Ransomware hits NHS, other major nations apparently also hit

Infinite Chaos · May 12, 2017

A major incident has been declared after NHS services across England and Scotland were hit by a large-scale cyber-attack.

Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.
The BBC understands up to 25 NHS organisations and some GP practices have been affected.Link

And worldwide -

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

There have been reports of infections in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan and others.
Security researchers are linking the incidents together. Link.

In one instance, heart operation patients have had ops cancelled because of this. Some these scams are getting pretty sophisticated. Recently, I was contacted by BT Openzone India telling me I had slow running internet and it was until they asked me to run a check from my computer via a legit piece of screen sharing software that I put the phone down.

Lutherf · May 12, 2017

This is an example of the problems that can happen when a nation's eggs are all in one basket and part of the reason I am so completely opposed to the nationalization of any critical industry, including the military.

backpacker · May 12, 2017

Somebody in IT is going to be getting fired for surfing porn sites at work.

BTW, this is a good reason to create restore points on your computer.

blackjack50 · May 12, 2017

Infinite Chaos said:
And worldwide -

In one instance, heart operation patients have had ops cancelled because of this. Some these scams are getting pretty sophisticated. Recently, I was contacted by BT Openzone India telling me I had slow running internet and it was until they asked me to run a check from my computer via a legit piece of screen sharing software that I put the phone down.

I say find out who did it...and harvest them for their organs. Fitting end to their life. Would also benefit the people they tried to hurt.

Sent from my iPhone using Tapatalk

joG · May 12, 2017

Infinite Chaos said:
And worldwide -

In one instance, heart operation patients have had ops cancelled because of this. Some these scams are getting pretty sophisticated. Recently, I was contacted by BT Openzone India telling me I had slow running internet and it was until they asked me to run a check from my computer via a legit piece of screen sharing software that I put the phone down.

This is a symptomatic example of a problem of large central organizations. The larger the system is, the more dangerous its being compromised can be.

PeteEU · May 12, 2017

Lutherf said:
This is an example of the problems that can happen when a nation's eggs are all in one basket and part of the reason I am so completely opposed to the nationalization of any critical industry, including the military.

You do realise that most of the companies hit were in fact private sector companies right?

You also realise that US hospital companies have been hit by similar attacks for quite a while?

PeteEU · May 12, 2017

What this exposes is that companies, as well as the public sector needs to invest more in upgrading their systems. The reason that the NHS was hit, was that they still were using freaking Windows XP machines. From what I understand in Spain, Telefonica got hit internally in a specific part of the company but it did not effect the customers... guessing someone forgot to patch the machines in that sector.

So... to all the anti-patch people out there.. update your machines operating system with the latest patches! Microsoft posted a patch in March for this specific attack engineered by the NSA...

PeteEU · May 12, 2017

joG said:
This is a symptomatic example of a problem of large central organizations. The larger the system is, the more dangerous its being compromised can be.

So you solution is small organisations with no funding at all to upgrade and protect their systems? Small companies are constantly being hit by such attacks because they dont have the capacity and funding to protect themselves... now this excuse is not present in large organisations, so the only reason is laziness and stupidity, two things that can be quickly fixed by competent IT managers.

joG · May 12, 2017

PeteEU said:
So you solution is small organisations with no funding at all to upgrade and protect their systems? Small companies are constantly being hit by such attacks because they dont have the capacity and funding to protect themselves... now this excuse is not present in large organisations, so the only reason is laziness and stupidity, two things that can be quickly fixed by competent IT managers.

Nope. That isn't, what I said. But maybe you can find a schnook that will believe you.

Infinite Chaos · May 12, 2017

PeteEU said:
What this exposes is that companies, as well as the public sector needs to invest more in upgrading their systems. The reason that the NHS was hit, was that they still were using freaking Windows XP machines. From what I understand in Spain, Telefonica got hit internally in a specific part of the company but it did not effect the customers... guessing someone forgot to patch the machines in that sector.

So... to all the anti-patch people out there.. update your machines operating system with the latest patches! Microsoft posted a patch in March for this specific attack engineered by the NSA...

Budget cuts probably means companies can afford to keep upgrading computers and not all computers will run the latest software. I feel the NHS should have modern software but if this was a viral link someone stupidly clicked on then that also proves that no matter what you try, human stupidity will ruin things.

PeteEU · May 13, 2017

Infinite Chaos said:
Budget cuts probably means companies can afford to keep upgrading computers and not all computers will run the latest software. I feel the NHS should have modern software but if this was a viral link someone stupidly clicked on then that also proves that no matter what you try, human stupidity will ruin things.

