Internal Security Opinion

Ransomware Cyber-attack is Preventable! Know How it Can be Avoided

Author, Dimple Shah is living in India. Dimple Shah is part of our authors community and has published first post on Youth Darpan.

Ransomware Cyber-attack is Preventable! Know How it Can be Avoided

In a matter of hours, the NHS was effectively placed on lockdown with computer systems being held ransom and further machines powered down to prevent the spread of malware. Critical patient information has been inaccessible and several hospitals urged people to avoid accident and emergency departments, except in cases of real emergencies. The Conversation

Ransomware is the form of computer malware that has infected the NHS. Typically, it encrypts user information and then demands payment before unlocking the information. In this case the ransomware demands a fee of US$300 (230) payable in the crypto-currency, bitcoin, allowing the perpetrators a degree of anonymity.

British law enforcement have called it a criminal attack rather than one orchestrated by a foreign state. The British public can take some small comfort in this; criminal organisations are not as well funded and the malware may be easier to remove without the loss of patient files. It is too early to say categorically who is responsible for the attack though it is certainly the most devastating cyber-attack on British infrastructure ever.

Today’s Updates

Read also, It Is An Economic Battle, Pankaj Deb

But it is not just British infrastructure that has been affected by the ransomware. The Spanish telecommunications firm, Telefonica, was also attacked. There have also been a large number of other suspected attacks, notably in Germany, the Philippines, Russia, Turkey and Vietnam. A total of 99 countries have suffered from this attack so far. Whether this is as a result of a larger international criminal organisation is still unknown, however, the rapidity with which the infections are spreading is very concerning.

The attackers’ motive is perhaps clear: financial gain. Though if one looks beyond the relatively small demands of the ransomware, there is something larger at play here. Cyber-criminals will often boast of their exploits to others to gain a level of prestige among their peers. So, while we can often see money as the primary driver for this kind of attack, there may be other motives that will remain hidden.

Today’s Updates

Read Also, India Signs Loan Agreement with World Bank for US$ 250 Million for “Skills Acquisition and Knowledge Awareness for Livelihood Promotion” (SANKALP) Project

People in the UK have been advised to avoid accident and emergency departments unless absolutely necessary. Imran’s Photography/Shutterstock

Out-of-date systems and lack of training

The question of how this could have happened will be one that will produce several damaging reports outlining poor training and infrastructure. It has been clear for years that various NHS trusts have been lagging behind with upgrading their systems.

In 2016, Motherboard submitted Freedom of Information Act requests to 70 NHS hospitals, inquiring as to the number of machines owned that were still running Windows XP. An alarming 42 out of 48 respondents stated they still worked with machines using XP. This is made far more concerning by the official end of Microsoft support for Windows XP in April 2014. While funding to ease the changeover through extended support and eventual move to a more modern operating system was made available, there are still many NHS computers running Windows XP. This is putting the safety and privacy of patients at risk.

Today’s Updates

Read Also, Shri Ravi Shankar Prasad and Shri Kiren Rijiju attend function to mark 25 years of India-ASEAN Partnership

The UK government could improve this by providing better training. It is not immediately obvious to anyone that accessing personal information, such as emails, Facebook or Twitter, can have potentially damaging consequences. Opening a document from a friend, or a link through Facebook can be devastating if proper codes of conduct are not put in place. Something as simple as bringing in a USB (thumb drive) from your home to transfer large files from one computer to another could have the same effect, if the USB has been infected.

Today’s Updates

Read Also, PM addresses inaugural session of 90th Annual General Meeting of FICCI

Modern anti-virus software and up-to-date operating systems can only do so much. It is therefore vital to invest more in cyber-security training for all staff working with sensitive information. This attack proves that the UK’s cybers-ecurity policy needs further work.

About the author

Youth Darpan

Youth Darpan is a fast-paced, real-time News Feed that brings to you the latest happenings and News from India and the world. At Youth Darpan users can publish your opinions, contribute to regional and national news and get updates on the latest happenings.

Topics