Published On: Sat, May 13th, 2017

REVEALED: How the NHS cyber attack was halted by British blogger

Hospitals and doctors surgeries across England and Scotland were plunged into chaos on Friday by the ransomware attack. 

Ambulances were diverted, operations cancelled and patients moved as hospitals were left without computer systems.  

Capitalising on spying tools believed to have been developed by the US National Security Agency (NSA), the cyber assault infected tens of thousands of computers worldwide. 

But a 22-year-old blogger accidentally found a way to slow down the hack attack which wreaked havoc across 99 countries. 

For £8.29, the expert, who remains anonymous, registered the domain name which viruses attempt to contact when they hit a new target. 

His actions slowed the spread of the attack by triggering the virtual “kill switch” built into the malware. 

The expert, who runs, said: “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental.

“So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”

He told Sky News: “The kill switch wasn’t discovered until about three hours after we’d bought the domain which had already killed all subsequent infections.

“From what I can see it killed every infection that contacted our C2 (command and control server).

“Although the exploit used is very sophisticated (taken from NSA leak), the ransomware itself seems somewhat amateur.”

Medical staff had reported seeing computers go down “one by one” as the attack took hold, locking machines and demanding money to release the data.

The virus, called Wanna Decryptor, exploits a vulnerability in Microsoft Windows software first identified by American spies at the National Security Agency (NSA), experts have said.

Computers in A&E wards, GP surgeries and other vital services were thought to have been infected with the virus.

They were infiltrated by the malicious software, while many others shut down servers as a precautionary measure.

Six organisations were still not back to normal today with NHS Digital saying engineers are working “around the clock” to fix the problem. 

Source link


Most Popular Posts