• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Guardian: Hospitals across England hit by large-scale cyber attack

S

Stead Fast

Banned
Just saw this pop up on my feed. Apparently demands for money have been made. More in the article:

The article itself

A number of hospitals have been hit by a large scale cyber attack, NHS England has confirmed.

Hospitals across the country appear to have been simultaneously hit by a bug in their IT systems, leading to many diverting emergency patients. NHS England said it was aware of the problem and would release more details soon.

Meanwhile doctors have been posting on Twitter about what has been happening to their systems.

A screen grab of a instant message conversation circulated by one doctor says: ”So our hospital is down ... We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone."
Click to expand...

A pretty chilling prospect as the article goes on to talk about the knock-on effect this may have for emergency patients near the hospitals effected.

The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England said it was aware of the problem and would release more details soon.

According to reports, affected hospitals include those run by East and North Hertfordshire NHS trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust.

In a message to a Guardian reporter, one NHS IT worker said: ”At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down.

”A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen. This followed with an internal major incident being declared and advised all trust staff to shut down all PCs in the trust and await further instructions.

”This is affecting the east of England and number of other trusts. This is the largest outage of this nature I've seen in the six years I've been employed with the NHS."
Click to expand...

C_n7v4BWsAAi8Sb.jpg


Edit:

”The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

”NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.

”This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

”Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."
Click to expand...

Potentially linked to a wider-scale attack including Telefonica and Santander.

https://www.euroweeklynews.com/3.0.15/news/on-euro-weekly-news/spain-news-in-english/144385-telefonica-allegedly-hacked-and-held-to-ransom

https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html

https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html

Edit 2:

At least 25 affected according to BBC, Sky News reported live of 40.

http://www.bbc.co.uk/news/health-39899646
 
S

Stead Fast

Banned
Hasney said:
It encrypts the hard drive normally so your options are re-format and restore a known clean backup, which obviously takes time, or pay them.
Click to expand...

Indeed, and in most circumstances that only costs you more money and effort. Here, add to that untold amounts of medical data.
 
H

Hasney

Member
I'm guessing that going by the timing and the fact O2/Telefonica are affect as well, it isn't a targeted attack and is Jaff

https://www.theregister.co.uk/2017/05/12/jaff_ransomware/

Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM file with a malicious macro script. This script will then download and execute the Jaff ransomware.
Click to expand...
Mindwipe said:
There aren't any reports... any link?
Click to expand...

https://www.bleepingcomputer.com/ne...n-computers-amid-massive-ransomware-outbreak/
 
S

Sandoval

Member
Ransomware sucks, but it's definitely on their IT for not maintaining backups. The medical field is highly susceptible to this sort of attack because they 100% absolutely need the patient files and often have really shitty IT practices. My organization got hit at one point last year, we restored from a back up and everything was running as intended three hours later. Some clinics that we associate with haven't been so lucky, one declined to pay, and the others all ponied up the cash. The sad part is that there is an increasing preponderance of ransomware attacks where the group will take the money and never provide a key. About the only silver lining to this is that the entire ransomware industry is based on trust, and if that strange trust is broken, people will stop paying and the entire industry will dissipate.
 
A

admiraltaftbar

Member
Meadows said:
Who the fuck is trying to extort money from a public sector health service. Literally robbing from the sick.
Click to expand...

It's a really lucrative business. Hospitals in the US are really susceptible to these attacks too and there's been a big push to make sure security and training are up to date to avoid this from happening. The scary thing is even if most of the attempts at stealing data are thwarted, one successful attempt is absolutely disastrous so there no margin of error.
 
D

DerangedHermit

Member
As others said, this probably wasn't targeted specifically at the hospitals but most likely someone got infected/hacked and the whole network got taken over.

It's happening like RIGHT NOW in Portugal too.

EDIT: Note, not to Portuguese hospitals but lots of internet services.
 
N

nitronite

Member
Why is Russia now hacking hospitals across England? What nefarious schemes do they have up their sleeves this time? Find out next time on This Is Now Our Political Reality Z!

edit:Apparently sources are saying that hackers from China are likely culprits.
 
C

cirrhosis

Member
If I was on their IT team I'd be seriously considering sudoku. How the fuck do you explain this? And thinking g about backups for multiple hospitals? Holy shit
 
S

Stead Fast

Banned
A photo of the message posted onto Twitter.

C_n7v4BWsAAi8Sb.jpg


It seems a lot more medical sites further north are effected, with GPs unable to access any patient records.
 
H

Hasney

Member
Just had an alert that it is WCry in the NHS.

Bleeping Computer just reported that KPMG and Santandar are also hit.

https://www.bleepingcomputer.com/ne...n-computers-amid-massive-ransomware-outbreak/

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html

cirrhosis said:
If I was on their IT team I'd be seriously considering sudoku. How the fuck do you explain this? And thinking g about backups for multiple hospitals? Holy shit
Click to expand...

Well we're now onto NHS, Telefonica, KPMG and Santander all hit in one day, so it's probably not just one ICT bad practice here. Backup practices are going to be tested now though.
 
X

Xando

Member
hodgy100 said:
think this was caused by an employee accidentally picking up the virus from somewhere? or an attack?
Click to expand...

Probably some idiot clicked on a link and the ransomware spread through the NHS network.

Who knows how long it was inside the network. I remember when the german parliament was hacked it took 7 days for it to get noticed just because some secretary clicked on a link sent by the attackers (in this case russian GRU).

Most of these devices still run XP or windows 7 and have many vulnerabilities.
 
E

Elbereth

Member
Hasney said:
Just had an alert that it is WCry in the NHS.

Bleeping Computer just reported that KPMG and Santandar are also hit.

https://www.bleepingcomputer.com/ne...n-computers-amid-massive-ransomware-outbreak/

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html



Well we're now onto NHS, Telefonica, KPMG and Santander all hit in one day, so it's probably not just one ICT bad practice here. Backup practices are going to be tested now though.
Click to expand...


I'm a system admin for one of those companies....

23163559DUDRP1B4.gif
 
U

Uhyve

Member
hodgy100 said:
think this was caused by an employee accidentally picking up the virus from somewhere? or an attack?
Click to expand...
Usually infected email attachments.

I used to work for a company that supplies food for the NHS, we got hit by ransomware about a year ago. Email was how they got us. Luckily we made backups to externals every 12 hours, so it wasn't that bad.

Makes me wonder if they've been after the NHS for a while though.
 
You must log in or register to reply here.

Similar threads

  • Locked
Doctors on a leading "transgender healthcare body" have admitted that patients have developed cancer + more
2
51
3K
Embearded replied
Eurogamer - Ubisoft Montreal studio hit with layoffs
6
724
Papa_Wisdom replied
These bugs come out at nighttime, and attacking victims, they silently kill or leave them with a lifelong infection
33
3K
Happosai replied
GTA 6 Leaker Hacked Rockstar With Just An Amazon Fire Stick In A Hotel Room
News
15
2K
OmegaSupreme replied
  • Locked
Is it time to Boycott X-box and Microsoft games studios?
2
75
4K
Desless1 replied
Top Bottom