On May the 12th 2017 the United Kingdom’s National Health Service (NHS) suffered catastrophic IT issues due to the WannaCry, or WannaCrypt, ransomware application.
While the fallout continues to reverberate over who’s at fault for the cause of the issue, many politicians and the media completely misunderstand the nature of a cyber attack. The incident has been labelled as an “attack” or a cyber-attack but this suggests that a malicious act was specifically aimed and executed at the NHS. This was not the case. What ransomware does is to get a piece of software onto a computer and encrypt its contents, blackmailing the owner of the computer into paying to get their data back. Hence the name “ransomware”.
How does WannaCry work?
In the past malicious software has often installed itself on a system by fooling a computer operator into clicking a link which installs the software, or by spreading itself through a computer network. What the WannaCry software does is to utilise both of these methods; someone needs to unsuspectingly install the software and then it spreads via computer inter connectivity.
The reason why the NHS was susceptible is because they’re running old software. The reasons for this are many but include the fact that legacy software used by the NHS requires older versions of popular operating systems, and that the NHS lacks funding and so therefore doesn’t possess the resource to update their systems.
Adding further weight to the NHS not being the target of this act, some high profile companies and agencies across the world were also reportedly affected such as FedEx, Telefonica in Spain and alledgedly the Russian government.
This is where it gets political as reports start to appear of former Secretaries of Health, in the government, starving the service of the funding required to ensure that their IT Systems are guarded against such disasters. If that is the case it will be fascinating to see how much money was saved in this measure versus the cost involved to resolve the problem, let alone the very real impact on human lives caused by the events of the last 48 hours. It’s also an incredibly obvious metaphor to compare the health of a patient to that of an IT system against an infectious piece of software. If a patient was at risk of a disease, would any health professional turn down their treatment?
All this in the run up to a UK election as well…