NHS cyber attack used US government software leaked to public

'There’s no way to patch it'

Aatif Sulleyman
Wednesday 17 May 2017 11:16 BST
Comments
Up to 90 per cent of NHS computers still run Windows XP, which came out in 2001
Up to 90 per cent of NHS computers still run Windows XP, which came out in 2001 (REUTERS/Shannon Stapleton)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The ransomware that is wreaking havoc on NHS computers is believed to be using an American cyber-weapon leaked to the public earlier this year.

Malware called Wanna Detector is preventing hospital staff from accessing medical records.

Hospitals in both England and Scotland are known to be affected.

The ransomware is taking advantage of EternalBlue, an exploit spies used to secretly break into Windows machines, according to the Register.

Microsoft patched the issue earlier this year, but only on version of the Windows operating system that it continues to support.

Up to 90 per cent of NHS computers still run Windows XP, according to a report published in the BMJ earlier this week.

The operating system was released in 2001, and Microsoft cut support for it in 2014.

People can continue to use the software, but doing so comes with enormous risks.

"Using XP is particularly bad because it’s no longer supported and there’s no way to patch it," David Emm, the principal security researcher at Kaspersky, told The Independent.

Microsoft no longer builds or distributes security updates for XP, leaving it extremely vulnerable to viruses and cybercriminals.

The company is extremely clear about how important it is to stop using XP.

"If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses," it says.

"Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats."

Three years ago, the UK government paid Microsoft £5.5 million to extend support, but this only guaranteed its protection for one more year.

The BMJ report ominously concludes, "We should be prepared: more hospitals will almost certainly be shut down by ransomware this year."

Unfortunately for the NHS, very few older computers are able to run Windows 10, Microsoft's latest computer operating system.

This means the machines themselves need to be replaced, and that will cost an enormous amount of money.

"Unfortunately, XP will likely still be used for some time yet," Fraser Kyne, the CTO of Bromium for the EMEA region, told The Independent.

"Many organisations are faced with huge potential costs in upgrading their systems, which may rely on XP to support critical line-of-business applications. Systems running XP really should be used in separation from other functions and not used for external web browsing or opening emails from unknown sources. There is just too much risk in doing this."

* Update. This article originally reported that the malware used in the hack affecting the NHS and numerous other organisations globally had been publicly leaked by Wikileaks. In fact, this is not the case. A group called Shadow Brokers has claimed responsibility for releasing the hacking tools, which were reportedly developed by the US National Security Agency. 17/5/17

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in