The NHS RansomWare virus

/ Articles /

The NHS RansomWare virus

Well, what the hell was that all about? We recently saw how the NHS and many other companies and computer users were brought to their feet by a nasty PC virus. One small piece of computer code caused so much damage. And it doesn’t stop there.

What was behind the attack? It goes back a few months before it happened. In previous articles I wrote about Internet Hacking. The U.S. had commissioned a series of viruses (worms) back in around 2010, which could be used to wreak havoc with Iran’s nuclear production process. This bit of software, when loaded into industrial control systems would attack standard off-the-shelf Web-Enabled motor controller units. In the Iranian situation, this upset motor control systems that were used in centrifuges refining nuclear material. They went out of control and damaged themselves. So, what does this have in common with the recent disaster?

It ‘s well accepted that the NSA (National Security Agency, U.S.) had designed a virus, EternalBlue, which took advantage of a weak spot in Microsoft operating system. It was a problem with how MS dealt with remote server access. Too complicated for any women to understand. Basically, if you had the where- with-all, you could access and walk around any PC on a network.  A disgruntled ex-employee had collected these Trojans and viruses, including EternalBlue and had them on the Internet, up for the highest bidder. For whatever reason (he probably had the hump, his XBox broke) one day, he just let access to be had by all. He was arrested. In March, Microsoft had issued updates for systems like Vista through to Win10, to shut off this loop hole. The damage was done though.

A group know as WannaCry took a variation of EternalBlue and added some nasty additional payloads. The virus, hiding as an update attachment such as Adobe etc. Once on your machine, it did several things. The first was to “open” your PC in readiness for remote access via a third party, should it be needed. The second, was to install an encryption package to make your files unreadable, unless you purchased a code. Thirdly, the virus locked your machine so you could not carry out any repair applications. Lastly, it looked at any PC connected on your network and tried to spread itself to carry out more of the same crimes. Once infected, your screen showed a page where you could pay to have your machine unlocked. The payment was in the electronic currency, Bitcoin. 12th of May, the virus was released.

Within a few hours, AntiVirus companies were seeing reports of networks globally being damaged. The High profile NHS hit the news as 60% of their network was compromised. Many trusts had not updated their systems. Planned operations, to local Drs. Surgeries were shut down, with an inability to see patient notes.  AntiVirus companies, GCHQ etc., were looking at ways of stopping the spread. Strangely enough, it was a chap who worked at an AntiVirus company, monitoring what was happening, he was on holiday. He managed to load the virus onto a sacrificial machine, so he could see what it was doing. Inadvertently, he noticed that the virus was trying to make contact with a website that didn’t exist. This may have been an oversight on the Hacker’s behalf. He bought the domain name for a few quid. Long and short, this stalled the virus spread and allowed remedial work to be done. One chap, on holiday! The government recognised his efforts and gave him 10,000 quid and some extra cheese on his pizza. He gave it to charity. The money that is, he ate the cheese.

So what does it all mean? We are all vulnerable. We live and die by the Internet. Just imagine if you took that away? No Facebook, emails, TV and telephone calls. Very frightening?

Think of this I ask you. WiFi connected equipment is all common place. You can control your house heating, lighting systems from your tablet, evens children’s toys can be accessed from a laptop. There are many easily obtained programs that you can download which will enable you to “sniff” the WiFi air and hack away. Knowing the right things to do and assuming default passwords such as 1234, you could have access to your heating system. OK, no big deal you might say. But, if Dodgy Bob hacked into every one of these heating controllers across the UK, bought at B&Q, and decided to whack them up full 12.00 hours on Christmas day, the Energy Companies would not cope with the overload. SHUTDOWN. No sprouts, no turkey.

Seth, Zeta Services, Working hard….for you.