A virus potentially derived from the CryptoLocker malware crippled NHS trusts across the UK today.
The NHS was left reeling from a ransomware cyber attack this afternoon that led to patients being turned away and emergency services being re-routed.
A statement from the NHS, acknowledging the attack on at least 16 Trusts around the country, pointed to a particular virus called Wanna Decryptor.
"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor," explained a spokesperson.
"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.
"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations."
Wanna Decryptor first appeared around February 2017 and works by encrypting files on target computers before demanding a ransom be paid in the cryptocurrency Bitcoin.
How does Wanna Decryptor work?
The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a webpage or a Dropbox link. Once it has been activated, the program spreads through the computer and locks all the files with the same encryption used for instant messages.
Once the files have been encrypted it deletes the originals and delivers a ransom note in the form of a readme file. It also changes the victim's wallpaper to a message demanding payment to return the files.
How can you remove it?
Not by paying the ransom.
Security experts point out that some antivirus software is capable of catching the Wanna Decryptor virus.
"This particular ransomware is correctly identified and blocked by 30% of the AV vendors using current virus definitions. It is correctly handled by both Kaspersky and BitDefender," said Phil Richards, the CISO at Ivanti.
source: What is 'Wanna Decryptor'? A look at the ransomware that brought down the NHS
Global WannaCry ransomware outbreak uses known NSA