Ransomware attack: The clean-up continues after WannaCry chaos

Hospitals and businesses are still trying to get back to normal following ransomware infections, while experts warn of copycat attacks.
Written by Steve Ranger, Global News Director

All you need to know about WannaCrypt in 60 seconds.

Source: ZDNet

While the WannaCry ransomware infections now seem to be declining, the chaos following the global attack is far from over.

The WannaCry ransomware spread rapidly last week, infecting more than 300,000 PCs, encrypting data unless users pay a ransom.

Hospitals across the UK seemed particularly badly hit -- possibly because of a reliance on older version of Windows -- and many are still dealing with the aftermath.

The country's biggest hospital trust, Barts Health in London, said it was no longer diverting ambulances from any of its hospitals, but that it continues to "experience IT disruption". This is causing delays and cancellations of appointments, and has reduced the volume of planned operations and clinics on Thursday to make sure it can run all services safely.

Others said that services were returning to normal, but the patients should expect some delays.

Southport and Ormskirk Hospital said services are returning to normal and patients with appointments should now attend as usual, although there may be some delays in clinics. East Lancashire Hopital Trust said all major clinical information systems are working as normal and that "as a priority, IT staff are working to repair/replace infected PCs and laptops".

A note on the Barking, Havering and Redbridge University Hospital Trust website said it was "still dealing with some final issues caused by the cyber attack" but the majority of its services are now returning to normal. And Cheshire and Wirral NHS Trust's website said it was still experiencing "significant IT disruptions" and that its business continuity plans are being implemented as it works to get its systems back up and running.

East and North Hertfordshire Trust said on its website: "Our IT team have been able to restore much of the Trust's IT service over the past few days and most of these are now working." It added that the trust is now running a "near normal" service.

Colchester Hospital University Trust said: "We are aware that our voicemail and answerphone system is not fully functioning and are working on a solution to this. Our Switchboard equipment was compromised in the cyber attack. We apologise to people trying to call our hospitals and ask you to bear with us."

While organisations still struggle to reinstate normal service, there are fears that the vast spread of the ransomware will inspire more versions -- and that many systems remain unpatched.

Raj Samani, chief scientist at security company MacAfee, said that when any new major piece of malware arrives, it tends to be followed by copycat versions that make small tweaks to the original code. He explained that some had been spotted already. "The reality is there are vulnerable systems out there," he said.

Despite the 300,000 infections from the recent WannaCry attack, less than 300 victims have apparently paid the ransom so far. That's less than 0.1 percent of those infected, raising a paltry $80,000 for its developers. In comparison the crooks behind the CryptoWall 3 ransomware could have made as much as $325m from their malware a couple of years back.

The search now is for patient zero -- the first PC infected -- which may provide clues to the identity of the developers of the malware.

Read more about ransomware

Editorial standards