Ransomware Wanna Decryptor causing IT failures across NHS

NHS England’s local NHS systems and IT services have been buckling under “a suspected national cyber attack”, according to reports coming through this afternoon. Areas noted to have been affected include; London, Blackburn, Blackpool, Nottingham, Cumbria and Hertfordshire.

In Blackpool, for example, phone and IT systems used by GPs have been shut down with doctors resorting to pen and paper. Similarly phones and IT systems in at the East and North Hertfordshire NHS trust which are reportedly out of action. Even more concerning are reports that people are being asked to stay away from A&E departments at hospitals in the two affected regions mentioned above. I’m sure most people would prefer not to go to A&E but are simply compelled to due to emergency… Computers working or not.

Wanna Decryptor Ransomware

In a statement published a few minutes ago by NHS Digital, initial investigations are said to be pointing at the Wanna Decryptor Ransomware malware. The agency doesn’t think that patient data has been accessed or stolen. Indeed Wanna Decryptor’s modus operandi is to encrypt your documents and files and demand cash to decrypt them for you.

NHS Digital says that the Department of Health and NHS England weren’t the only government targets in this attack. At the time of writing 16 NHS organisations have reported being affected by the malware.


Microsoft has been working to issue patches in light of the large scale ransomware attack that affected some 99 countries yesterday. It has issued patches for WIndows XP and other custom support platforms. A TechNet blog post is available explaining the move and providing guidance.