( NHS )Hackers Demanding Bitcoin

in #nhs8 years ago (edited)

Will this give Bitcoin a bad name or good publicity? ... Terrible news that alot of people have been turned away or had appointments cancelled ... :( ...
// Following story is from The Telegraph \

Hospitals across the country have reported being hit by the attack
Ransomware, holding files hostage in return for Bitcoin payment, is infecting computers in at least seven countries
Patients are being turned away from A&E
Operations are being cancelled
Hospitals in the North, East, London and West Midlands have been affected
The NHS has been crippled in large areas of the country as part of a world-wide cyber attack.

The attack is part of a global spate of ransomware cyber infiltrations to hit companies and government organizations in at least seven countries.

Hospitals are understood to have lost the use of phonelines and computers, with some diverting all but emergency patients elsewhere.

At some hospitals patients are being told not to come to A&E with all non-urgent operations cancelled.

Russian police forces and Spanish telecoms firms were amongst other victims of the attacks, which involves a virus encrypt a computers files and demand payment in bitcoin to de-code them.

In the UK, dozens of hospital trusts and GP surgeries are reporting problems, but the full scale of the problems is not yet known.

NHS hospitals across the North, East and West Midlands, and London are reporting IT failures, in some cases meaning there is no way of operating phones or computers.

At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in an attempt to fend off the attack.

The ransomware attack has affected people and businesses across the world
The ransomware attack has affected people and businesses across the world CREDIT: MALWARE TEC
Patients have tbeen told not to come to A&E and all non-urgent appointments and operations have been cancelled.

East and North Hertfordshire NHS trust said in a statement: “Today the trust has experienced a major IT problem, believed to be caused by a cyber attack.

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E - please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.

“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

Health officials are understood to have declared a major incident and ordered a meeting of national resilience teams.

NHS Digital said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.”

There are reports that trusts affected include East and North Hertfordshire, North Cumbria, Morecambe Bay hospitals, Blackpool, and Barts Health in London.

A number of GP surgeries also say they are also unable to use their systems.

One source told Health Service Journal that multiple trusts had been affected by a suspected malware attack around 1.30pm.

They said trusts had their computer systems almost entirely shut down.

Services affected are thought to include picture archiving communication systems for x-ray images, pathology test results, phone and bleep systems and patient administration systems.

The source added: “This will mean delays and a focus on the sickest patients. I’ve seen it once before and we relied on local trusts supporting each other. If truly widespread then that’ll not be an option.”

7:58pm
Extremely Worrying
Relatives of NHS patients speak about their fears.

7:46pm
Theresa May reacts
The Prime Minister took a break from the election campaign trail to respond to the truly massive global ransomware attack which has done so much damage to the NHS.

7:34pm
Scenes of desolation
The main reception at Blackpool Victoria Hospital lies abandoned after the ransomware attack hamstrung the operation of the trust.

Blackpool Victoria Hospital CREDIT: WARREN SMITH/TELEGRAPH
7:24pm
Theresa May: NHS not the target
Theresa May said the Government is not aware of any evidence that patient records have been compromised in the massive cyber attack on the NHS.

The Prime Minister said the ransomware hit was "not targeted" at the health service but was part of a wider assault on organisations across a number of countries.

The National Cyber Security Centre (NCSC) is working to support the NHS. She said:

We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected.

The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety.

And, we are not aware of any evidence that patient data has been compromised.

Of course it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected.

7:20pm
The NHS toll: an update
The following hospital trusts have confirmed they have been attacked by the malware:

George Eliot Hospital NHS Trust (Nuneaten)

Hampshire Hospitals NHS Foundation Trust

Hull and East Yorkshire Hospitals

James Paget University Hospitals NHS Foundation Trust (Great Yarmouth)

Lincolnshire Community Health Services NHS Trust

7:07pm
The human cost
Anthony Brett turned up to St Bartholomew's Hospital in London today for an operation on his liver, but was turned away due to the chaos.

A spokesman for the trust said:

We are very sorry that we have to cancel routine appointments, and would ask members of the public to use other NHS services wherever possible

Liver patient Anthony Brett is turned away from a London hospital CREDIT: PAUL GROVER/TELEGRAPH

6:51pm
World-wide reach...it makes you WannaCry
This map gives a snapshot of the sheer breadth of this ransomware attack.

Although the NHS has been badly affected, it shows the health service wasn't the only target.


6:42pm
FedEx the latest victim
US multinational courier service FedEx appears to have been hit hard, according to an online security journalist.The reach of the WannaCry attack CREDIT: @MALWARE TEC

Employees have reportedly been instructed to switch off all non-essential Windows systems.

6:34pm
Stay away from 'Clinical Results'
This tweet from East Kent Hospitals appears to suggest that the ransomware infiltrated their IT systems in emails with 'Clinical Results' in the subject

6:25pm
Five more trusts confirmed
Five more hospital trusts have confirmed they have been attacked, in addition to the list of 18 we brought you earlier. They are:

Cheshire and Wirral Partnership NHS Foundation Trust
Burton Hospitals NHS Foundation Trust
Birmingham Community Healthcare Trust
Aintree University Hospital NHS Foundation Trust
6:21pm
Spanish companies hit hard
Major Spanish companies have been hit by a cyber attack bearing striking similarities with the onslaught against that has crippled the NHS, according to Madrid journalist James Babcock.

Firms such as Telefónica, Spain’s leading telecoms company, were targeted by malware around midday, causing operators’ computer screens to turn blue.

Access to files became impossible and a demand for a ransom to be paid in bitcoins flashed up on screens at Telefónica’s headquarters in northern Madrid.

Spain’s National Cryptology Centre (CCN), part of the country’s secret security services, conformed in a press release that a “massive ransomware attack affecting Windows systems” had affected “a large number of organisations”.

