What You Can Learn from the NHS’s Ransomware and How To Protect Yourself

Petya Update 28/06/17:

A new strain of Petya ransomware is spreading rapidly across the world. This attack is using the same exploits as WannaCry, and even early conservative reports are suggesting many thousands of infections across the globe, each one another transmission vector helping spread the attack faster.

This attack is much more serious than WannaCry was. WannaCry had a killswitch, and was quickly defanged – Petya has no such easy solution, and the encryption email address has been disabled meaning you cannot even pay to get files decrypted once infected.

Petya is dangerous, but it is remarkably easy to protect against. Kogo’s MD Martin Bannister wrote about protecting yourself against these attacks when WannaCry became a threat in the post below, and it is just as accurate today. Scroll to the bottom of the page to request our free Stop Ransomware booklet, which provides useful info on protection, prevention, and disaster recovery.

Original Post:

I have been asked, following on from the ransomware outbreak at the NHS, to offer some advice on best practices for SMEs to protect themselves and what I feel the NHS trusts could have done to protect themselves. I know NHS Digital has just been launched but it seems to me each trust has been managing its own IT. This is very similar to most companies in the private sector. The vulnerabilities that were exploited in the NHS are present in many companies; it is important to stress the recent attacks were not targeted at the NHS as is being reported in the press; this ransomware is out there! It was reported that 7 of the NHS trusts spent nothing on cybersecurity and the rest on average spending only £22,000 each; it looks like antivirus protection was the only investment. The problem is many businesses in the private sector are the same, all too often they invest after an event just like the NHS is about to do.

There isn’t a guarantee with cybersecurity but if you are smart with your solutions you can minimise risk. You need to assess cybersecurity in layers.


91% of attacks begin via email, so you should be using an email security package that sandboxes attachments and links to ensure the email delivers only safe email to the end users such as Mimecast.