Earlier this year, the National Health Service (NHS) was hit in a wide scale attack from the WannaCry ransomware. A recent report from the National Audit Office (NAO) shows that while devastating, this attack could have been prevented through security best practices.
The WannaCry outbreak occurred back in May when over 19,000 medical appointments were canceled, 600 GP computers were locked and five hospitals had to have their ambulances diverted elsewhere. That attack, which put countless lives at risk, was caused by ransomware; a type of malware that encrypts computer files and hold them ransom until victims agree to pay for an unlock key. In the case of WannaCry, the code was actually far less sophisticated than other ransomware of its type and known security patches could have prevented the infection or at least severely limited its impact.
The main proliferation method of the WannaCry ransomware was through the EternalBlue vulnerability in the Windows Server Message Block Networking Protocol. What is interesting is that Microsoft had already patched the vulnerability in April, a full month before WannaCry took hold. The recent report from the NAO shows that it had also already issued critical security alerts throughout March and April. The alerts came as part of a general statement to warn organizations to be aware of the EternalBlue vulnerability and to prepare and to take precautions to against ransomware attacks in general. Despite the patch being readily available and warnings being in place, WannaCry spread to 150 countries in less than a day.
The WannaCry incident works as a great case study for the importance of patching and patch management. While the preventative capabilities existed to protect against the disaster, without a strong IT backbone to apply the patches, the security measures were rendered pointless. Additionally, even after infection, the matter could have been resolved with minimal disruption had the organization prepared a more robust backup strategy. Instead, the attack was allowed to progress to a point that made recovery time intensive and costly. Given the growth of ransomware over the last two years, we strongly recommend that organizations learn from the mistakes of the NHS and take steps to secure their business networks.