-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Guardian: Hospitals across England hit by large-scale cyber attack
- Thread starter Stead Fast
- Start date
The NHS is the closest thing the UK has to a state religion (ignoring our actual state religion, which nobody gives a fuck about).
Whoever is responsible for this is going to be hung, drawn, and quartered (figuratively speaking).
i mean arguably its the government for not providing the funding for the NHS to keep its IT systems / security up to date.
I can't even.
No, it's not. If it was, the government would treat the NHS with respect and fund it properly. They don't do either.
Stead Fast
Banned
Trying my best to keep my nose out of political bias as of late - given the election, however the idea that the NHS is still treated as such, especially with the Tories' soaring popularity despite the continuous drain on funding, isn't likely as prevalent now than it once was, as much as I'd love for it to be the opposite. This may be used to further push for changes to how the NHS is ran, i.e. privately, before it comes a rallying cry to find those responsible.
Much of the network is ancient in terms of operating systems and browsers so it's undoubtedly easy to get this kind of malware onto the machines, I imagine it's been sat there a long time and today was just chosen as the activation date. It doesn't look like a targeted attack just a factor of the amount of this shit that's out there, the old systems and massive staff numbers.
It's only a bigger story than Santander or any other hack because the NHS has to advise that other computers shut down to protect them and in that time everything from GP practices to A&E departments will close and there's a pretty big risk of people dying.
It's only a bigger story than Santander or any other hack because the NHS has to advise that other computers shut down to protect them and in that time everything from GP practices to A&E departments will close and there's a pretty big risk of people dying.
LFMartins86
Member
The biggest telecommunications company in Portugal, PT, is also affected.
This is one of the biggest worldwide attacks ever.
This is one of the biggest worldwide attacks ever.
SlickShoes
Member
I work in a University and the amount of "intelligent" people here that forward their obvious viruses on to me to have a look over is pretty depressing, most of them have already opened the attachment despite not having a Zimbabwe bank account or having ever bought an Apple product.
LFMartins86
Member
This is definitely an attack. The amount of big targets being affected by this today is no coincidence.
We'll see by how many individuals are hit too. The reason I think this may be a spray and pray is that they're only asking for $300. They could have gotten a lot more from these companies if it was targetted.
TuckingFypo
Member
it could just have been set to go active at a set date & time. could still be a spray and prey.
Linkstrikesback
Member
Entirely spitballing, but It's probably both? Some employee who doesn't follow protocol will have gotten the virus on to the infected network like a dumbass, and then the program they downloaded by accident only ran the troublesome code (i.e. the attack) recently, so that they could get a number of big targets in a short timeframe.
Jezbollah
Member
Such a large and successful coordinated attach is likely the result of a recent vulnerability that has yet to have enough systems patched for. MS haven't been too good this year when it comes to security releases - and the fact they've recently bundled non-urgent security updates in with security updates (meaning you get forced security rollups as part of Patch Tuesday releases) means a lot of companies have had to change up their update procedures.
If this is the case, it comes down to procedures rather than investment of these environments. Infrastructure teams have got caught with their pants down not being dynamic enough to react to a change in updates. The fact you have international banks bundled in with public sector makes me think this.
If this is the case, it comes down to procedures rather than investment of these environments. Infrastructure teams have got caught with their pants down not being dynamic enough to react to a change in updates. The fact you have international banks bundled in with public sector makes me think this.
That is almost certainly the case given the disparate targets hit in the same way today.
This is the thing, how is the NHS not doing at least hourly backups via something like AppAssure?
We've had clients go down to ransomware and had them back up within a few hours with no issues because of good backups.
It's also going to be one user in the NHS who infected everyone with the virus as well due to opening an attachment they shouldn't have or clicking a bad link. People need to be seriously taught not to do this. Some people are very stupid when it comes to this sort of thing.
MonorailCat
Member
300$ dollar would be stupid amount in targeted attack.
Especially by how large some of the targets are.
Yeah. I assume they have secure off-site backups, but if they don't, then holy Jesus Christ because that data is worth millions.
