NHS Trusts under increased ransomware attacks

Ransomware is hacking groups' last resort to monetising data they find.

The predictions are coming true – NHS Trusts are increasingly under cybercriminals’ attacks, and the number of ransomware attempts is growing, fast.  The news was first reported by The Telegraph, citing a Freedom of Information (FOI) request made towards NHS Trusts in England. In the last 12 months, at least 28 of them ‘victims of ransomware’. 

The suspicious quotes are there because apparently, ‘no ransom was paid, and no data was lost’.  According to NCC Group’s technical director Ollie Whitehouse, ransomware is the attackers’ last resort - where there is no other way to monetise the information gained upon entry. 

"Ransomware has become the bottom line of cyber-crime - if hackers break into a system and can't find any other way to monetise what they find, they encrypt the data and demand a ransom. We have seen a 400 per cent increase in these attacks. The health service is by no means alone in facing this kind of attack. But NHS trusts are being increasingly targeted and any loss of patient data would be a nightmare scenario. Like everyone else, they need to be applying robust controls." 

Ransomware is a type of malware which encrypts all the data on a network, and demands ransom to be paid in cryptocurrency – Bitcoin.  It usually spreads through email. Unsuspecting employees get an email which looks as if it’s coming from inside the company, with an attachment that will, in fact, install the malware. The height of the ransom varies, depending on the industry under attack, and the hacking group behind the attack.

 James Maude, senior security engineer at global security software company Avecto commented: “Ransomware can evade detection, exploit built-in Windows tools and grab valuable data. Many think that backups are key to mitigating these risks, but this is more about resilience than security. A backup will not stop data being accessed by an attacker, if they can encrypt files they can probably steal them as well.

“Businesses need to get the foundations right and build a secure system to prevent the attack vectors, instead of trying to catch all the threats before they do damage. We need to move away from attempting to detect undetectable and evolving threats, and start protecting data.

"If organisations accept that people can always be manipulated into clicking a link or opening infected documents they can start focusing on proactively minimising their risk, and this can be relatively simple.” 

Image source: Shutterstock/Martial Red