North Korea has been publicly blamed by the UK’s Security Minister for the WannaCry cyber attack which hit the NHS.
Home Office Minister Ben Wallace said the Government believed ‘quite strongly’ that a foreign state was behind the ransomware attack and named North Korea.
Pyongyang has been widely blamed for the May cyber attack in security circles, and Microsoft’s president, Brad Smith, has also pointed the finger at Kim Jong Un’s secretive state.
Pyongyang has been widely blamed for the May cyber attack in security circles. North Korean leader Kim Jong-Un is pictured (centre) in August
Mr Wallace said: ‘This attack, we believe quite strongly that it came from a foreign state. North Korea was the state that we believe was involved this worldwide attack.’
He told BBC Radio 4’s Today programme that ‘we can be as sure as possible’ and ‘it is widely believed in the community and across a number of countries that North Korea had taken this role’.
Mr Wallace suggested the attack could have been motivated by an attempt by the economically isolated state to access foreign funds.
‘North Korea has been potentially linked to other attacks about raising foreign currency,’ he said.
Meanwhile an independent investigation has concluded that the cyber attack which crippled parts of the NHS could have been prevented if ‘basic IT security’ measures had been taken.
The head of the National Audit Office warned the health service and Department of Health to ‘get their act together’ in the wake of the WannaCry crisis, or risk suffering a more sophisticated and damaging future attack.
An independent investigation concluded that the cyber attack which crippled parts of the NHS could have been prevented if ‘basic IT security’ measures had been taken
The NAO’s probe, released on Friday, found that almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, with five hospitals having to divert ambulances away after being locked out of computers on May 12.
The malware is believed to have infected machines at 81 health trusts across England – a third of the 236 total, plus computers at almost 600 GP surgeries, the NAO found.
What is ransomware?
Ransomware is a type of malicious software that criminals use to attack computer systems.
Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.
The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.
In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.
In the case of the NHS attack, the ransomware used was called Wanna Decryptor or ‘WannaCry’ Virus.
All were running computer systems – the majority Windows 7 – that had not been updated to secure them against such attacks.
Mr Wallace accepted that the attack could have been avoided if software had been properly updated.
‘It’s a salient lesson for us all that all of us, from individuals to governments to large organisations, have a role to play in maintaining the security of our networks,’ he said.
British systems came under attack on a weekly basis from organised criminals and ‘a number’ of foreign countries which seek to collect intelligence or carry out a ‘state-sponsored criminal attack’.
The UK had the ability to fight back online, he added, but ‘if you get into tit-for-tat there has to be serious consideration about the risk we will expose the UK systems to’.
He said: ‘Other countries do have doctrines and military thinking along that line, but the West – the United States, Europe and the United Kingdom – are much more thoughtful about these things because, ultimately, if we were to take some action, we have to remember that some of these states may, as we have seen with this WannaCry, strike out at the rest of our functions.’
The West needed to discuss a ‘doctrine of deterrent’ in order to prevent foreign states launching attacks.
In a report cataloguing the failures which led to May’s attack, the NAO said that while the health service’s IT arm NHS Digital had issued ‘critical alerts’ about WannaCry in March and April, the DoH had ‘no formal mechanism’ to determine whether local NHS organisations had taken any action.
Nearly 20,000 hospital appointments were cancelled earlier this year because the NHS failed to provide basic security against cyber attackers.
Breaking Windows: The WannaCry virus
The WannaCry virus targets Microsoft’s widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.
The NAO said the cyber-attack which crippled a third of NHS hospitals in May could have easily been prevented.
NHS officials said 47 trusts had been affected – but the NAO found that the impact was far greater, and in fact 81 were hit by the attack.
Sir Amyas Morse, the head of the NAO, last night warned health bosses to ‘get their act together’ to prevent attacks happening again.
The Department of Health said that from next January hospitals will be subject to unannounced inspections of IT security.
But the report reveals hospitals could have acted far sooner, with officials warned repeatedly about the WannaCry virus before the attack, with ‘critical alerts’ sent out in March and April.
When the attack came on May 12 it ripped through the out-of-date defences used by the NHS.
The virus spread via email, locking staff out of their computers and demanding £230 to release the files on each employee account.
Hospital staff reported seeing computers go down ‘one by one’ as the attack took hold. Doctors and nurses were locked out, meaning they had to rely on pen and paper, and crucial equipment such as MRI machines were also disabled by the attack.
The report reveals nearly 19,500 medical appointments were cancelled, including 139 potential cancer referrals. Five hospitals had to divert ambulances away at the peak of the crisis.
Hospitals were found to have been running out-of-date computer systems, such as Windows XP and Windows 7 – that had not been updated to secure them against such attacks. Computers at almost 600 GP surgeries were also victims.
How to protect yourself from ransomware
Norton Antivirus has compiled a list of prevention methods:
1. Use reputable antivirus software and a firewall
2. Back up your computer often
3. Set up a popup blocker
4. Be cautious about clicking links in emails or on suspicious websites
5. If you do receive a ransom note, disconnect from the Internet
6. Alert authorities
Sir Amyas said: ‘It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.
‘There are more sophisticated cyber threats out there than WannaCry so the Department of Health and the NHS need to get their act together to ensure the NHS is better protected against future attacks.’
Experts last night criticised the way the Government seemingly failed to prepare.
Meg Hillier, chairman of the Public Accounts Committee, said: ‘The NHS could have fended off this attack if it had taken simple steps to protect its computers and medical equipment.
‘Instead, patients and NHS staff suffered widespread disruption, with thousands of appointments and operations cancelled.’
Jonathan Ashworth MP, Labour health spokesman, added: ‘This report reveals a catalogue of failures which needlessly left our NHS vulnerable and placed patient safety at risk.
‘In the digital age, it is abundantly clear that a 21st Century health service should have been far better prepared for a cyber-attack.’
Home Office Minister Ben Wallace (pictured) said the Government believed ‘quite strongly’ that a foreign state was behind the ransomware attack and named North Korea
But Dan Taylor, NHS Digital’s head of security, said WannaCry had been ‘an international attack on an unprecedented scale’ and the NHS had ‘responded admirably’.
He said: ‘Doctors, nurses and professionals from all areas pulled together and worked incredibly hard to keep frontline services running and to get everything back to normal as swiftly as possible.’
Keith McNeil, the NHS’s chief clinical information officer for health and care, added: ‘As the NAO report makes clear, no harm was caused to patients and there were no incidents of patient data being compromised or stolen.
‘Tried and tested emergency plans were activated quickly and our hard-working NHS staff went the extra mile to provide patient care, keeping the impact on NHS services and patients to a minimum.’
A Department of Health spokesman said: ‘The NHS has robust measures in place to protect against cyber-attack.
‘Since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21million in funding to improve resilience in trauma centres, and guidance for trusts.’