Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

NHS cyber attack: International manhunt to find criminals behind WannaCry ransomware that crippled hospital systems

Investigators working around clock to find those responsible for ransomware that hit dozens of countries around the world

Sunday 14 May 2017 07:19 BST
Comments
A programmer works on decrypting source code in Taipei, Taiwan. The attack hit systems in countries all over the world and there are fears hackers could strike again
A programmer works on decrypting source code in Taipei, Taiwan. The attack hit systems in countries all over the world and there are fears hackers could strike again (EPA)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

An international effort is under way to track down the criminals behind an unprecedented global cyber attack that wreaked havoc across the NHS.

The US and Russia were among scores of countries affected by the virus, which also hit a Nissan plant in the UK.

Investigators are now working non-stop to hunt down those responsible for the Wanna Decryptor ransomware, also known as WannaCry.

Meanwhile health authorities are racing to upgrade security software amid fears hackers could exploit the same vulnerability with a new virus.

There have been calls for an inquiry into the circumstances surrounding Friday's major incident, with the Government and NHS chiefs facing questions over their preparedness and the robustness of vital systems.

Europol said its cybercrime specialists will support affected countries as a "complex international investigation" to identify the culprits begins.

Oliver Gower, of the UK's National Crime Agency, said: "Cyber criminals may believe they are anonymous but we will use all the tools at our disposal to bring them to justice."

A British cyber whiz was hailed an "accidental hero" after he registered a domain name that unexpectedly stopped the spread of the virus, which exploits a vulnerability in Microsoft Windows software.

The anonymous specialist, known only as MalwareTech, prevented more than 100,000 computers across the globe from being infected.

A number of hospitals in England and Scotland were forced to cancel procedures after dozens of NHS systems were brought down in Friday's attack.

Medical staff reported seeing computers go down "one by one" as the attack took hold, locking machines and demanding money to release the data.

Around a fifth of trusts were hit, with six still affected 24 hours later, amid concerns networks were left vulnerable because they were still using outdated Windows XP software.

The apparent chink in the NHS's defences led to criticism of the Government and NHS bosses, with the Liberal Democrats demanding an inquiry takes place.

Speaking after a Cobra meeting on Saturday, Home Secretary Amber Rudd admitted "there's always more" that can be done to protect against viruses.

She said: "If you look at who's been impacted by this virus, it's a huge variety across different industries and across international governments.

"This is a virus that attacked Windows platforms. The fact is the NHS has fallen victim to this.

"I don't think it's to do with that preparedness. There's always more we can all do to make sure we're secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack."

However Ms Rudd was accused of "wild complacency" over her response and many questioned why Health Secretary Jeremy Hunt had remained quiet during the crisis.

Lord Paddick, Liberal Democrat home affairs spokesman and a former Metropolitan Police deputy assistant commissioner, said Ms Rudd was "more suited to the era of analogue".

"We need to get to the bottom of why the Government thought cyber attacks were not a risk, when a combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cyber security," he said.

"It is worrying that in Amber Rudd we have a home secretary in the digital age more suited to the era of analogue. This is not the first time she has looked lost in cyberspace.

"The Government likes to look tough, but this is an example of where it has left Britain defenceless."

Labour's shadow health secretary, Jonathan Ashworth, in a letter to Mr Hunt, said concerns were repeatedly flagged about outdated computer systems.

"The public has a right to know exactly what the Government will do to ensure that such an attack is never repeated again," he wrote.

Patrick French, a consultant physician and chairman of the Holborn and St Pancras Constituency Labour Party in London, tweeted: "Amber Rudd is wildly complacent and there's silence from Jeremy Hunt. Perhaps an NHS with no money can't prioritise cyber security!"

NHS Digital, which manages the health service cyber security, said fewer than 5% of devices within the health service still use the old system Windows XP.

Just one day before the attack Dr Krishna Chinthapalli, a registrar in London, warned in a British Medical Journal article that some hospitals "will almost certainly be shut down by ransomware this year".

Nissan UK confirmed it was affected, but said there had been "no major impact".

It is understood its plant in Sunderland is not due to have another production shift until Sunday night.

A spokesman said: "Like many organisations around the world, some Nissan entities were recently targeted by a ransomware attack.

"Our teams are responding accordingly and there has been no major impact on our business. We are continuing to monitor the situation."

Press Association

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in