#Cloudsec2016 Ransomware Hits NHS Trusts, Police Forces and Councils

Written by

In a session called ‘The cybercrime shop: the shadow economy behind the boom in online blackmail’, Geoff White, technology journalist and producer at Channel 4, shared the preliminary results of his investigation into ransomware attacks on the public sector.

White described ransomware as “high-volume, low-margin” and “delightfully brutal”.

"Ransomware has the shortest distance between infecting a computer and receiving money from the victim, and is therefore most likely to affect members of the public," he said.

In his research for a podcast documentary on ransomware attacks on the public sector, White made freedom of information requests to 152 NHS trusts, 51 police forces and 50 councils.

Of those contacted, the majority did reveal the information, although some took more convincing than others to hand over the data.

Of the 152 NHS trusts, 39 confessed to having been successfully infected with ransomware.

The councils were selected by population size, and of the 50 largest councils questioned, 22 had been infected with ransomware.

The police forces presented more favourably, admitting to only three forces effected by ransomware infections.

Of the forces, trusts and councils affected, many had multiple incidents of infection, with one trust admitting 48,720 instances of infection.

No Money, No Worry?

Interestingly, not one incident of ransomware infection led to a trust, force or council paying the ransom fee. All were able to restore from back-up instead of paying the fee.

Whilst this may appear on the surface as a victory for the victims, this is not actually the case, White told Infosecurity. “The infections were successful – the virus worked. Yes, they had back-up, and back-up is good cybersecurity. But not getting infected is better security.” 

Further, although the ransom went unpaid, the cost of back-up and repair isn’t cost-free, White said. Time and money had to be spent on fixing the problem. Is the cost of the fix more than the ransomware fee in the first place? “Sometimes,” White considered. “Some of the infections took days to fix, and some took hours.”

Beyond financial damage, there is also reputational damage to consider, which is when ransomware can be viewed as a tax on saving embarrassment. “The public may start to question the public service’s ability to secure their systems and protect data. If they can be infected with ransomware, what else could happen?” White considered.

White did add that there is excellent customer service available for the victims of ransomware. “Ransoms typically have to be paid in Bitcoins – and if the victim doesn’t know how to pay with Bitcoin, there’s a link to the dark web to get technical support. What great customer service”, White laughed.

The documentary podcast will be available on Amazon from October.

What’s hot on Infosecurity Magazine?