NHS Lanarkshire Operations Disrupted by Ransomware Infection

Media Division | August 28, 2017

There are some cyber threats that tend to be far more commonly used than others. One of these would be ransomware, which is a type of malware that encrypts files and then demands a ransom payment for their return. Upon payment of the ransom, the perpetrator will provide a decryption key that can be used to free the files. But, there is also typically a time limit for payment of the ransom, and when it is not paid in time, the files will often be corrupted or destroyed. While most ransomware creators will generally follow through with their claim to return files after payment, there really is no guarantee that they absolutely will do this. They could just as easily take the payment and destroy the files out of malice. They could also save copies for themselves to use for later purposes, such as selling the data. Whatever the case, the point is that ransomware is a very prominent form of attack. A recent incident involved a ransomware infection of NHS Lanarkshire that resulted in disruption of a few different services.

Details of the Ransomware Infection

The ransomware attack had initially begun on Friday, and according to NHS Lanarkshire, the strain of ransomware was a new variant of Bitpaymer. The infection had been discovered after IT issues were reported. Staff had then worked meticulously over the weekend in efforts to bring IT systems back online. Fortunately, the number of systems affected was quite small, with most being restored on Sunday and the rest on Monday.  The attack resulted in a small number of appointments and procedures being canceled, but staff are working on getting everyone rescheduled. They are currently investigating the attack in efforts to determine how the ransomware was able to get in undetected.

Of course, this is not the first time that an NHS branch has been hit by a cyber attack or even ransomware. We saw the massive scale WannaCry attacks hit numerous NHS organizations back in May. Fortunately, this most recent infection is not near the scale of that incident. So far, it appears to be isolated to Lanarkshire, which made it easier to mitigate the damages. Although, it does display that this branch needs to take action in bolstering their security since they have already been infected again. Once the investigation is complete, they will likely have a better idea of how the infection occurred, which will allow them to once again fortify their security and hopefully to a better degree this time.

Preventing the Likelihood of Infection with Anti-Solutions Phishing

When it comes to ransomware attacks, one of the most common forms of entry is by way of phishing. This is when the perpetrator uses cleverly crafted emails to fool staff members into clicking on a malicious link or attachment or sending sensitive information. These links and attachments will often allow the attacker to install some form of threat within the system that they can then use for their purposes. Of course, this is not the only way that ransomware infections occur, but it is likely the most common way, which is why organizations must have anti-phishing solutions in place. There are two sides to anti-phishing solutions, which would be proper prevention methods and a mitigation plan for the event of a successful attack. Some organizations may not have all of the necessary resources to handle both sides, which is why many will enlist outside assistance. Massive Alliance provides extensive anti-phishing solutions that can help organizations to both defend themselves, as well as remediate a current incident.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.