NHS cyber-attack: GPs and hospitals hit by ransomware - SLUniverse Forums
Navigation » SLUniverse Forums > Off Topic Discussion > Politics, Religion & Society » NHS cyber-attack: GPs and hospitals hit by ransomware


Politics, Religion & Society Topics pertaining to politics, religion, philosophy, and social issues. Not for the faint of heart. Also, do not post while drunk, suffering from food poisoning, or while on a low carb diet. You have been warned.

 
Sponsor:
LIONHEART - We Have Your Land
Reply
 
LinkBack Thread Tools Display Modes
Old 05-12-2017, 11:47 AM   #1 (permalink)
Senior Member
 
stora's Avatar
 
Join Date: Jan 2010
Posts: 1,386
My Mood:
SL Join Date: July 2003
NHS cyber-attack: GPs and hospitals hit by ransomware

Quote:
NHS services across England and some in Scotland have been hit by a large-scale cyber-attack.
Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.
NHS England has declared a major incident. The BBC understands up to 25 NHS organisations and some GP practices have been affected.
NHS cyber-attack: GPs and hospitals hit by ransomware - BBC News
stora is offline   Reply With Quote
Old 05-12-2017, 01:34 PM   #2 (permalink)
Senior Member
 
Dakota Tebaldi's Avatar
Lurkin' and stuff
 
Join Date: Feb 2008
Location: Down by the bay, where the watermelons grow...
Posts: 12,110

Awards: 1
SLU Creepy Avatar Competition 2014 Participant 
According to onmsft.com, although the source isn't specified, many of the attacks appeared to be using some of the CIA hacking tools released by WikiLeaks in March, so - thanks, I guess? Public patches to those vulnerabilities were released by Microsoft later that month; but it appears many organizations haven't accepted or applied the patch yet, which left them open to the assault.
__________________
Quote:
Originally Posted by Io Zeno
Cody, you are unusual.
Dakota Tebaldi is offline   Reply With Quote
Old 05-12-2017, 01:58 PM   #3 (permalink)
Cookie stealer
 
Ranae Quinn's Avatar
Echo Amarante
 
Join Date: Aug 2014
Location: Nottingham, England
Posts: 220
SL Join Date: 06/09/2005
Client: Firestorm
yeah the government isn't exactly up to date with technology or updates, we're still using windows 7
Ranae Quinn is offline   Reply With Quote
Old 05-12-2017, 02:05 PM   #4 (permalink)
Senior Member
 
Tigger's Avatar
lesser spotted swivel eyed loon
 
Join Date: Oct 2009
Location: Disunited kingdom of wales and little england
Posts: 1,980
My Mood:
Business: The Tiggerworks
Can't help feeling that if the NHS had more funding they may just have been better prepared.

Seems like a lot of places around the world are being hit with the same attack so it may not be accurate to describe it as targeted at the NHS, more like it's targeted at anyone with unpatched vulnerabilities.
Tigger is online now   Reply With Quote
2 Users Agreed:
Old 05-12-2017, 02:23 PM   #5 (permalink)
Senior Member
 
Tigger's Avatar
lesser spotted swivel eyed loon
 
Join Date: Oct 2009
Location: Disunited kingdom of wales and little england
Posts: 1,980
My Mood:
Business: The Tiggerworks
Quote:
Machines are being infected using exploits developed by the U.S. National Security Agency and leaked by the group known as ShadowBrokers

More than 57,000 detections in 74 countries have been recorded. Russia appears to be the most infected country by far, according to cybersecurity firms Kaspersky and Avast.
Thanks, NSA.

https://www.cyberscoop.com/unprecede...and-and-spain/
Tigger is online now   Reply With Quote
Old 05-12-2017, 03:36 PM   #6 (permalink)
Peeps Tsar
 
