UK hospital meltdown after ransomware worm uses NSA vuln to raid IT UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
Saying this wasn't an organised attack is a little naive, considering the number of continents involved, simultaneously, and differing companies.
If it was just 'someone opening an attachment', that would hardly be enough to encrypt half the NHS and Telefonica etc... not unless a system admin did it on a PC with write access to the central NHS systems, for example - and that still wouldn't explain the other infections.
It appears to be billions of emails and thousands of people who've opened them with catastrophic results. So it's not an attack in the invasion-of-Iraq meaning of "attack". But it is an attack in the sense of a guy standing in a middle of street firing a machine gun randomly -- except the bullets on this gun can travel round the world.
For medical records, yes, pretty much. A notepad, a biro, a thick envelope and one of those big filing cabinets are all you need.
Computerisation adds nothing except the ability to sell records to Google.
X-rays and other imaging a bit different, but they don't need a massive system and importantly don't need to be part of the same system as patient details, history and notes.
This post has been deleted by its author
This post has been deleted by its author
GCHQ must have been busy monitoring EVERYONE EVERYWHERE plus a 56k link from ISIS land and probably missed some bozo with excessive privileges browsing the internet and clicking on stuff at a hospital.
Cant wait for the brain dead government view about it #hashtags and all.
From what I've heard this was using an exploit patched in the March release of Windows (ms17-010)
Being generous you might say the places affected have a 2 month test cycle and they release them the 1st Monday after Patch Wednesday.
Being cynical/realistic, I'd say they have a sporadic patching strategy and there will be some serious questions asked next week
It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.
… well I can't actually think of any but I'm open to suggestions.
In the meantime let's watch Mother Theresa, who as Home Minister a year ago is surely largely responsible for a large shovel of this shit, and her incompetent colleagues try and bluster their way out of this one. And these people are supposed to be responsible for major international political, security and trade negotiations?
So, your Majesty, how exactly does reducing the number of EU farm workers help protect the NHS from attack? Does Brexit contain a secret plan to protect the UK from nefarious computer hacking by following the lead of the Taleban and deindustrialising as fast as possible? After all, once the peasants have to worry about things like starvation or dying from Polio or the measles they're not really going to be protesting about freedom.
I was discussing ransomware with the Head of IT Operations at the Trust where I work yesterday. He said that our Trust was in a good place but much more funding was needed to get security where it needed to be to really feel comfortable.
The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support.
He informed me that another Trust had carried out a phishing / malware test, where 1 in 4 of the staff clicked on the link. This is the uphill struggle that Trust IT Depts are fighting against.
I heard from a colleague that our Trust was relatively unaffected as the IT Dept locked everything up tight as soon as they got wind of what was going on. Our ERP system went down as it is supported by another Trust that got completely taken offline. I did think of the IT Team as soon as news went round whilst I was offsite. I suspect they'll be pulling a weekender. I also suspect the Trust will suddenly cough up funding for enhanced security and support for user restrictions.
I work for many organisations in IT support and most of the tickets we look at are down to user error. I have only ever work for one company where when a new o/s or device was rolled out there was mandatory training afterwards.
Here my friends is where the problem lies, end users clicking on links attachments deleting stuff they shouldn't.
"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media."
Oh dear, an IT manager dinosaur. You guys are in trouble. Securing the perimeter is a hopelessly outdated model.
If you make your systems unpleasant to use people will work around your restrictions.
Accept that your network will be compromised and design everything with that scenario in mind.
"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support."
I understand the pressure from users but security should trump usability every time. No serious financial institution allows employees work access to the internet or personal emails or removable media. Your boss should treat other peoples most intimate data they way they treat our money. Provide terminals with no soundcards or USB or CDs to access the internet, unconnected to the local network, for people to browse their out of work nonsense.
I got the solution, just send the cheque in the mail, NHS! You can pay me in crumpets or scones, if you prefer, I don't think I'll notice the difference. NO HYBRID BREAD PRODUCTS though. Thank you.
