Security found wanting again after WannaCry
NHS Lanarkshire Cancels Ops After Weekend Ransomware Blitz
An NHS Scotland organization has suffered a second major ransomware-related outage, just months after it was struck by the infamous WannaCry attacks of May.
The Bitpaymer variant is said to have struck NHS Lanarkshire on Friday, affecting some key services over the weekend.
According to a spokesperson, the NHS security systems weren’t able to detect the malware as it was a new variant, indicating that they’re still using fairly basic software.
Some operations were cancelled as a result, as IT teams struggled to contain the outbreak, while patients were urged not to visit their local hospitals unless their trip was essential.
NHS Lanarkshire chief executive, Calum Campbell, explained in a statement on Friday that it was “Putting in place a solution from our IT security provider.”
"We have detected some incidences of malware. We took immediate action to prevent this spreading while we carried out further investigations,” he added.
"While the issue is being resolved our staff have been working hard to minimize the impact on patients and we apologize to anyone who has been affected.”
NHS Lanarkshire is said to have been one of the regions worst affected by the WannaCry campaign of mid-May.
It’s unclear how its computers became infected by the new ransomware variant, although phishing emails are the most common attack vector.
On Thursday, security firm Proofpoint revealed a new ransomware strain dubbed “Defray” which is being spread via malicious Word attachments in unsolicited mail.
The threat is primarily targeted at victims in healthcare and education sectors, with the emails crafted to lure recipients into opening the attachment.
One email, for example, purports to be from the director of information management & technology at a hospital.
Ransomware attacks doubled in the first half of the year compared to the same time in 2017, according to stats from Check Point.
It claimed ransomware comprised 48% of the main attack categories globally in 1H 2017, versus 26% in the first six months of 2016.