6:15pm
Back to the Stone Age
A pharmacist in Yorkshire says it's back to paper notes and no patient histories

6:07pm
Spreading worldwide
As well as the NHS, the ransomware had struck telecoms companies, and electric utilities companies.

Thousands of dollars was already rolling into Internet accounts set up to handle the ransom payments.

Adam Meyers, from cyber security firm CrowdStrike advised against paying.

We advise people not to pay, because if people do pay, it emboldens these criminal actors.

Instead organisations were encouraged to make sure their data was backed up and copies were kept off networks.

Employees had to be educated about which sort of emails to beware of and the latest patches and security updates installed.

6:01pm
WannaCry: part of a wider attack of
The hack on the NHS appeared to be a part of a wider attack of WannaCry ransomware which is spreading rapidly across Europe, security experts have told the Telegraph.

Adam Meyers, vice president of intelligence at the cyber security firm CrowdStrike said it was being spread by people clicking on emails infected with fake invoices and job adverts.

Mr Meyers said the ransomware appeared to be relatively new and it was unclear who was behind it.

5:53pm
Hacking the NHS 'is easy'
The Telegraph's Jamie Bartlett explains how today's strike is a classic example of a ransomware attack.

He says that the online purchase of ransomware is one of the fastest growing trades on the internet.

Insiders reckon the trade is worth millions of dollars a year.

Individual attacks are for sale on the dark net for as little as $39.

5:42pm
Like something out of the movies
One Twitter posts a conversation between hospital staff. One said:

We got a message saying your computers are now under their control and pay certain amount of money.

5:37pm
Mother and son turned away
The real-world impacts of today's massive cyber attack on the NHS are beginning to filter through.

5:30pm
No guarantee of recovery
Cyber crime experts Databarracks say victims of ransomware attacks have got two options:

You can either recover the information from a previous backup or pay the ransom.

However, even if you pay the ransom, there is no guarantee that you will actually get your data back, so the only way to stay fully protected is to have historic copies of your data.

When recovering from ransomware, your two aims are to minimise the amount of data loss and to minimise the amount of IT downtime.

5:24pm
Critical or life-threatening only
The latest tweets from Colchester Hospital make grim reading..

5:21pm
"One by one, the screens were locking down”
A shocked worker at Colchester General Hospital described how her office’s computers were “wiped out, one by one”.

She said the effects of a hack on modern NHS hospitals could be 'catastrophic'.

My computer locked at about 3pm and I couldn’t get anything to work.

Then my colleague sat next to me said her computer was down.

It swept through the office and everyone was effected and didn’t know what was going on. One by one the computers were wiped out.

Nothing was working and switching them off and on did not solve the problems.

5:17pm
Not just a British problem?
A Milan-based Twitter user has Tweeted a picture of what appears to be a similar ransomware message at what is described as a university.

5:08pm
'Double in three days' - the demand
A screen shot circulated by medical staff shows a warning flashing on screen which reads:

“What happened to my computer?” and states that many documents, photos, vidos and databases and other files are no longer accessible.

Warning “nobody can recover your files without our decryption service” it then demands payments of $300 dollars - stating that the price will be doubled in three days.

Doctors have seen this message on screens across the country CREDIT: PA
5:04pm
The list gets bigger
The situation is moving very fast. The Health Service Journal has a list of the hospitals and organisations known to have been hit.

5:02pm
Aintree University Hospital 'down'
Top radiologist Rashid Akhtar reports that one of Liverpool's big hospitals is affected.

4:58pm
'Miracle' if on one comes to harm
Dominic Marley, a hospital doctor in the Manchester area, gives a grim perspective on the likely consequences of today's attack.

4:53pm
Shocking and Unprecedented
Peter Warren, Cyber Security Research Institute said the NHS tends to be 'quite leaky' when it comes to security:

This is shocking and unprecedented.

It is a historical moment, proving how important cyber security is.

It hasn't been taken seriously enough for years,

Cyber security is not a priority. The NHS is under pressure on many fronts. They tend to be quite leaky when it comes to cyber security. It is no surprise that this has happened.

4:45pm
Cyber Spooks
The National Cyber Security Centre are on the case.

Sources said officials from the National Cyber Security Centre, a branch of the GCHQ electronic spy agency, said they are working with the NCA, dubbed Britain's FBI, to help health managers.

The attack comes only weeks after the NCSC warned that so-called ransomware attacks, where hackers lock up data and demand money to release it, have become one the biggest cyber threats

4:42pm
Dark Currency
Hospitals and GP surgeries appear to have been told to pay $300 dollars - £233 worth of Bitcoin - in order to regain access to their files.

The hackers are demanding this is paid in Bitcoins, an unregulated internet currency that authorities find it difficult to trace.

1 Bitcoin is currently equivalent to £1,381.

4:34pm
Hospital super boss says everyone has to muck in
Chris Hopson, who represents NHS hospital bosses, said trusts will be supporting each other to get through the crisis.

The scale and scope of what looks to be an extensive malware attack on the NHS is not yet clear.

Given the potential impact, NHS trusts take this type of attack very seriously. They have detailed and well rehearsed contingency plans in place to deal with incidents of this type and these plans have worked effectively when they have been triggered on an individual trust basis in the past.

Trusts will rally round support each other to cope with the disruption and early feedback suggests that this is already happening in this case. However, it is likely that some services will be affected, at least in the short term.

The trusts affected will now be doing all they can to minimise the impact on patients, and to get their services back to normal as quickly as possible.

4:29pm
Files held to ransom
Doctors across the country have seen this message - what appears to be ransomware - flash up on their screens

4:24pm
NHS confirms it is under attack
NHS Digital said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.”

OMG