Here is the solution, which is mine, and I own it, and here it is. And it is mine, here it is, my solution. Which is mine:
Have one person pay the ransom, then save all those files to a clean USB stick, and you have all the files back, there you go. Bob's your uncle. Okay?! Super.
Following is from a disgruntled friend about to retire: And thenhe's gonna provide Bitcoin services/knowledge to people who have never heard of bitcoin, but suddenly need it for some strange reason.. ;-)
===============================
Executives, and in this case Doctors (remember XXXXXs), are the reason IT backs down and drops their pants and leaves the door ajar for hackers. I see it all the time here at work. Screaming executives demand their f’n new toy or phone gets 100% access on our network NOW before their big meeting (or just before you get fired), or even board members cry to IT directors, who then order guys like me to “open er up”. We have no real power in IT.
The Russians KGB types now type all documents on typewriters, and lock them up in real vaults. In security circles in the USSR, nothing is on a computer.
So when Putin screams in your face, you open the vault, not the network firewall or switch ACLs. Then you’re poisoned or shot.
It's only asking for $300. Some kid in his bedroom has downloaded a list of hacked emails and sent out his designer malware package. He's now sh1ting himself because what he's done is all over the news. I hope he enjoys the meagre returns knowing that people may have actually died because of cancelled operations.
https://www.igt.hscic.gov.uk/
Requirement No: 14-311
Initiative: Information Security Assurance
Organisation Type: Acute Trust
Version: 14.0
Requirement Description:
Precautions are required to prevent and detect the introduction of malicious and unauthorised mobile code into an information asset’s computer components. Failure to defend against viruses and other malware could lead to significant damage to your organisation's business capabilities and serious impact on service user or patient care.
2: The approved and documented controls and procedures to mitigate against malware risks have been implemented.
I blame Tony Blair's Labour government who thought it was a good idea to madate that all public sector end user PCs were given internet access. Arbitrary code execution and an network connection to billions of potentially hostile computers/actors. It a disaster waiting to happen. But the main priorty was ensuring civil servant can buy of eBay and amazon while at work.
Be interesting how this has spread. Lots of talk, mainly be numpties, on the radio about the NHS System as if it’s some massive system that everybody in the NHS is connected to. Whereas you’ve got trusts and individual GP surgeries and even dental practises being hit, barring in mind those are pretty much totally separate sites divorced from systems in hospitals etc, there’s no way SMBv1 traffic is going to by magic make its way around various sites on its own . My money is on an email that members of staff at each site have opened independently, or a common NHS website that has been compromised and that has sent the malware out when individuals have accessed that site.
Lots of XP boxes still in the NHS hence the vector of SMBv1 would make sense as that tends still to be used for backward compatibility and there will be lots of old bits of legacy rubbish floating around in the NHS. And as XP isn’t support it ain’t been patched!
Going to be a right old buggers muddle of a job to sort out glad I don’t work in any form of NHS IT. Anyone from an NHS site that's been shafted got a comment? (probably up to their nuts in sh1t so we'll understand if you don't!)
With limited functionality for users comes limited opportunity for hackers.
Why did the NHS fall over itself to accommodate every whim and fancy, of what is predominately an IT illiterate gaggle of muppets.
It was chaos, as midwives and managers GP's and gynaecologists, queued round the block to have their input on how the system should work, and look what we've got. An all singing all dancing system that has more potential points of attack than a Cruft's show in North Korea.
"What!!? You're entering my diagnosis onto the same PC you've just been reading your emails on? Are you absolutely without compassion or did you win your license to practice at a gurning contest?"
Sorry, but 300 dollars is 300 dollars. Australian, Canadian or USA.
I have currently half a bitcoin. I think it's now worth about $400. I haven't checked lately
You probably mean 300 BITCOINS, = Ƀ300, not $300. There is no ASCII character for the bitcoin symbol yet. Nor likely will be!
