A ransomware attack on a software supplier has hit the NHS across the UK and there are fears that patient data may have been the target.
Details such as the identity of the attacker(s) and the scale of the damage have yet to emerge, but here is a guide to what we know so far and how ransomware gangs operate.
While data is not always taken during attacks, if it is it can be used as part of the negotiations. Ransomware gangs have created websites where stolen data is displayed.
The attack on the morning of 4 Augustcaused widespread outages across the NHS. The target was Advanced, a company that provides software for various parts of the health service. It affected services including patient referrals, ambulance dispatch, out-of-hours appointment bookings, mental health services and emergency prescriptions.
No group has been named as the attacker, but it has been reported that it is likely to be a criminal gang rather than a state organisation.
The most notorious ransomware group in recent times is the one behind attacks using the Conti malware, which hobbled the Irish healthcare system last year and the Costa Rican government earlier this year.
This Russian-linked criminal group appears to have wound down its Conti malware attacks. However, there has been widespread speculation that the same group is behind a new piece of malware called Black Basta. There is no evidence that the Conti/Black Basta group is behind the NHS attack and there are many other potential candidates.
There are a variety of ransomware groups out there, with different malware (the names of the malware and the groups behind them are often viewed as interchangeable). Names of malware operations that have been linked to healthcare attacks over the past year include BlackCat, Quantum, Hive and AvosLocker.
There had been signs of a hiatus in attacks on health organisations during the pandemic, with the ransomware group Maze saying it would not hit medical targets. But even before the Advanced attack it seemed the situation was changing. For instance, the Irish healthcare system attack was in May 2021.
The number of health organisations around the world targeted by cyber-attacks rose 90% in the three months to 30 June compared with the first three months of 2022, according to the risk consultancy Kroll. This study was based on the 3,200 incidents across all sectors reported to the consultancy over the past 12 months.