Cristiano's Avatar
#imalwayswithher
 
Join Date: Jun 2007
Location: Miami, FL
Posts: 35,375
My Mood:
SL Join Date: Dec 2002
Business: ANOmations
Client: Viewer 2
Blog Entries: 18
Send a message via Yahoo to Cristiano Send a message via Skype™ to Cristiano
There's a Massive Ransomware Attack Spreading Globally Right Now [Updated]
__________________
"A certain darkness is needed to see the stars" ~ Osho




Cristiano is offline   Reply With Quote
3 Users Said Thanks :
1 User Agreed:
Old 05-12-2017, 04:20 PM   #7 (permalink)
Senior Member
 
Dakota Tebaldi's Avatar
Lurkin' and stuff
 
Join Date: Feb 2008
Location: Down by the bay, where the watermelons grow...
Posts: 12,110

Awards: 1
SLU Creepy Avatar Competition 2014 Participant 
FYI: If you are running Windows 10 and allow updates, you are currently safe from this attack, as the patch was pushed to you in March.
Dakota Tebaldi is offline   Reply With Quote
Old 05-12-2017, 04:53 PM   #8 (permalink)
Ho hum
 
Ewan Took's Avatar
............
 
Join Date: Jun 2007
Location: SL
Posts: 4,566
My Mood:
Yes it's global. Telefonica in Spain was apparently hit too.
__________________
"The secret to creativity is knowing how to hide your sources."
Ewan Took is offline   Reply With Quote
Old 05-12-2017, 05:25 PM   #9 (permalink)
Nasty Brit
 
Innula Zenovka's Avatar
Grande Cabalista
 
Join Date: May 2009
Posts: 16,434
SL Join Date: 17 June 2007
Business: Something Spunky
Quote:
Originally Posted by Tigger View Post
Can't help feeling that if the NHS had more funding they may just have been better prepared.

Seems like a lot of places around the world are being hit with the same attack so it may not be accurate to describe it as targeted at the NHS, more like it's targeted at anyone with unpatched vulnerabilities.
I find it difficult to believe that a lack of adequate funding is the only reason why a patch flagged as urgent and released in March hasn't been applied by May.

I'm also rather shocked to learn that so many large hospitals apparently don't have anti-Malware protection. For several years now, I've used Malwarebytes, who claim their products stop this kind of exploit, precisely because I want to minimise the risk of finding my system hijacked and held to ransom.
Innula Zenovka is online now   Reply With Quote
Old 05-12-2017, 05:46 PM   #10 (permalink)
Senior Member
 
stora's Avatar
 
Join Date: Jan 2010
Posts: 1,386
My Mood:
SL Join Date: July 2003
Quote:
Originally Posted by Innula Zenovka View Post
I find it difficult to believe that a lack of adequate funding is the only reason why a patch flagged as urgent and released in March hasn't been applied by May.

I'm also rather shocked to learn that so many large hospitals apparently don't have anti-Malware protection. For several years now, I've used Malwarebytes, who claim their products stop this kind of exploit, precisely because I want to minimise the risk of finding my system hijacked and held to ransom.

Workloads, budgets, procedures and lack of skills.
stora is offline   Reply With Quote
1 User Said Thanks:
Old 05-12-2017, 05:55 PM   #11 (permalink)
Senior Member
 
Dakota Tebaldi's Avatar
Lurkin' and stuff
 
Join Date: Feb 2008
Location: Down by the bay, where the watermelons grow...
Posts: 12,110

Awards: 1
SLU Creepy Avatar Competition 2014 Participant 
Quote:
Originally Posted by Innula Zenovka View Post
I'm also rather shocked to learn that so many large hospitals apparently don't have anti-Malware protection. For several years now, I've used Malwarebytes, who claim their products stop this kind of exploit, precisely because I want to minimise the risk of finding my system hijacked and held to ransom.
I agree here; I use MWB too.
Dakota Tebaldi is offline   Reply With Quote
Old 05-12-2017, 05:56 PM   #12 (permalink)
I'm not Here!
 