Yes and we see what budget cuts on IT can do. Although there is something strange with this, as it was stopped so easily... some IT guys bought a domain and it broke the ransom ware bot net.

And it was a "link" that caused it, but had the system been fully updated then it would not have worked. There were plenty of NHS trusts that were not effected, because they had updated their systems.

Infinite Chaos · May 13, 2017

PeteEU said:
~ Although there is something strange with this, as it was stopped so easily... some IT guys bought a domain and it broke the ransom ware bot net.

Yeah, I found that strange too.

PeteEU said:
~ And it was a "link" that caused it, but had the system been fully updated then it would not have worked. There were plenty of NHS trusts that were not effected, because they had updated their systems.

Remember there are a lot of systems users on an intranet who the the system needs protecting from. Not all systems can cope with (deliberate) human error.

PeteEU · May 13, 2017

Infinite Chaos said:
Yeah, I found that strange too.

Also the targets were like 80+% in Russia.. which stinks to high hell of an American being behind it.

Remember there are a lot of systems users on an intranet who the the system needs protecting from. Not all systems can cope with (deliberate) human error.

Not updating your OS with security patches is human error.. sorry stupidity.

Carjosse · May 13, 2017

PeteEU said:
Also the targets were like 80+% in Russia.. which stinks to high hell of an American being behind it.

Not updating your OS with security patches is human error.. sorry stupidity.

Or the fact that Russia is probably far more likely to use outdated technology or pirated versions which would not receive the security patches, probably more the latter.

PeteEU · May 13, 2017

Carjosse said:
Or the fact that Russia is probably far more likely to use outdated technology or pirated versions which would not receive the security patches, probably more the latter.

Kinda arrogant opinion ....

First off, even if you had a pirated version of the OS, then you would have received the update to protect you.

Secondly, if Russia has "outdated technology", then how is it that it is Russia, along with the "outdated" Chinese, that have been dominating the hacking wars the last decade?

And lets be fair here.. governments in general are behind on the tech scene often. Your own nuclear weapons systems is run in part on 5 1/4 inch floppy discs..

But also we are getting more and more info on which companies were hit.. a quite a few are American companies. Fed Ex was one for example.. they have outdated tech as well?

Carjosse · May 13, 2017

PeteEU said:
Kinda arrogant opinion ....

First off, even if you had a pirated version of the OS, then you would have received the update to protect you.

Secondly, if Russia has "outdated technology", then how is it that it is Russia, along with the "outdated" Chinese, that have been dominating the hacking wars the last decade?

And lets be fair here.. governments in general are behind on the tech scene often. Your own nuclear weapons systems is run in part on 5 1/4 inch floppy discs..

But also we are getting more and more info on which companies were hit.. a quite a few are American companies. Fed Ex was one for example.. they have outdated tech as well?

Eastern Europe and Russia in particular has a very high usage of pirated software even in an enterprise setting. And pirated software does prevent you from receiving updates, at least through Microsoft. Most large companies use outdated legacy software.

PeteEU · May 14, 2017

Carjosse said:
Eastern Europe and Russia in particular has a very high usage of pirated software even in an enterprise setting. And pirated software does prevent you from receiving updates, at least through Microsoft. Most large companies use outdated legacy software.

LOL pirated software, in this case Windows, has never been prevented in receiving critical security updates. I ran with illegal versions of XP and Windows 7 for over a decade and got all the security updates regularly. Microsoft has always had the policy of updating all their products with critical security updates regardless if they were legal or not.

Plus "illegal" versions of Windows XP and 7 that are cracked, are seen as legal by Microsoft servers.

Infinite Chaos · May 14, 2017

My partner told me there were severe warnings sent to staff where she works (loosely NHS related) on Saturday regarding opening emails from any unknown senders.

Meanwhile, Monday morning could see waves more attacks.

We're Windows 7 based at work and the company runs SOPHOS anti-virus software - but even then, if you click a link you shouldn't it can still bring your system down.

PeteEU · May 14, 2017

Infinite Chaos said:
My partner told me there were severe warnings sent to staff where she works (loosely NHS related) on Saturday regarding opening emails from any unknown senders.

Meanwhile, Monday morning could see waves more attacks.

Well you should never open emails from unknown senders

And the botnet handling the ransomware has been deactivated last I heard.

We're Windows 7 based at work and the company runs SOPHOS anti-virus software - but even then, if you click a link you shouldn't it can still bring your system down.

