top of page
  • Facebook
  • Instagram
  • LinkedIn

Actions Taken by the Authority & Status (Unit 4)

National Health Service (NHS)

The attack led to disruption in at least 34% of trusts, public sector bodies established by parliamentary order by the secretary of state for health to provide healthcare services to the NHS, in England although the Department and NHS England do not know the full extent of the disruption. Thousands of appointments and operations were cancelled and in five areas patients had to travel further to accident and emergency departments.

​

NHS response

The Department had actually developed a plan which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level. As such, they did not know what actions to take when WannaCry took place. 

As the plan was not actually rehearsed, the people were unclear with who should lead the response and thus, there were issues with communication. 

Although there were some panic within NHS, in line with existing procedures to manage major incidents, the NHS mainly focused on emergency care first.  

​

Actions NHS took

The NHS knew that there were lessons to learn from the WannaCry incidents and some actions that they took were:

  • Develop a response plan of what the NHS should do in the event of a cyber attack

  • Establish the roles and responsibilities one should do in case of another major cyber attack. 

  • Ensure that critical CareCERT alerts (emails sent by NHS Digital providing information or requiring action), have the latest software patches and is keeping up-to-date with their anti-virus software. 

  • During an attack where systems are down, ensure that crucial communications are still able to get through.

Marcus Hutchins

Marcus Hutchins was working for Kryptos Logic,  a Los Angeles-based cybersecurity company. 

​

How he stopped the attack?

Within the code, Marcus Hutchins discovered a 'killswitch'.

He noticed that the malware's code sent a signal to an unregistered website every time it infected a new system, thus he registered the site and the attacks slowed. Eventually, the attacks stopped.

Assumptions made about the 'killswitch' were that it may be created so that hackers could bring the attacks to an end if necessary, or it was just an accidental flaw included in the code. 

​

How attackers fought back but was stopped yet again?

They launched a “distributed denial-of-service” attack to try to crash the servers of the newly registered website, starting up the WannaCry attacks again. But they ultimately failed. Hutchins had protected the site by using the cache to handle the higher traffic rather than a live site, which would have been overwhelmed.

​

Singapore

Although the worm did not affect Singapore as badly as the other countries, the Cyber Security Agency(CSA) issued an advisory to take if one was to be affected by WannaCry. The advisory showed the dangers of the worm, how it could be prevented and what one should do once his/her computer was to be infected with the worm. 

​

Dangers of the worm

Once a single computer within the organisation was to be infected by the worm, the worm would look for other vulnerable computers within the network to infect. 

​

Prevention

It could be prevented with the immediate installation of Microsoft latest patch for the vulnerability (MS17-010) if one has not done so. 

Like any other ransomware infection, you should be suspicious of uninvited documents sent through e-mail and avoid clicking inside such documents unless the source is verified. 

Ensure that important files and documents are backed up and that you run an active anti-virus security suite of tools on your system. 

​

What one should do?

Start by removing the network connection from your computer to prevent the spread of WannaCry.

Rebuild your affected computer before patching it with the recommended patch and restoring your system from the backups made previously.

​

bottom of page