Kalel's Avatar
hypnotized
 
Join Date: Apr 2010
Location: Miami
Posts: 1,772
My Mood:
SL Join Date: 1/25/2006
Business: looking for fresh start..
Client: Singularity
Send a message via Skype™ to Kalel
"If it ain't broken,don't fix it." This ideology holds true in allot of people's minds.

Companies are usually afraid to update their system for fear of breaking something currently working. Allot of business software have the option to delay updates that consumer versions can't avoid for this reason.

Would also mention red tape and paper work and older people in charge who don't understand technology and cyber warfare..

Part of reason why Microsoft is trying to get everyone on windows 10.

Sent from my 0PJA2 using Tapatalk
__________________
"The wisest of men know what they do not yet know.""The paradox of knowledge is that it’s always on your side, but not always in your favor."

"The privilege of a lifetime is to become who you truly are. -Jung"
Kalel is offline   Reply With Quote
1 User Said Thanks:
1 User Agreed:
Old 05-12-2017, 07:05 PM   #13 (permalink)
That Bitch

*SLU Supporter*
 
Void's Avatar
Innocent as far as you know
 
Join Date: Nov 2011
Location: Online
Posts: 14,587
My Mood:
SL Join Date: late 04 original account, mid 05 current
Quote:
Originally Posted by Innula Zenovka View Post
I find it difficult to believe that a lack of adequate funding is the only reason why a patch flagged as urgent and released in March hasn't been applied by May[...].
actually, not nearly as surprising as you think... several recent MS updates have had some nasty side effects on corporate level software, and MS trying to push ghost update (updates that have no meaningful description of their purpose or what they affect) has made companies both leery of updating immediately, and also making it hard for them to determine if updates are safe to apply. mix in 24/7 live use, and critical infrastructure and yeah, I'm not a bit surprised by a 2 month lag in updates.
__________________
- These eyes can do more than see
Quote:
Originally Posted by Cajsa Lilliehook View Post
It's not enough to care about liberty if the only liberty you care about is your own.
Quote:
Originally Posted by Jupiter Firelyte View Post
Why doesn't anyone ever ask, "What is the real meaning of the winter solstice?"
Quote:
Originally Posted by Eboni Khan View Post
Thanks for being passive agressive.
Void is offline   Reply With Quote
Old 05-12-2017, 07:21 PM   #14 (permalink)
Senior Member
 
LoriClaremont's Avatar
This space for rent
 
Join Date: Jan 2011
Location: San Francisco area
Posts: 586
My Mood:
SL Join Date: 5/30/2009
Client: Firestorm
Talos has an initial report on this, worth reading if you're interested in online security etc. etc.:
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
LoriClaremont is offline   Reply With Quote
2 Users Said Thanks :
Old 05-12-2017, 07:55 PM   #15 (permalink)
Nemo me impune lacessit

*SLU Supporter*
 
Lucifer Baphomet's Avatar
We look to Scotland for all our ideas of civilisation. -Voltaire
 
Join Date: Aug 2007
Location: Paisley, Cradle of the Stewarts
Posts: 25,186
My Mood:
Business: Radio Free Darkmere

Awards: 1
Most Erotic Salma Hayek Youtube Clip 
Quote:
Originally Posted by stora View Post
Workloads, budgets, procedures and lack of skills.
When they put computers into the ICU in Stobhill Hospital in Glasgow, the IT folk setting everything up told the nurses DON'T use "password" or "nurse" as your password. Guess what around 90% of them used anyway?
Lucifer Baphomet is offline   Reply With Quote
1 User Agreed:
Old 05-12-2017, 07:56 PM   #16 (permalink)
Senior Member
 
Join Date: Aug 2007
Posts: 615
My Mood:
This is why you have backups. My office has been hit by cryptolocker like 3-4 times, each time I found the insertion point (Idiot clicked something) snatch and grabbed their PC so it wouldn't re-infect, then mounted a write protected snapshot and copied over the latest snapshot of the affected partitions.

If your company or hospital gets taken down by ransomware, someone there is incompetent. Either IT, or management for not funding IT. But it's a sign of organizational rot.

