Has some one been sending emails again?
UK hospital meltdown after ransomware worm uses NSA vuln to raid IT
UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
COMMENTS
-
-
Friday 12th May 2017 18:05 GMT Anonymous Coward
I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you..
This is Avery good reminder why windows is such a security cesspit, and unless you need to run Windows stuff, you are far more secure running a Chromebook with its signed read-only runtime.... It's pretty much unhackable
-
Monday 15th May 2017 11:38 GMT Robert Baker
"I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you."
That isn't a Windows vulnerability per se, it's an incompetently-written-email-client vulnerability. This is one reason why Pegasus Mail deliberately doesn't execute any code in an email, unless of course explicitly asked by the user to do so.
-
-
Friday 12th May 2017 18:30 GMT Anonymous Coward
It appears the source IP address is...
It appears the source IP address is ...
Conservative Central Office.
Conservative Central Office are still trying to find the culprit, but they suspect:
Theresa May / Amber Rudd.
(Well if you can't win support for full access to encrypted communications, what better than to stage a ransomware attack on the NHS, to further your cause)
-
-
-
Saturday 13th May 2017 02:44 GMT Anonymous Coward
Re: It appears the source IP address is...
Who said it was meant as a joke? It was meant to put across a serious point. Due Diligence. Encryption is getting scapegoated here, when this really boils down to lack of resources, poor management - updating/securing systems, poor choices regards Software.
There is a narrative here being fed to the press, who are lapping it up, printing it all as gospel (especially the Guardian's coverage), typically aimed at the technically illiterate, to cause change (I believe regards encryption laws),
What better way to achieve your goals/press that point, than hype up a very emotive "encryption target", where the general public will have difficulty understanding the full picture of the encryption attack, instead, they will be swayed by the emotional aspect of its effects.
It all plays very well for new laws regarding the use of encryption, which lessen, rather than stengthen their own security, without them realising. This is exactly the sort of techniques that will be used to force "change" (regarding encryption law) through.
Yes, the effects are real, but like anything, systems will be back to normal in a week, the real effects on encryption laws/personal privacy (long term) could be the real attack vector in this.
-
Monday 15th May 2017 07:48 GMT hoola
Re: It appears the source IP address is...
Lack of resource and funding is correct to a certain extend. One of the real issues is the equipment that has to use Windows XP because the supplier either no longer exists or it is too expensive to replace. Million pound scanners that are perfectly serviceable simply cannot be replaced because the OS of a control PC is unsupported. With many of these very high tech, high cost and low volume systems, there really is very little option.
The armchair experts that only look after a few hundred PCs and a handful of servers simply do not understand the problems.
-
-
Saturday 13th May 2017 21:34 GMT Anonymous Coward
Re: It appears the source IP address is...
Well sir, I for one are sniggering as I stopped using that virus vector-ware called MS Windows in 2008. The brill thing about Linux is YOU have control, and can cut out as many application packages as you wish, making your installed system smaller, simpler and therefore much easier to manage.
You choose. I'm sniggering.
-
-
Friday 12th May 2017 23:43 GMT bombastic bob
Re: It appears the source IP address is...
scanning port 445, which SHOULD be blocked at the firewall. but apparently is NOT.
According to THIS web site, the worm in question scans for vulnerabilities on port 445. This is an old problem which most net-savvy people BLOCK for incoming packets of any type. Yes, you do NOT want "teh intarwebs" accessing your SMB ports. EVAR.
So it looks like blocking those SMB ports (445, 139) from "teh intarwebs", and (potentially) blocking SMBv1 access on your network PERIOD, are 2 ways of mitigating this problem.
some technical info here:
https://www.hackbusters.com/news/stories/1532486-player-3-has-entered-the-game-say-hello-to-wannacry
-
Friday 12th May 2017 23:47 GMT Rob D.
Re: It appears the source IP address is...
Hmmm but no. This all undermines Rudd's position - the NSA had their zero-day back door and, ooops, the crims eventually got hold of it. OK so it's years after it was created and the vendor has officially patched it (at least for the supported OSes) but that doesn't appear to be stopping it now being used to wreak havoc on a reasonably global scale (caveats re early speculation apply).
Please can we have more of that kind of hole deliberately built in to the fabric of our communications infrastructure because the security services and government will be very careful to never, ever, ever let it out in to the wild. Ever.
-
-
-
-
Friday 12th May 2017 15:34 GMT 0laf
Probably a misunderstanding by the attackers. Ransomware is probably quite effective against US hospitals and they may have made an assumption that all hospitals will pay to resume service.
