Support NeoGAF

[kmag]

Switch off SMB1 guys if you have it enabled.

Really straightforward. Even patched you shouldn't be using it unless you have old xp/2003 systems which you need to talk to (and you shouldn't have those)

Server 2012 R2 and Server 2016
Server Manager: Disable SMB 1.0/CIFS File Sharing Support (Feature)
PowerShell: Remove-WindowsFeature FS-DMB1

Windows Client (8.1 and 10)
Remove the Windows Feature SMB 1.0/CIFS File Sharing Support
PowerShell: Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Windows Vista/7/2008/2008 R2
You can use the registry and set this value to 0: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMBv1 (1 is enabled)

 

[PanSexual_Peacock]

I think Chicago Med had an episode about something like this a couple weeks back. Really shitty thing to do.

 

[Kareha]

I work in the office next door to the people who do tech support for 2 NHS Trusts, they're quite busy at the moment. Just hope the group we do tech support for (can't say ) don't get hit now cos it's nearly home time.

 

[H3xum]

That's horrible, man

In most scenarios you just blow the machine away because of the cost of time but with medical records....

There are about to be some really wealthy jerks

 

[jstripes]

Switch off SMB1 guys if you have it enabled.

Really straightforward. Even patched you shouldn't be using it unless you have old xp/2003 systems which you need to talk to (and you shouldn't have those)

We still have a couple of 2003 VMs and a few XP machines scattered about.

I know what I'm doing next week.

 

[Camoxide]

I've seen plenty of Windows XP machines in hospital.

Will they finally switch over?


Then realise there's only 2.5 years left of Windows 7 support.

 

[Jezbollah]

Switch off SMB1 guys if you have it enabled.

Really straightforward. Even patched you shouldn't be using it unless you have old xp/2003 systems which you need to talk to (and you shouldn't have those)

Oh you can. You just need to run software whitelisting to make it secure.

 

[sammex]

Damn this is unbelievable. I've been expecting a report today from some nurses who we work with, who have been compiling data and patient results from a 12 week pilot study we've been running, and I was wondering why it hadn't arrived until I switched on the news...

 

[Coxy100]

Got to be one fucked up cunt to ransom attack hospitals

This.

 

[Acorn]

I don't think the hospitals were specifically targeted. Whoever did it likely just sprayed and prayed. The ransom of $300 is hilariously low for big companies or government agencies.

 

[Hasney]

I don't think the hospitals were specifically targeted. Whoever did it likely just sprayed and prayed. The ransom of $300 is hilariously low for big companies or government agencies.

They weren't. There's another thread up saying there's been a stupid number of these popping up today.

 

[kmag]

Oh you can. You just need to run software whitelisting to make it secure.

I'd always prefer to completely remove the vector if possible, and unless there's a defined operational need to maintain SMB1 then I wouldn't bother with whitelisting, but if you've absolutely positively got to maintain SMB1 access then whitelisting apps on the server is the way to go.

 

[hydragonwarrior]

This really looks like standard malware (i.e. ransom, do such and such). The way it was spread is likely through their internal network.

Which means they have some piss poor IT guys, which is likely since IT guys in hospital networks are generally payed nil or understaffed.

 

[Acorn]

They weren't. There's another thread up saying there's been a stupid number of these popping up today.

Yeah just saw that there. Crazy stuff.

 

[Hasney]

This really looks like standard malware (i.e. ransom, do such and such). The way it was spread is likely through their internal network.

Which means they have some piss poor IT guys, which is likely since IT guys in hospital networks are generally payed nil or understaffed.

Its not just piss poor ones affected right now, assuming the corporate norm is classed as average. The Windows update to block this was released 2 months ago and it's spreading via SMB1 throughout the networks, which is on by default in Windows. So many companies have been caught out today.

 

[Ravensmash]

Is there a stupidly simple explanation of how this spreads - I'd presume email link, someone opens and then it would subsequently effect all computers on said network?

 

[Linkstrikesback]

Is there a stupidly simple explanation of how this spreads - I'd presume email link, someone opens and then it would subsequently effect all computers on said network?