Should be noted that most ransomware only gets detected by virus scanners AFTER the hit. Which is kinda useless.
Jorus Xi is offline   Reply With Quote
1 User Said Thanks:
2 Users Agreed:
1 User Likes This:
Old 05-12-2017, 08:15 PM   #17 (permalink)
Senior Member
 
Join Date: Aug 2007
Posts: 615
My Mood:
Quote:
Originally Posted by Innula Zenovka View Post
I find it difficult to believe that a lack of adequate funding is the only reason why a patch flagged as urgent and released in March hasn't been applied by May.
Admins are leery as fuck about immediately applying Microsoft patches because of their nasty tendency to break something important that won't be hotfixed till the next day, gutting the business for the time it takes you to revert the patch and hope it works, or restore a backup.

The number of times a bumbling security update has nuked SMB (which lol, is kinda a big deal on servers) and brought something to a screeching halt is.. well it's something allright. Most admins learn this the hard way. My hard way was updating all of my terminal servers one day only to find MS had accidentally fucked up how it stores print driver information in the registry, it would duplicate entries over and over and over and over again for each user the printer was mapped to until it would blow out the registry cache and nuke the ability to have more than six people logged in at a time before the server would slow to a crawl. I had to sit on patches for three months till they unfucked it.

Mix that in with the fact that (Sorry Linux Admins!) windows server has been an inherently stable platform since server 2003, and it just doesn't require the nigh constant downtime of previous versions to manage. Having to reboot a server weekly to get the latest and greatest patches is now an inconvenience whereas if you have a monthly or once every two month patch cycle you can not only avoid the "Oops fucked myself into a corner" situation but can also avoid productivity stopping halts. Not every business can afford to run clusters, so minimum downtime is good.

The sooner Windows moves to a live patching system that doesn't require downtime, and a built in snapshotting system that allows me to revert without having to deal with disk chewing shadowcopy OR just saying "Fuck it" and making my own VMDK snapshots the better.

Uh.. hurf blurf nerd shit.
Jorus Xi is offline   Reply With Quote
2 Users Agreed:
Old 05-12-2017, 08:23 PM   #18 (permalink)
Senior Member
 
stora's Avatar
 
Join Date: Jan 2010
Posts: 1,386
My Mood:
SL Join Date: July 2003
Quote:
Originally Posted by Lucifer Baphomet View Post
When they put computers into the ICU in Stobhill Hospital in Glasgow, the IT folk setting everything up told the nurses DON'T use "password" or "nurse" as your password. Guess what around 90% of them used anyway?

Yes and passwords don't help when they walk away from the PC without logging off or locking the screen.

I have advanced security but still got a lecture from a nurse about confidentiality then she walked away from her PC and left it open for me to run some tests on the hardware that I was replacing. :-0
stora is offline   Reply With Quote
1 User Agreed:
Old 05-12-2017, 08:34 PM   #19 (permalink)
Senior Member
 
Join Date: Aug 2007
Posts: 615
My Mood:
you work in health IT? I'm sorry.
Jorus Xi is offline   Reply With Quote
1 User Laughed:
Old 05-12-2017, 08:35 PM   #20 (permalink)
Senior Member
 
Join Date: Aug 2007
Posts: 615
My Mood:
Also create a gpo that autolocks PC's after 2-5 minutes of inactive cursor time.
Jorus Xi is offline   Reply With Quote
1 User Agreed:
Old 05-13-2017, 01:23 AM   #21 (permalink)
Senior Member
 
Tigger's Avatar
lesser spotted swivel eyed loon
 
Join Date: Oct 2009
Location: Disunited kingdom of wales and little england
Posts: 1,980
My Mood:
Business: The Tiggerworks
Quote:
Originally Posted by Jorus Xi View Post
Also create a gpo that autolocks PC's after 2-5 minutes of inactive cursor time.
But that kind of thing just encourages people to use 'easy to remember' passwords, or to stick post-its with passwords on their monitors (or if you take them off the monitors, they'll be stuck to the underside of keyboards)
Tigger is online now   Reply With Quote
1 User Agreed:
Old 05-13-2017, 02:12 AM   #22 (permalink)
Senior Member
 
