INC Ransom Group Claims NHS Scotland Cyberattack

The message about the was posted by the threat actor and forewarned the release of 3 terabytes of sensitive data.

by Ashish Khaitan March 27, 2024 in Dark Web News, Firewall Daily, Hacker Claims Reading Time: 3 mins read 0

592 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

The National Health System (NHS) of Scotland allegedly fell victim to a cyberattack, purportedly orchestrated by . The message about the NHS Scotland cyberattack was posted by the threat actor and forewarned the release of 3 terabytes of sensitive data.

With approximately 140,000 staff spread across 14 territorial NHS Boards, seven Special NHS Boards, and a public health body, the potential ramifications of this are deeply unsettling.

Source: NHS

Decoding the Alleged NHS Scotland Cyberattack

The Cyber Express promptly reached out to the organization for clarification and insight into the NHS Scotland cyberattack. However, at the time of writing this, no official statement or response have been received, leaving the claims surrounding the cyberattack on NHS Scotland unverified.

Coinciding with this cyberattack on the National Health System, INC Ransom also claimed responsibility for an alleged Family Health Team. Moreover, this assault on NHS Scotland follows a disconcerting trend of cyber intrusions targeting healthcare organizations within the same timeframe.

Adding to the apprehension, NHS Dumfries and Galloway, a vital component of Scotland's healthcare infrastructure, announced being under attack by a “focused and ongoing cyber attack.” 

Although specifics regarding the nature of the breach remain undisclosed, the health board warned of potential disruptions to services as a consequence of the situation. Moreover, there are concerns that patient data stored within its systems may have been compromised.

The NHS Dumfries and Galloway Cyberattack

In response to these threats, NHS Dumfries and Galloway has initiated collaborative efforts with law enforcement, including Police Scotland, as well as cyber security authorities such as the National Cyber Security Centre, and the Scottish government, to ascertain the full extent of the breach and mitigate its impact.

This recent spate of cyberattacks bears close resemblance to past incidents, notably the widespread intrusion in 2020 that targeted more than 60 trusts within the United Kingdom's National Health Service (NHS), extending its reach to over 200,000 computer systems across 150 countries, including Canada. 

The infamous “” ransomware attacked the NHS in 2020, disrupting operations, compromising patient records, and necessitating the cancellation of appointments and surgeries in numerous NHS facilities.

Despite assertions by UK Health Secretary Jeremy Hunt that there hasn't been a subsequent wave of attacks, the vulnerabilities exposed by such incidents remain a cause for concern. Critics have pointed fingers at the NHS, highlighting gaps in technology investment and outdated systems that rendered it susceptible to attacks like WannaCry.

Although the NHS wasn't singled out as a primary target for WannaCry, its reliance on obsolete Windows operating systems, some over 15 years old and no longer supported by Microsoft, left it susceptible to exploitation. 

The WannaCry Ransomware Spree

The modus operandi of ransomware attacks, like WannaCry, often involves exploiting vulnerabilities in outdated systems, coupled with social engineering tactics to dupe unsuspecting users into inadvertently downloading malicious software. 

The WannaCry ransomware attack of May 12, 2017, hit over 200,000 computers globally, leveraging an unpatched vulnerability to spread rapidly. Victims included major organizations like FedEx and the UK's NHS. 

A “kill switch” was discovered, temporarily halting the attack, but many systems remained encrypted until ransom was paid or encryption was reversed.

The attack used the EternalBlue exploit leaked by the Shadow Brokers, attributed to North Korea but disputed by some. Although the original version is defunct, variants still exploit EternalBlue, emphasizing the importance of updating systems. 


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button