The WannaCry and ASP cases: Holding medical data hostage through ransomware
The WannaCry (UK) and ASP (Italy) cases: Holding medical data hostage through ransomware
One of the most well known cases of ransomware is WannaCry that happened in May 2017. This ransomware caused a devastating global event that affected hospitals, government systems, railway networks and private companies, as well as individual citizens. The ransomware infected computers, encrypted the files on the hard drive, effectively locking users out of their computers, and demanding a ransom payment in bitcoin. Bitcoin is a type of cryptocurrency and type of currency can be transferred anonymously (Field, 2018; Fruhlinger, 2018; Whittaker, 2019).
The ransomware hit the National Health Service in the UK particularly hard. It affected many British healthcare providers by locking personnel out of computers in hospitals across the UK. The attack cost the NHS around £92m as reported by the Department of Health (Field, 2018). The affected healthcare organisations had to cancel more than 19,000 appointments, costing the NHS a further £20m between 12 May and 19 May, as well as another £72m in the subsequent cleanup and upgrades to its IT systems and operating system (Department of Health and Social Care, 2018). The NHS was criticised for using outdated IT systems, including Windows XP, a 17 years old operating system that was outdated and vulnerable to cyberattacks (Field, 2018; Whittaker, 2019). However, most of the victims of WannaCry were running Windows 7 as their operating system (Brandom, 2017).
The reason WannaCry could affect this many systems in such a short time is that it exploited a backdoor created by the NSA. This way, WannaCry could propagate easily to other systems that had the same backdoor. WannaCry did not have to be as devastating as it was. Microsoft was aware of the backdoor and had already created a patch for it. However, organisations and individuals alike had not installed that patch, leaving their system vulnerable (Fruhlinger, 2018; Whittaker, 2019).
As such, WannaCry affected many organisations and individuals who did not put cybersecurity as a priority. Soon after the attack started, many people paid to regain access to their files. However, the advice is to not pay for ransomware demands as it rewards the cybercriminals and there is no guarantee access to data is regained. Organisations and people should maintain, what is called, good cyber hygiene. Making regular backups will prevent the need to pay the ransom, as the computer can then be reinstalled and a backup can be restored (Brumfield, 2019).
An infection with ransomware may also occur through email and attachments of emails. In June 2016, the ASP (Social Services to Person) of Basilicata Region in Italy was attacked by a powerful ransomware that irretrievably encrypted all documents on the computer and shared folders by sending emails without the possibility of retrieving them. This ransomware was nicknamed JS / TrojanDownloader.Nemucod, and it spread through emails written “in a very reliable way” that appeared as invoices, judicial documents or other official documents. The emails contained a malicious attachment that, if opened, it downloaded and installed the malware on the victim’s computer. After the ransomware installed, the victim’s data was encrypted and a message asking for a ransom for decoding was displayed (Guzzo, 2018).
Digitisation and digitalisation create new vulnerabilities. This is why, alongside technology investments, more knowledge is needed, together with awareness in the use of IT systems. It is necessary to provide continuous training of personnel within the organisation. The training of good cyber hygiene practices is central to organisations remaining secure. Installing patches and updates are one of the most important activities to undertake. Backups are important to have for when a cybersecurity attack (or accident!) happens and data needs to be restored. Finally, even when phishing emails are becoming more realistic, people should be able to recognise them and avoid undertaking harmful actions. A combination of human actions and the lack of a secure infrastructure framework are the preconditions for a ransomware attack to become devastating at an organisational and personal level (Brumfield, 2019; Guzzo, 2018).
Literature