2.1 What was the attack?
Within a day, over 200 000 computers in 150 countries had been infected by WannaCry. Universities, government departments, hospitals, manufacturers, telecommunications companies and many other organisations were affected, including large, well-known companies and organisations such as FedEx, Hitachi, Honda, the National Health Service (England and Scotland), Nissan Motoring Manufacturing UK, O2 Germany, Renault and Telefonica. The malware was of a type known as ransomware, which locks the data files of an infected computer using encryption and demands a ransom payment for unlocking them.
In the UK, the worst-affected organisation was the National Health Service (NHS): around 50 health trusts in England and 13 in Scotland, including hospitals, GP surgeries and pharmacies, were affected (Evenstad, 2017). Problems with emails, clinical IT systems and patient IT systems caused a major disruption. This led to several problems including delays at hospitals, medical equipment malfunctioning, ambulances being diverted to neighbouring hospitals, and cancellation or postponement of non-urgent activities. It was believed that up to 70 000 devices, including computers and medical equipment, were affected (Ungoed-Thomas et al., 2017).
Luckily, the spread of the malware was significantly slowed down by a security researcher, Marcus Hutchins, who accidentally discovered and activated the ‘kill switch’ of the malware the next day, on 13 May 2017. When inspecting the malware’s code, Hutchins noticed an unusually long internet domain name in the code. He checked and found out that the domain name was not registered, so he registered it. Unknown to him at the time, this effectively deactivated the malware from further spreading. Security experts later analysed the code of the malware and confirmed that the malware used the domain name as a kill switch, which can be used by its owner to stop the malware from spreading when things go wrong or out of control. However, the experts warned that variants of the malware that did not have a kill switch could exist or be further developed by attackers.
Although this large-scale attack seemed to come and go quickly, it provided a stark warning of how vulnerable society is to cyber-attacks and how unprepared it is to deal with them. It was just pure luck that the saga ended so soon. The incident also raised a number of questions about data security. For example, how did the malware spread so rapidly? How did it work? Why did a large organisation such as the NHS fail to protect itself?