Or it's just collateral damage from a massive email spam list which includes hospitals. That'll be why they are hitting all parts of government as well.
-
-
-
-
-
Monday 15th May 2017 11:58 GMT Robert Baker
Re: Eh?
"Perhaps the thumbdown didn't agree that later systems are vulnerable?"
Affected system != vulnerable system. The Spanish report covers those systems which were infected (and as I have said before, downvoting a fact doesn't make it false); it doesn't distinguish between those with unpatched vulnerabilities, and those with dumb users who click on dodgy links such as those "YOUR COMPUTER IS AT RISK!!!!!" ads we have all seen.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Friday 12th May 2017 21:23 GMT Anonymous Coward
Re: Ransomware
Yes, hand everything back to Labour and see what happens when they waste money on the normal crap and then realise there's no more gold to sell off. Oh wait a minute, they could always copy Gordon Brown with his "once-in-a-lifetime, never to be repeated" annual raid on private pensions. Or maybe use Corporation Tax to pay for everything. Or maybe they really will pay their new Thought Police £30 a week like Dianne Abbot said, and use the remaining law enforcement budget to fund their pipe dreams.
If Blair and Brown hadn't quite emptied the covers before they got voted out, they came very close. We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing.
-
This post has been deleted by its author
-
Friday 12th May 2017 22:33 GMT Anonymous Coward
Re: Ransomware
"We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing."
Tory lie #1 for the last 10 years : that Labour caused the 'great recession', spend all the money, bankrupted the country etc, and therefore are not 'strong and stable'. Only an utter fool would think that Tone and Gordy caused the financial crisis of 2008. They sure did some fucked up repugnant shit : an unnecessary war being just one. Many, many things caused the 2008 financial problems. To assume that this small island and it's leaders at the time had *anything* to do with it is folly.
-
Saturday 13th May 2017 21:53 GMT Anonymous Coward
Re: Ransomware
O, the political corner. Yipee!
Well, they could build lots more houses to both force down house prices and rents. They could even get local councils to build lots of council houses to help out. This could be easily funded using the same magic money tree they use to fund university education.
More houses mean cheaper houses, mean cheaper rents, mean more money to use in the real economy, means more economic activity, means more jobs, means more people are better off, means a better life for everyone.
Of course it won't happen because those who are doing quite nicely now, thank you very much, while sitting on their arses doing nothing other than raking in the rents, will do everything they can to stop it.
-
-
Saturday 13th May 2017 07:26 GMT Anonymous Coward
Re: Ransomware @ wolfetone
"Look, I know after 7 years under a Tory lead bollocks job of a government it feels like we're in the medieval times. But we're not. Have faith, pip pip and make June the end of May."
Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc.
I'm on the right wing, and I despise May as a meddling, incompetent lightweight without any strategic vision. I certainly won't be voting for her. But equally, I won't be voting for the the mad, sociliast-fundamentalist, academic, blundering Corbyn.
-
Monday 15th May 2017 10:55 GMT wolfetone
Re: Ransomware @ wolfetone
"Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc."
In short: a much better life than what I've got under the Tories.
Your arguments regarding Corbyn are completely wrong and misplaced. The idea of privatising the rails, energy etc was so that the infrastructures and rolling stock could be upgraded and improved. Instead the only thing to improve on the rails is the increase in ticket prices and over crowding. Likewise with energy, increases of energy bills yet no movement or improvement on the whole.
All the money paid to privatised companies wouldn't leave the UK then, it'd stay in the country. The Rail/Energy would become not-for-profit, meaning any profits were put back in to the industries. What's the problem in that?
Furthermore, with your inaccuracies in your question lead me to believe you've never read anything other than The Daily Fail et al about him and his policies. Bet you still think he ran a photographer over, don't you?
-
-
-
Friday 12th May 2017 21:19 GMT JLV
>You might not now but in medieval times it was the best way of becoming rich.
Four score dozen ecus, or your sorry ass will be encrypted in my oubliettes.
I oscillate myself between wanting to see:
a) the lowlives targeting hospitals getting frisky with an iron maiden.
b) strapping whoever is ultimately responsible* for XP still being used (or at least networked) naked on a horse, daubed with honey and released near a huge swarm of deer flies.
* yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks.
-
Saturday 13th May 2017 10:39 GMT Doctor Syntax
Re: >You might not now but in medieval times it was the best way of becoming rich.
"yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks."
You may have to look a little further back than that. Maybe at some business that was writing current applications but has now been bought and re-bought by some bigger business and somewhere along the chain the application development has been discontinued, maybe the source lost and runs on nothing newer than XP.
There's no silver bullet.
-
-
-