NHS England Hit With Ransomware Extortion

👤by Tim Harmer Comments 📅12.05.2017 17:41:36



NHS services across England are reportedly under 'cyber-attack' this evening, shutting down IT systems and causing the cancellation of routine health procedures. NHS Organisations in a variety of sectors have apparently been infected with the Wanna Decrypt0r virus, a ransomware type which encrypts critical data and demands a Bitcoin payment for the decryption key. The following statement was released by NHS digital regarding the attack:

A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack.

The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

At this stage we do not have any evidence that patient data has been accessed.

NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.


Given the nature of the attack and the sums requested it's unlikely that this was targeted. Lax procedures such as insecure email handling or removable storage use may be to blame, although the revelation that many of the affected organisations still use Windows XP - an operating system which Microsoft no longer officially supports - has been the focus of immediate public ire on social media.

As a precautionary measure some as-yet unaffected NHS organisations are taking systems offline and performing detailed checks. Shaun Lintern of the Health Service Journal is currently tracking the outbreak, and reporting that at least one organisation has detected the ransomware on their system in a dormant form.