The ransomware that is wreaking havoc on NHS computers is believed to be using an NSA cyber-weapon leaked in WikiLeaks’ Vault 7 release earlier this year.
Malware called Wanna Detector is preventing hospital staff from accessing medical records.
Hospitals in both England and Scotland are known to be affected.
The ransomware is taking advantage of EternalBlue, an exploit NSA spies used to secretly break into Windows machines, according to the Register.
Microsoft patched the issue earlier this year, but only on version of the Windows operating system that it continues to support.
Up to 90 per cent of NHS computers still run Windows XP, according to a report published in the BMJ earlier this week.
The operating system was released in 2001, and Microsoft cut support for it in 2014.
People can continue to use the software, but doing so comes with enormous risks.
“Using XP is particularly bad because it’s no longer supported and there’s no way to patch it,” David Emm, the principal security researcher at Kaspersky, told The Independent.
Microsoft no longer builds or distributes security updates for XP, leaving it extremely vulnerable to viruses and cybercriminals.
The company is extremely clear about how important it is to stop using XP.
“If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses,” it says.
“Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats.”
Three years ago, the UK government paid Microsoft £5.5 million to extend support, but this only guaranteed its protection for one more year.
The BMJ report ominously concludes, “We should be prepared: more hospitals will almost certainly be shut down by ransomware this year.”
Unfortunately for the NHS, very few older computers are able to run Windows 10, Microsoft’s latest computer operating system.
Why medical information is so much more valuable than financial data
This means the machines themselves need to be replaced, and that will cost an enormous amount of money.
“Unfortunately, XP will likely still be used for some time yet,” Fraser Kyne, the CTO of Bromium for the EMEA region, told The Independent.
“Many organisations are faced with huge potential costs in upgrading their systems, which may rely on XP to support critical line-of-business applications. Systems running XP really should be used in separation from other functions and not used for external web browsing or opening emails from unknown sources. There is just too much risk
Source: NHS cyber attack used US government software leaked by WikiLeaks | The Independent
No comments:
Post a Comment