer systems in 150 countries, with Russia, Ukraine, and Taiwan being the top targets. Hutchins came up with a way of stopping the ransomware when he accidentally discovered a ‘kill switch’. According to a US official, the allegations are unrelated to the WannaCry attack he was credited with halting.
The hacker might face decades in prison in the US if he is found guilty.
The Bitcoin wallets used by the operators of the WannaCry ransomware have been emptied, Quartz reported. WannaCry infected Windows machines and encrypted their files – demanding a £300 or £600 ransom in Bitcoin to have them returned. It spread around the globe using an NSA-created cyber weapon called EternalBlue.
The WannaCry ransomware earned its makers around £140,000 in Bitcoin in total, which sat untouched for months in three wallets. According to Quartz, the Bitcoin is likely to have been sent through a “mixer”, obscuring its trail as the attackers try to cash out. An internal NSA document stated that based on an analysis of the ransomware, it points with “moderate confidence” to the Reconnaissance General Bureau – North Korea’s spy agency.
It believes WannaCry was an attempt to raise money for Kim Jong-un’s regime.