As long as your IT guy has updated Windows 7 with the latest security patches then nothing will happen even if you click on a link you should not (in relation to this ransomware). It exploits a flaw that has been patched (if your IT guy has patched the system), and if it cant exploit the flaw.. then it wont work.

Infinite Chaos · May 14, 2017

PeteEU said:
Well you should never open emails from unknown senders And the botnet handling the ransomware has been deactivated last I heard.

As long as your IT guy has updated Windows 7 with the latest security patches then nothing will happen even if you click on a link you should not (in relation to this ransomware). It exploits a flaw that has been patched (if your IT guy has patched the system), and if it cant exploit the flaw.. then it wont work.

Can I check something - opening an email won't infect your computer, don't you have to click any links contained inside?

Chagos · May 14, 2017

Infinite Chaos said:
Can I check something - opening an email won't infect your computer, don't you have to click any links contained inside?

virus need not be in an email link (i.e attached file or hyperlink) but can be embodied in the mail itself (specifically in the HTML body).

Works the same way as an unsafe URL.

If you're using an email program (like MS-Outlook) it may pay to have a previewer like Mailwasher. With something like that you can see what's coming from whom without the mail even entering your system. IOW you can delete the stuff that looks suspicious even before it's on your mail programme (unopened as it may yet be, once there).

Plenty of freebees out there and they only check with your server what's ready for download.

Beats having to sign in online to your mail server every time to pre-check.

I run a malware "detect and kill" programme every fortnight and it came up with nothing for some time. But even where I never click any URL's not having the https prefix (the "s" is important) it picked something up last year. Forget what it was, just that it wasn't particularly malicious.

But even antivirus and anti-spy obviously missed it.

Where I run mostly on Linux, I need MS for certain things. Beyond that I stay away from their products as much as possible. Not because they're particularly unsafe but because they're the most targeted. IE is definitely a no-no browser for me but that's mostly because I don't like it.

And remember that two thirds of all the malware crap is transported on social networks.

Infinite Chaos · May 15, 2017

Chagos said:
virus need not be in an email link (i.e attached file or hyperlink) but can be embodied in the mail itself (specifically in the HTML body).

That's really sneaky.

Chagos said:
~ If you're using an email program (like MS-Outlook) it may pay to have a previewer like Mailwasher ~

Will look this out. However, as PeteEU says, it also pays to have the latest patch installed I guess.

Chagos · May 15, 2017

Infinite Chaos said:
That's really sneaky.

Will look this out. However, as PeteEU says, it also pays to have the latest patch installed I guess.

Always!!!

PeteEU · May 15, 2017

Infinite Chaos said:
Can I check something - opening an email won't infect your computer, don't you have to click any links contained inside?

Well...... that depends. If there is an attachment, the do not touch it (other than to delete it).

Opening an email should in most cases not get you infected, but there are "buts" involved. Chances are slim.

My recommendation is simple.. funnel your emails through Gmail or outlook.com (unless that is what you use of course). That way, their anti-virus scans and anti-spam systems are scanning all your mails and keeping you safe.

NeverTrump · May 15, 2017

Infinite Chaos said:
And worldwide -

In one instance, heart operation patients have had ops cancelled because of this. Some these scams are getting pretty sophisticated. Recently, I was contacted by BT Openzone India telling me I had slow running internet and it was until they asked me to run a check from my computer via a legit piece of screen sharing software that I put the phone down.

As long as you have backups of backups of backups and hopefully everything rests on thin clients on your corporate network. The businesses should only lose a few hours of work while IT restores everything. No need to pay the ransom if you got that. We don't have thin clients, so we'd have to replace the images on the computers which might take about a day to re-do everything. As always use common sense. If you have an IT department you shouldn't be getting unsolicited calls from India claiming to be tech support. Always make sure you know what your IT number is, and it wouldn't hurt to get to know the IT guys personally too, if you have a small enough work group.

Ransomware hits NHS, other major nations apparently also hit

Infinite Chaos

Lutherf

backpacker

blackjack50

joG

PeteEU

PeteEU

PeteEU

joG

Infinite Chaos

PeteEU

Infinite Chaos

PeteEU

Carjosse

Sit Nomine Digna

PeteEU

Carjosse

Sit Nomine Digna

PeteEU

Infinite Chaos

PeteEU

Infinite Chaos

Chagos

Infinite Chaos

Chagos

PeteEU

NeverTrump

Exposing GOP since 2015