UK hospital meltdown after ransomware worm uses NSA vuln to raid IT UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
No, it looks like it came from an internal network accessed by a VPN by a supplier employee who was infected by a colleague who almost certainly clicked on something from the Internet.
I'm thinking he probably airlock switched his infected local PC from his corporate LAN to the supplier LAN to do some work.
The wards in Colchester General have free WiFi. It would be easy to push a USB WiFi into one of those trusty XP machines they have all over the place. The IT department are usually out to lunch at Colchester and Clacton anyway. Try getting blood results at Clacton when they have been put on the computer in Ipswich. Better to wait for the postman or get someone in Ipswich to read the screen out to you over the phone.
"The wards in Colchester General have free WiFi."
And? Nearly all hospitals have patient wi-fi, either free (such as at St. Thomas') or paid (such as at King's College Hospital), but unless the IT staff are not just clueless but total freakin' idiots (read: none of them), the patient wi-fi doesn't come anywhere near being connected to the hospital's wireless network(s).
Benefit: The Internet is a cheap wide area network.
Risk: Cheap doesn't mean secure.
*
Benefit: The Internet supports "convergence" -- so email, file transfers, VOIP, central database access, etc all go over the same pipe.
Risk: Everything on every client and every server is (potentially) available to anyone!!
*
So....pick the benefit which you want -- but recognise the risks. Clearly for the NHS -- CHEAP trumps RISK (no pun intended)
@tin 2
I just such dramatics on the beeb news intro... It's an all out attack on the NHS! Hospitals shutting down sending patients home...
How is some user clicking on an attachment in such an environment an attack? Attacked! I say! Targeted with surgical precision, just like the systems they were running...
It's using an exploit leaked by the CIA whistleblower. Cheers, pal.
Very effective against NHS systems because they've left older SMB protocol versions running in order to service XP-based clients, and there's a lot of digital real-estate not updated to 7 or above, for very good reasons.
So, this highlights the danger of running un-supported Operating Systems, does it? Perhaps it highlights the disadvantage of continuously changing operating systems in this rapid release format that Microsoft have switched to. Will there be a version of Windows 10 in, say, 10 years time that is deemed 'unsupported'? We heard a while back that Windows 10 was the last version of Windows you'll ever get, because they're ditching that idea of releasing versions. Yet within 2 years we are onto 'Creators edition', potentially back to how it was. Good or bad? We've yet to see.
Will this be a lesson for developers to produce something that is "buy once"?
I was just about to post that it was to do with Telefonica, a friend in IT at NHS said that it's initially been spread from Telefonica who provide networking over the N3 connections the hospitals use.
I hope they put more effort into tracking and prosecuting the people behind these things as hitting hospitals, if anyone dies, it's manslaughter in my eyes!
This is the UK. We don't have the construct of first degree murder. I feel it might be quite challenging to prove that $whatever was released specifically to kill, which is what you'd need for a pre-meditated murder conviction (UK's equivalent of first degree) but causing death by being a silly bugger (AKA manslaughter) would be more likely to succeed.
Nope, I'm not a lawyer nor do I work for the police. I just work in IT so take an interest for...ummm...idle curiosity. Yes, that's it. Definitely that.
Rosie
"This is the UK. We don't have the construct of first degree murder. I feel it might be quite challenging to prove that $whatever was released specifically to kill, which is what you'd need for a pre-meditated murder conviction (UK's equivalent of first degree) but causing death by being a silly bugger (AKA manslaughter) would be more likely to succeed."
Don't need the whole murder, manslaughter thing. If anyone gets caught for this, it's committing a terrorist act they'll be done for. Attacking national infrastructure tends to get treated in that way.
It'll be The Computer Misuse Act 1990, Section 3ZA - 'Unauthorised acts causing, or creating risk of, serious damage.'
Punishments are up to 14 years in prison, or a fine, or both. Offenders can be sentenced to life imprisonment where their actions endanger human welfare or national security.
But first you have to catch the buggers.
that is behooved of internal and external IT providers to have effective measures against such attacks - at what point does the government get off its collective hairy arse and decide to send SF to kill or castrate the perpetrators? This is costing money better spent on bullets - we are too nice for our own good.
This weeks windows vulnerability affects ALL versions of Windows. Let's not pretend something newer would have been immune. It might have been safer, but by how much? Windows is still horrendously insecure ... Also the screenshot clearly shows windows 7... Nothing to do with xp or win2k..
The widespread nature suggests worm and self replication and self execution..
I believe the way this works is that it will turn out to be the fault of one of the many private companies being paid huge amounts of money by the NHS, and the consequence will be that the NHS will take the blame & pay any legal liabilities (using our money) while there will be no comeback against the private company which will however have its NHS contract(s) extended.
Having been a supplier to the NHS in the past. The reason none of us greedy bastard, no good, only out for ourselves, shoody outfits provide the right high quality solution is this:
NHS: Can I have a good thing to update / fix / provide (delete as needed) this service
Supplier: We would recommend X which costs £Y
NHS: We can't afford Y because we are not able to negotiate the budget we need to fix update / fix / provide (delete as needed). What can you for £Z?
Supplier: How about this 2003 PC running XP?
"Come on GCHQ, this is your time to shine"
Every year:
GCHQ: They're going to get pwned unless you fix this list of things *unrolls*
HEALTH MINISTER: That looks expensive, and will cause disruption that will make me look bad because nobody can see the benefit. They'll be fine! You'll just pull out a magic wand and fix it. I won't blame you if you can't, I promise!
GCHQ: *sigh*
> Is it possible to blacklist bitcoin addresses or is this a "sub-address" not traceable to wherever the money is accumulating?
I'm sure the authorities will be extremely interested in any transactions that subsequently move the bitcoins onwards from that address. If whoever does so isn't behind 7 proxies, or knows what a mixing service is, they'll discover how unanonymous bitcoin is.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
