View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 27, 2017

North Korea to blame for NHS WannaCry attack – UK Government

WannaCry had a global impact, affecting hundreds of thousands of computers across 150 countries, but the NHS was among the hardest hit.

By Tom Ball

The UK Government believes North Korea is to blame for the WannaCry ransomware attack that debilitated the NHS earlier in 2017.

North Korea has previously been connected to the attack, but the strong suspicions from the Government provide substantiation.

Speaking to the BBC, the Minister for Security, Ben Wallace, said: “This attack, we believe quite strongly that it came from a foreign state… North Korea was the state that we believe was involved in this worldwide attack on our systems,” he told the BBC.”

WannaCry hit in May, striking targets globally with a ransomware cryptoworm and demanding payment in bitcoin. The NHS stands out as having been particularly badly affected, being reduced to reverting to pen and paper organisation.

“We can be as sure as possible – I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role,” said Wallace.

The wider damage of the attack is thought to include 230,000 computers, affected by the attack that reached a colossal 150 countries worldwide.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Andrew Clarke, EMEA Director at One Identity: “Often we see cases where the organisation gets impacted by an attack – ransomware being the most reported – and afterwards we hear that the issue has been ignored, advice has been misunderstood or there has been a lack of visibility into whether or not the advice has been implemented comprehensively.

This is not just about the NHS, as for example in the recent case of Equifax we heard afterwards that a security notification regarding Adobe Struts application had not been applied thoroughly.   In many cases the organisation does not have an inventory of all operating systems and applications that need to be patched – which makes the challenging task of patching even harder – a robust patch management system would aid that.

Patching was a problem for the NHS that made it easy for the attack to cause major damage, with outdated systems running on Windows XP, an operating no longer supported by Microsoft in the mainstream.

Bad Rabbit ransomware wreaks havoc in Russia and Ukraine


Sophos unmasks the unknown with new next gen firewall


Bitcoin Gold mining to commence following imminent hard fork


“However, one of the factors at the NHS that we must consider is that some of the specific medical equipment being used was only ever designed to run Windows XP – so in that case the options are limited.    What could have been done better was the compartmentalization of environments that were known to be running older software so that if they did get impacted, the damage could be limited,” Clarke said.

With attacks becoming increasingly common and effective, methods and practices by which to heighten security should be on the minds of all.

Javvad Malik, security advocate at AlienVault, who said: Fundamental security controls and hygiene could have prevented, or at least minimised the impact of  WannaCry on the attack. But perhaps even more telling is that while the Department of Health had an incident response plan, it was neither communicated nor tested. Without a clearly communicated and tested incident response plan, trying to make one up in the midst of an incident is a recipe for disaster.”

Focussing back on the real cost of the attack, Raj Samani, Chief Scientist and Fellow at McAfee, said: Reports that NHS England has identified 6,912 appointments cancelled as a direct result of the WannaCry ransomware, should be our primary focus. Recognising our dependency on technology and managing the risks to reduce the likelihood of disruption from further attacks being realised must be a priority.

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.