Global ransomware campaign takes down hospitals and GP surgeries in the UK - WanaCrypt0r variant believed responsible

Sooraj Shah
Global ransomware campaign takes down hospitals and GP surgery systems

Global ransomware campaign takes down hospitals and GP surgery systems

Organisations in Russia, Turkey, Germany, Vietnam, Spain and the Philippines - as well as the NHS in the UK - believed affected

The NHS across the UK has been hit in a global ransomware campaign launched today, which has taken down the IT systems of hospitals and GP surgeries across the country. 

The ransomware, believed to be a varient of the WanaCrypt0r malware, has affected systems in Russia - the likely source of the ransomware - Turkey, Germany, Vietnam, Spain and the Philippines. 

Outside of the NHS, one organisation believed to have been badly affected is Spanish telecoms company Telefonica. 


The scale of the attacks became clear after IT systems in hospitals across the UK succombed to ransomware. 

East and North Hertfordshire NHS Trust was among one of the first organisations in the NHS to issue a statement earlier today, in which it admitted that it had been severely affected and urged people not to attend A&E. 

The Trust said that on discovering the problem it "acted to protect its IT systems by shutting them down". This meant that even the Trust's telephone system is not able to accept incoming calls, while the press team has had to use iPads and remote email addresses to relay this information to the media.

In the statement, the Trust said:

"To ensure all back-up processes and procedures were put in place quickly, the Trust declared a major internal incident to make sure that patients already in the Trust's hospitals continued to receive the care they need".

In the meantime, the Trust's IT specialists are said to be working to resolve the problem "as quickly as possible". 

NHS England this afternoon suggested that NHS organisations across the country had been attacked by the WCry ransomware, while security specialists Malware Hunter suggested that it wasn't just the NHS coming under attack, or even the UK, but part of a global campaign that has been unleashed today

It's unknown exactly what kind of attack the NHS has been stung by but it's highly likely that the it is some form of ransomware. Last year, a Freedom of Information request filed by the i newspaper revealed that 30 NHS Trusts had admitted they were the victims of ransomware attacks within a 12 month period between 2015 and 2016.  

Since then, Northern Lincolnshire and Goole NHS Foundation revealed that an attack which led to operations being cancelled for four days in October was the result of a ransomware variant dubbed Globe2. There had also been confusion earlier this year when Barts Health NHS Trust suffered from a cyber attack - but the trust later ruled out the possibility of ransomware.

However, Barts has recently suffered from another IT failure which led to it cancelling 136 operations and hundreds of chemotherapy appointments. It is unknown whether a cyber attack was to blame for the failure. 


Computing Big Data and IoT Summit logo

Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017. 

Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things. 

Attendance to the Summit is free to qualifying senior IT professionals and IT leaders, but places are strictly limited, so apply now. 

AND on the same day, Computing is also proud to present the Big Data and IoT Summit Awards, too. See the finalists - and secure a table for your team at the Awards - now

More on Security

Cyber weapons are fast, cheap, remote and hard to trace

In modern war, we have as much to fear from cyber weapons as kinetics

The physical world is past the point of no return when it comes to dependence on technology, says Ian Hill

Tom Allen
clock 16 June 2022 • 3 min read
Ransomware gang deploys BlackCat to attack hotel and creates searchable website of hacked data

Ransomware gang deploys BlackCat to attack hotel and creates searchable website of hacked data

Cyber-criminal groups have recently ramped up their use of Ransomware-as-a-Service (RaaS) BlackCat/ALPHA-V, first identified by security researchers in November 2021, and upped the ante by publishing the hacked data on a dedicated website.

clock 15 June 2022 • 1 min read
     Article & URL     Assets & Attachments     Categories & Metadata     Quotes     SEO & Social     Tags     Related     Advanced Settings     Notes     History     Additional Fields   Publication Time 7:43 pm, Tuesday Assets & Attachments Computing  Follina fixed in Microsoft Patch Tuesday update

Follina fixed in Microsoft Patch Tuesday update

54 other vulnerabilities, three Critical, also patched in Microsoft's June update

John Leonard
clock 14 June 2022 • 1 min read