Tigger's Avatar
lesser spotted swivel eyed loon
 
Join Date: Oct 2009
Location: Disunited kingdom of wales and little england
Posts: 1,980
My Mood:
Business: The Tiggerworks
Well, here's another reason why more investment in the NHS might have prevented this:

Quote:
“This was eminently predictable in lots of ways,” said Ryan Kalember from cybersecurity firm Proofpoint. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realized that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”
Many NHS computers still use windows XP? Seriously?

https://www.theguardian.com/technolo...P=share_btn_tw
Tigger is online now   Reply With Quote
Old 05-13-2017, 03:30 AM   #23 (permalink)
Senior Member
 
Join Date: Aug 2007
Posts: 615
My Mood:
Quote:
Originally Posted by Tigger View Post
But that kind of thing just encourages people to use 'easy to remember' passwords, or to stick post-its with passwords on their monitors (or if you take them off the monitors, they'll be stuck to the underside of keyboards)
Set a GPO for complexity requirements. Walk around once a week randomly throwing away password post it's and when people complain, you write up the complainers for not complying with corporate policy.
Jorus Xi is offline   Reply With Quote
Old 05-13-2017, 08:40 AM   #24 (permalink)
Nasty Brit
 
Innula Zenovka's Avatar
Grande Cabalista
 
Join Date: May 2009
Posts: 16,434
SL Join Date: 17 June 2007
Business: Something Spunky
I see, via The Guardian, that
Quote:
Questions are also being asked whether some of the disruption to services was avoidable, and had been caused by trusts switching systems off as a precautionary measure, rather than being infected by the Wannacrypt ransomware.

One leading NHS IT director told Digital Health News said that there appeared to have been a knee-jerk reaction to switch off systems, mainly due to advice from NHS Digital. “All of the reports on the BBC [about disruption] are directly related to people having shut down networks, nothing to do with the ransomware itself.”

“I know people have been hit (I’m not saying attacked, because I can’t see either anything new, or anything NHS specific at the moment), but I fail to see how disconnecting clinical systems from networks helps anyone. If your clinical system can be attacked by ransomware, there is something seriously wrong with its deployment.”
https://www.digitalhealth.net/2017/0...ck-disruption/

The article goes on to say that
Quote:
The suspicion is that many NHS trusts proved particularly vulnerable to Wannacrypt, which exploited a known flaw in Microsoft’s SMB file-sharing services, because they have not kept up to date with Microsoft security patches, which may well raise alarm bells about the age of systems in use at many NHS trusts.

Support for Windows XP was withdrawn in April 2014 but according to Digital Health Intelligence data on NHS infrastructure as many as 20% of NHS organisations could still be relying upon it as their primary operating system, and around 90% are thought to run something on it somewhere in the organisation.
It quotes several NHS IT professionals as saying that, in the long run, the attack is probably a good thing for NHS IT services, since it dramatises the need to keep systems updated and secure.
Innula Zenovka is online now   Reply With Quote
2 Users Said Thanks :
Old 05-13-2017, 10:37 AM   #25 (permalink)
Senior Member
 
Tigger's Avatar
lesser spotted swivel eyed loon
 
Join Date: Oct 2009
Location: Disunited kingdom of wales and little england
Posts: 1,980
My Mood:
Business: The Tiggerworks
Quote:
Originally Posted by Innula Zenovka View Post
It quotes several NHS IT professionals as saying that, in the long run, the attack is probably a good thing for NHS IT services, since it dramatises the need to keep systems updated and secure.
This is almost certainly true. My experience is that security is always one of the lowest priorities. It's rare to find anyone willing to spend even a penny on basic security good practice, most organisations operate on the principle of "it'll never happen to us" until such time as it does.
Tigger is online now   Reply With Quote
2 Users Said Thanks :
1 User Agreed:
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are On




SEO by vBSEO