Nothing has been concretely said yet, but yes, that's the most likely case as far as I can see.(warning absolutely not an expert).

 

[Kthulhu]

Is there a stupidly simple explanation of how this spreads - I'd presume email link, someone opens and then it would subsequently effect all computers on said network?

Ransomware automatically spreads to all computers a computer has access to.

 

[Jumeira]

Breaks my heart that people would go after hospitals and doctors, causing mass chaos and severe​ distress to people in need.

This is the lowest I've seen a group go in terms of cyber crime. Fucking depressed at the thought of this.


Edit, so people speculate it's simple malware that spread internally? Ok, so someone was watching porn or downloading torrents, that's just as infuriating.

 

[JonnyDBrit]

Well, regarding hospitals and updates, as I understand it many have been wary with shifting to Windows 10, or otherwise committing to updates even if they do use Windows 10, because there's concern over how it might screw up compatibility with existing software. So rather than risk screwing up medical records or have something mess up in an operation, they keep the OS as consistent as possible... meaning the exploits are kept consistent too.

 

[GoldenEye 007]

If this is caused by or supported indirectly by any country government, it should be considered an act of war.

And if individuals or other groups, they should spend the rest of their lives in jail or on death row.

I really hope authorities can track down those responsible then go after them without delay and with full force.

 

[Ravensmash]

Nothing has been concretely said yet, but yes, that's the most likely case as far as I can see.(warning absolutely not an expert).

Ransomware automatically spreads to all computers a computer has access to.

Thanks - that's scary.

If this is caused by or supported indirectly by any country government, it should be considered an act of war.

And if individuals or other groups, they should spend the rest of their lives in jail or on death row.

I really hope authorities can track down those responsible then go after them without delay and with full force.

Yep. It sounds like this is more criminal in origin but I'd seriously hope that the intelligence services track these people down.

 

[Kthulhu]

Breaks my heart that people would go after hospitals and doctors, causing mass chaos and severe​ distress to people in need.

This is the lowest I've seen a group go in terms of cyber crime. Fucking depressed at the thought of this.


Edit, so people speculate it's simple malware that spread internally? Ok, so someone was watching porn or downloading torrents, that's just as infuriating.

Its unlikely to have come from torrents or porn. It probably wasn't targeted either. Ransomware is mostly automatic.

 

[Kthulhu]

If this is caused by or supported indirectly by any country government, it should be considered an act of war.

And if individuals or other groups, they should spend the rest of their lives in jail or on death row.

I really hope authorities can track down those responsible then go after them without delay and with full force.

I can almost guarantee it's a black hat hacker or hacker group. I can almost equally guarantee they will never be caught.

 

[NoblesseOblige]

The hospitals I work for have locked down machines at nurses stations which don't have Internet connections. They're used in the event of an outage so that patient information can be recorded and then input later following the outage. I had assumed it was standard security protocol in healthcare. Contingencies really should be in place so that hospitals can continue to provide patient care.

 

[Joe]

You think there's any credibility to the idea that attackers waited for a "perfect" moment and with the FBI in disarray they decided that today would be a good day?

 

[Kthulhu]

You think there's any credibility to the idea that attackers waited for a "perfect" moment and with the FBI in disarray they decided that today would be a good day?

Probably not.

 

[low-G]

You think there's any credibility to the idea that attackers waited for a "perfect" moment and with the FBI in disarray they decided that today would be a good day?

Nope, I'm surprised this didn't happen earlier because all of those computers were completely vulnerable and literally everyone knew how to attack them for weeks.

It was just out of script kiddie reach difficulty...

 

[Zantetsuken]

Damn ransomware. It can be so scary, especially when sensitive information is on the line.

 

[travisbickle]

How long before this is used to push privatization?

I'm pretty sure the IT systems for the NHS were put out to private tender years ago. But don't worry I'm sure the insurance claims made by people affected will be taken from the public purse.

 

[ReduxMachine]

Yet another reason why the NHS will probably be privatised in the future, yet it wouldn't be so bad for mismanagement at the top and underfunding of the NHS by the government. My colleague who used to support NHS direct until recently said they were still using exchange 2003 and the backend is all in dire need of updating.