Ransomware took down systems in NHS cyber-attack

An NHS hospital trust which was forced to shut down hospital systems and cancel operations revealed that the cyber attack was the result of the ransomware infection.

Systems of Northern Lincolnshire and Goole NHS Foundation Trust suffered a major Globe2 ransomware infection in October which interrupted the operations for four days. The incident led to the cancellation of 2,800 patient appointments in three hospitals on October 30 which didn’t resume till November 02.

Globe2 works similarly to other ransomware viruses, but uses a Blowfish data encryption, by encrypting files and demanding money to release them. It has been described by security experts as very aggressive.

Although it was initially believed that the issue was caused by a malware infection spreading via USB, Pam Clipson, director of strategy and planning at Northern Lincolnshire and Goole NHS Foundation Trust, confirmed that a ransomware infection had affected the systems.

Ransomware infections usually involve a ransom that organizations need to pay to hackers in order to unlock systems, but Clipson explained that the hospital took systems offline in order to remove the malware themselves.

When the systems were attacked, all servers were checked and cleaned both prior to switching off and before returning to ‘live’ status.

NHS spokesperson has confirmed that no ransom was paid to the perpetrators of the attack in order to restore systems.

The attack is also being examined by West Yorkshire Police.

Leave a Reply