On 12 May, hundreds of NHS employees turned on their computers, only to be greeted by a message stating that their files had been encrypted and could only be unlocked by paying $600. Their computers had succumbed to WannaCry, a particularly vicious type of virus known as ransomware. The on-screen message that now dominated the screen could only be removed by transferring $600 worth of Bitcoin to a given address. Instructions for obtaining Bitcoin were also provided.

Forty-eight NHS organisations were affected by this cyber-attack, leading to cancelled appointments, operations and more. Patients were asked to stay home because staff did not have the means to receive or treat them. The NHS was held to ransom by unseen forces.

WannaCry and the threat to computers

The WannaCry software might be dangerous, but its spread is usually checked because it requires people to download a dodgy attachment or click a suspicious link. The virus typically spreads slowly, gradually, in fits and starts. What happened on 12 May was very different. The doctors, nurses, surgeons and administrators who found their machines frozen that day may not have been to blame for the virus overtaking their machine. WannaCry had found its way to their desktop through a backdoor that exists in older Microsoft Windows machines.

Remarkably, this backdoor is alleged to have been developed – and utilised – by America’s National Security Agency (NSA). This vulnerability, known as EternalBlue, was stolen from the NSA by a group of Russian hackers called ShadowBrokers and then shared online. EternalBlue was used to inject WannaCry onto a huge number of machines in a synchronised attack. Infected machines were then used to spread the ransomware onto other networked machines.

In a story with many startling elements, perhaps one of the most shocking parts is the fact that Microsoft had released a patch to close this vulnerability in March. The only computers affected by this attack where those that had not been updated. In the case of the NHS, it seems that the government chose not to renew a multimillion-pound security package which would have protected against this threat. This meant that the NHS attack also became a political issue in the middle of a general election.

The WannaCry attack was only halted by an intrepid IT security consultant who noticed that the malware was trying to connect to a non-existent web domain. Marcus Hutchins immediately registered the address, an act which killed the virus immediately and meant that hundreds of NHS organisations could get back to work.

While the usual advice on digital security is to raise awareness among staff, the WannaCry incident is a good reminder that employee training will only protect your organisation if your technology is up-to-date. Effective digital security must be holistic, protecting against a wide range of evolving threats with a mixture of training, processes, hardware, software and company culture.

How VinciWorks can help

Our vast and expanding cyber security training suite prepares users for all cyber risks. It includes hours of training, hundreds of micro-learning modules and topics from social media to IT security. These courses and micro-learning units can easily be configured into a multi-year training plan.