Which? uses cookies to improve our sites and by continuing you agree to our cookies policy

NHS ransomware attack – what you need to know

Virus encrypts files and demands payment to return them

The computer servers of the NHS have been left devastated by a ransomware virus attack that has swept across nearly 100 countries. We explain what you need to know about ransomware in case your home computer is affected.

The virus, known as WanaCrypt0r 2.0, has wreaked havoc. Security patch fixes have already been released by Microsoft to protect against the spread of the infection, but authorities are scrambling to undo the damage already done to NHS computers, which has left doctors unable to access files and patients having their surgeries postponed.

Protect your computer: read our reviews of the best antivirus software.

What is ransomware?

Ransomware is a type of virus that locks your computer from being accessed, or – as was the case with the WanaCrypt0r 2.0 virus – encrypts the files on your device so you can’t read them.

The scammer behind the virus then demands a ransom be paid. This is typically requested in a format that can’t easily be recovered with a claim to authorities, such as Ukash or Bitcoin. In theory, by paying up, the virus-coder should make your files or computer available to use again.

It’s old-fashioned extortion with a modern, digital twist. The cruellest thing about this sort of scam is it can cost people their treasured photos or vital documents. It’s a bitter reminder of the value of always keeping backups of your files.

How does the infection happen?

Ransomware infections spread in much the same way as other malware. Click a link on a dodgy website or open an attachment in an email from an unknown source, and you leave yourself vulnerable to a malware attack.

The good news is that quality antivirus software should catch attempted infections. When a new virus emerges, antivirus developers kick into action to release updates to counter it.

‘Widespread cyber attacks like this one make consumers worry about their online security,’ says Which? managing director of home products and services, Alex Neill. ‘We advise you install the latest update for your antivirus software, use a strong password that is changed regularly, be mindful when online and don’t attempt to open or download email attachments from a suspicious sender.’

Should you pay the ransom?

There is no guarantee that paying the money to the scammer will unlock your files or computer. You are dealing with a criminal, and should never assume a moral code will be followed.

Worse still, paying the scammer puts money into the hands of a criminal, encouraging the ransomware ruse to persist.

How to remove ransomware

There are ways to remove a ransomware infection, but if your computer is locked, even beginning the process can be difficult. You may need to start your computer in safe mode, a special limited way of running a PC, then perform an antivirus scan.

For more information, see our step-by-step advice on removing ransomware from a computer

If you can’t get as far as this, it may be necessary to take your PC for professional repair. Which? Trusted Traders lists local computer repair firms that have been vetted by Which?.

Head to Which? Trusted Traders to find computer repair services in your area.

Was Windows XP the problem?

There have been reports that NHS computers were vulnerable to the infection as many still use the older Windows XP operating system. Windows XP is no longer supported by Microsoft with security patches.

While it is true that home PCs running Windows XP have been unsupported since 2014, the NHS had agreed a continuing support plan with Microsoft to receive patches and updates.

If your computer runs Windows XP or Windows Vista (for which support ended in April this year), then it is potentially vulnerable each time you go online. Even up-to-date security software can’t protect against critical system vulnerabilities that may emerge. It’s wise to upgrade your computer to a newer operating system, or replace it altogether.

Back to top