On Friday, the NHS fell victim of a global ransomware cyber-attack which affected computers in 99 countries and it might have originated from technology stolen from the National Security Agency (NSA) in the US. Theresa May explained that the NHS wasn’t the sole target and that “an international attack and a number of countries and organisations have been affected.” While the NHS wasn’t particularly targeted, attacks on healthcare institutions around the world are very common since information on private and healthcare records are valuable. 

Jeremy Hunt was criticised for ignoring warnings about the NHS’s outdated computer systems. The Labour leader, Jeremy Corbyn, said: “What we’ve now got is a bunch of 21st-century highway robbers that have hacked into our NHS and are basically offering protection money to get the information back in order to treat cancer patients or anybody else. It’s unbelievably disgusting and I’ve got nothing but contempt for those people that have done it, and I’m sure all of you would share that. But I’m also very angry that in 2014 there was a one-year renewal of the protection system on the NHS systems which was not renewed after that and not renewed the year after that, and so systems are now not upgraded and not protected. As a result, we’ve got this dreadful situation that NHS workers are facing today.”

The shadow health secretary, Jonathan Ashworth, explained that there had been repeated warnings from both the NCSC and the National Crime Agency about how vulnerable outdated NHS systems were. He highlighted, that since 2015, when a security package was stopped, many hospitals were under the threat of an attack. Ashworth said: “NHS trusts have been running thousands of outdated and unsupported Windows XP machines despite the government ending its annual £5.5m deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015.”

 “Shadow Brokers”

The mysterious group called Shadow Brokers claimed last summer that they infiltrated the NSA’s elite hacking Equation Group and stolen “cyber weapons”. The stolen malware which the group was auctioning for around $580m (1m bitcoins) included “files better than Stuxnet”—the world’s first digital weapon. The malware was available on 14 April after the Shadow Brokers leaked NSA information and hacking tools.

What is ransomware?

The attacks used malicious software called WanaCryptor 2.0 or WannaCry which prevented access to computers or files, holding them for “ransom.” They infect Windows PCs, encrypting files so they can’t be used and request money for the decryption of those files. However, there is no guarantee that by paying the requested amount of money, you will be able to access your files or your computer again. The ransomware demanded each user to pay $300 worth of Bitcoin to unlock the files. Unless the user has backed their files, they will be able to restore them, but otherwise the files might be lost forever.

In regards to the UK, the infection of NHS computers first started in Lancashire and spread to other computers in the NHS’s network by jumping between PC and PC.

The ransomware WannaCry uses a vulnerability in the old versions of Windows that enables the spread of malware from one computer to another. This was originally discovered by the US National Security Agency and was used as a cyber-weapon. While Microsoft issued a patch for those versions of Windows whose weakness could be used to spread the malware, lack of funding deterred organisations from updating versions of Windows, leaving their computers vulnerable to the malware. 

Cyber weapons are similar to weapons in the physical world

Microsoft’s president Brad Smith warned governments that the cyber-attack was a “wake-up call” and criticised them by saying that the “stockpiling of vulnerabilities by governments” is a big problem. What this means is that governments’ exploits have been repeatedly leaked into the public domain affecting customers and causing damage in a global scale. He compared cyber-attacks to “conventional weapons” describing the “ransomware” attacks to “US military having some of its Tomahawk missiles stolen.”

According to Smith, Microsoft had issued a patch—software designed to update a computer programme in order to improve it—earlier in 2017 but many institutions and companies didn’t update their older computers. He warned that similar attacks will continue to happen in the future, unless governments took more security measures. He said: “The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new "Digital Geneva Convention" to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”

Smith and Microsoft’s call for global cooperation through a Digital Geneva Convention to prevent cyberwarfare, is especially crucial at a time where state-sponsored hackers are interfering in political campaigns in the US, France and the Netherlands. Some of Microsoft’s proposals refer to nation-states refraining from cyberattacks and the creation of an independent and neutral nongovernmental organisation which will investigate attacks and enforce compliance. Not only is this important to strengthen consumers’ trust in technology, but also in order to develop and sustain a more democratic and secure world, online or offline.