UPDATE: Today’s ransomware outbreak
We believe this malware to be version 2 of WCry (aka WannaCryptor).
Version 2.0 was detected in the early hours of this morning by independent security researcher MalwareHunter.
We don't believe this to be a targeted attack on the NHS, but rather a threat exploiting a vulnerability. This means it is likely to have much greater impact. We have already seen reports of similar incidences in other countries. For example, there are a number of reports that Telefonica — one of Spain's biggest telecommunications companies — has fallen victim to WCry.
Having large pieces of the NHS affected by this malware is disastrous. We have already seen hospitals request that people only contact or come in if there are in an emergency, and we have heard reports of medical staff going back to pen and paper for notes and prescriptions. Think about it- emergency operations may have to be cancelled, and automated systems that help monitor in and outpatients could be affected as well. It is all hands on deck to try and stop the spread.
We have no confirmed information about how this threat being spread. Until we know more, we advise anyone concerned about this malware to turn off their systems.
We are told, unofficially, that within the hour Sophos will be releasing a new detection to stop this threat: Troj/Ransom-EMG. It will be published in: cerb-ama.ide.
We will more provide more information as it becomes available.