Widely touted as “the biggest ransomware outbreak in history”, the UK's National Health Service (NHS) was just one of thousands of unsuspecting corporations around the world that found themselves crippled by a malicious virus that infiltrated their computer networks on Friday 12th May. The virus, now identified as Wanna Decryptor ransomware—also called WCry—is defined by CNET as “malware that encrypts important files”, and one that caused global confusion and consternation in equal measure over the weekend (13-14th May). The destructive effect of the ransomware began to take hold of computers across the world across the weekend, locking machines and rendering them unusable, with the captors demanding a hefty ransom for the safe release of the substantial data they held. 

According to extensive coverage from The Independent newspaper, “more than 200,000 victims in around 150 countries have been affected by the ransomware, which originated in the UK and Spain on Friday before spreading globally” at an estimated rate of 5 million emails per hour. Reports speculate that the ransomware is demanding somewhere in the order of $300 in Bitcoin (around £230) for each computer it holds, specifying that all payments must be made before the deadline on May 19th, at which time all the encrypted files held will be permanently deleted if the threats are to be believed.

The number of companies affected by the hack is in the hundreds of thousands, with the US’s leading delivery service FedEx, Germany’s chief rail operator Deutsche Bahn, Japan’s leading automotive manufacturer Nissan, and Spain’s telecommunications giant Telefonica just a selection of the companies hit by the malware, with the infection even making its way to Russia’s Interior Ministry. Rob Wainright, head of the EU’s law enforcement agency Europol, has tried to remain positive in the wake of the cyber-attack, but still acknowledges the rippling effect it’s had across the world: “We will get a decryption tool eventually, but for the moment it’s still a live threat, and we’re in disaster recovery mode”.

The effect on the UK's NHS

The NHS was one of the largest and hardest-hit companies in the cyber-attack, with reports suggesting that around a fifth of NHS trusts across the UK were struck. This digital infiltration, dubbed “the largest cyber-attack in NHS history” by The Telegraph, naturally led to the postponement of thousands of scheduled operations and procedures across the weekend, whilst the masterminds behind the hack continue to demand a ransom to give hospital staff back access to vital medical records.

Described by an NHS England spokesman as a “very complex emerging picture”, what’s almost ironic is that such a complex issue could have been solved with ease—all it would have taken to protect the entire NHS digital infrastructure would have been updating their computer systems to a newer operating system. Further to this, details have come to light that the Government in May 2015 stopped paying Microsoft for much-needed additional Windows XP support which, had it continued, would have future-proofed the entire NHS against the kind of ransomware hack it’s now at the mercy of. Science, culture and technology publication Wired even goes as far as to say that “stopping support for XP and the potential vulnerabilities it would create were well-known to [both] NHS cybersecurity and [the] officials who oversee the services provided”.

The ignoring of easy pre-emptive yet protectionary measures like additional computer support and the necessary updating of outdated operating systems naturally opened the door to a barrage of criticism in the wake of the scandal, with Labour’s shadow health secretary Jonathan Ashworth wagging the finger of blame in earnest firmly in the direction of current Conservative health secretary Jeremy Hunt, pointing out that concerns have been repeatedly flagged up regarding the importance of updating outdated computer systems to protect against unsolicited viruses, but to no avail.

Many point out that assigning blame for the ransomware attack in this way, whilst almost comforting, will get us no further to figuring out the identity of the hacker (or hackers) responsible for this crime. It’s said that all major investigatory services around the world—including the National Crime Agency—are working around the clock to hunt down the perpetrators. During this time it’s said that the virus is no longer spreading and is now contained only to the infected computers, but it does have to be said that chief executive of the National Cyber Security Centre Ciaran Martin has made it clear that we’re not out of the woods yet: “[Because] existing known infections can spread, we can't say what scale the new cases will occur at, but it’s likely there will be some”.

Whilst a team of computer experts are finding a cure to the cyber virus currently incapacitating a portion of the NHS’s extensive digital network, Professor Helen Stokes-Lampard of the Royal College of General Practitioners is pleading for patience among those seeking non-urgent medical assistance during this difficult time: “GPs, of course, can still diagnose and treat patients without using computers, but we ask our patients to bear with us if routine services such as repeat prescriptions and appointment-booking services are slightly disrupted this week. In the meantime, we wish to reassure patients…that you will receive the best possible care from the NHS, despite current difficulties”.

How long it will take the NHS to get back on its feet nobody yet knows, but one thing is for sure—as proved by the ongoing attack, the NHS’s computer systems are just as open to potentially fatal viruses as the patients the service aims to protect. Whether the cure is on the horizon, we’ll have to wait and see…