Ƀ is a proposed symbol (see http://www.bitcoinsymbol.org/ )
But that's OK.. you're an amateur, right?
Linux.LInux.Linux.Linux.Linux.LInux.Linux.Linux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.Linux.Linux.Linux.Linux.LInux
Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux
Linux.LInux.Linux.Linux.Linux.LInux.Linux.Linux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.Linux.Linux.Linux.Linux.LInux
Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux
Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux
Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux
Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux
I went to a meeting a couple of weeks ago and several Trusts said they were not regularly patching machines. Not wanting to be smug but at my Trust we patch machines two days after Microsoft release them. We also patch non MS products.
The NHS needs to get tougher with suppliers and mandate that they will not deal with any suppliers whose software does not run on modern versions of browsers or have road maps to upgrade to SQL 2016 or Server versions.
Feel sorry for all the Trusts IT staff affecting, but patching costs nothing.....
I've not seen if this is encrypted once per workstation. It looks like the infection and ransom is running on an individual machine, if there are communal files with say 10,000 machines sharing access then I'm not sure how this would work.
Can the scumware recognise a file already 'locked' and so leaves that alone. If that is the case them theoretically each workstation could encrypt a different file with what I presume is a different key. It's no longer a case of pay your bitcoin and get your company back - assuming the file is recoverable as there was one strain recently which was a fraud and couldn't be recovered.
Geez! It's like Windows gets more dangerous by the day.
Honestly, by now these hospitals should probably start thinking about moving to Linux. It's matured a lot in the past few years and become really easy to switch over from Windows. I've been using a Linux distro called Zorin for the past few months and the transition was completely painless, and it doesn't get these Windows viruses.
Don't tell them that. If they all start using Linux, the virus devs will move on to that.
That's pretty unlikely. The underlying permissions structure of Linux, BSD and Unix make most of the types of attacks impossible. A user could (theoretically) screw up their own files, but the damage would be very confined.
The Linux problems at the moment are:
It's perceived as "geeky" and difficult to use:
My whole family have used Linux only for he last ten years, and most of them haven't a clue about anything other than basic use of a computer.
There's too much choice and no definitive "version":
One of the bigger distributions could be chosen - probably something like Debian / Mate - as the "definitive" version.
There's no support:
There is if you go with a bigger vendor....
All the objections can be easily overcome.
You can say that moving to Linux is the obvious choice, and longer-term it is. But in the short term there is new software acquisition, testing, identification of systems/equipment that are dependent on Windows or XP in particular, user interface development, retraining users, perhaps some new hardware because legacy hardware doesn't run the new software, etc.
(Tux--because he would never let us down!)
I'm surprised this hasn't happened before. Most of the ransomware I've read about seems content just to encrypt the local disks in the PC of the person unwise enough to open a dodgy email attachment. Is this the first time a virulent worm has been combined with ransomware?
When one of my colleagues' PC was obviously infected with ransomware, the off-shored out-sourced IT helpdesk insisted it remain connected to the network for several hours while they tried to remotely connect and diagnose the problem. Fortunately that ransomware didn't seem interested in spreading itself.
My thoughts exactly - never aired them so as not to encourage it,
but not in the least bit surprised.
Sigh!!
Just waiting for the 'guverment' kickback - encryption should be banned.
Also interesting the UK new's TV progs don't mention the use of NSA developed tool's that helped make this spread.
Surprised - NOT!
sprll mistakes - I'm pissed! - twats shut the pub early again the alan b'tards
>> The security hole has been patched for modern Windows versions, but not WindowsXP –
>> and the NHS is a massive user of the legacy operating system.
MS do produce security patches for XP (e.g. embedded) but choose only to make them available to e.g. NHS in rerturn for inreasingly exorbitant "support" charges; rather they try to "persuade" organisations like the NHS to cough up for newer versions of the OS (with new bugs) - and to spend huge amounts of money dealing with the consequent changes to other software components.
The moral position is highly questionable.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