Without knowing how this is being distributed yet and the fact it may have been there dormant for a while means that even if they are doing that (no idea) they can't just restore a backup straight away. They need to get some basic questions answered first.
Linkstrikesback
Member
Pretty sure it's $300 per computer.
Bad time to remind everyone that these are the same dumb dumbs who lost half a million pieces of data earlier over the past few years?
https://www.theguardian.com/society...-up-huge-data-loss-that-put-thousands-at-risk
I couldn't believe they don't have backups.That would be the mother of all fuckups.
Of course i don't know how the NHS network is structured but i guess since it's a attack on a public target GCHQ and others might would want to have a look at the network and make sure it's 'only' ransomware.
Yep, if this really is some encrypto/ransomware - then a lot of the creators of this malware (the ones who can actually undo the encryption) are long gone and the files are usually lost.
Bigger question is how it got through. This kinda shit rarely get on to a system without someone letting it. I.e. Email attachments/dodgy downloads.
The NHS systems are all incredibly secure and they have ridiculously strict data governance rules, what's not secure is the individual machines dotted around every hospital & GP surgery, these aren't maintained centrally, each region is responsible for it's own IT provision and a lot are very old. Pretty sure this kind of hack wont have any access to any sensitive data but it does stop you using your computer, and the NHS response will be (is) to unplug all the computers and disconnect their network connections until they can be sure it's contained.
Yankee Ruin X
Member
My missus works for the NHS and her systems are down and she has been sent home now.
Daffy Duck
Member
Theresa May to claim this was Russia interferring with the election in 10...9...8...
Bony Manifesto
Member
That makes it even more unlikely that it's specifically targeting big organisations, as nothing of value will be stored on these client computers.
The whole concept of ransomware that charges you to get your data back doesn't actually work at all outside of individuals. If criminals wanted to extort money from the NHS, they'd threaten to release patient records unless they paid up.
Hope this gets resolved soon.
A bit awkward for GCHQ given what they tweeted a hour ago:
https://twitter.com/GCHQ/status/863039131399663618
A bit awkward for GCHQ given what they tweeted a hour ago:
https://twitter.com/GCHQ/status/863039131399663618
Jezbollah
Member
Indeed. Almost all data is stored on server or cloud. And the security controls, if they have been configured correctly should stop any corruption there.
It's likely that the malware propagation has occurred between workstations alone. Other mass malware events (such as Conficker) utilised such a method.
Not really their job.
Linkstrikesback
Member
You assume the average doctor isn't an incompetent twit when it comes to computer safety, and follows proper data storage procedures.
I wish I had that optimism.
They will have backups. But restoring tens of thousands of mission critical machines with varying profiles in a day is non-trivial even if you have backups, especially if you haven't forensically discovered the source of the infection yet.
Jezbollah
Member
It seems that this is the WannaCry Ransomware
Some information it is here:
http://bestsecuritysearch.com/detai...removal-guide-complete-recovery-instructions/
Some information it is here:
http://bestsecuritysearch.com/detai...removal-guide-complete-recovery-instructions/
I don't know how much has changed in the last half-year or so, but a lot of NHS computers are still running XP:
The Inquirer - Dec '16
Motherboard - Sep '16
(There are a bunch more reports just like these from other sources too, i just picked a couple of the top search results.)
The Inquirer - Dec '16
Motherboard - Sep '16
(There are a bunch more reports just like these from other sources too, i just picked a couple of the top search results.)
As someone working on a IT helpdesk we really need mandatory IT security classes.
Some people are way too clueless about malware and how to get infected. It really is mindblowing sometimes.
Bony Manifesto
Member
Well, if the system they have in place now allows doctors to store critical patient information locally, then we've got bigger problems! Never mind a virus, what happens if the hard drive fails?
Jezbollah
Member
The thing is, if you're running an effective application control solution, you can run legacy OSs or older operating systems securely without any issues (those solutions only allow certain applications with trusted file hashes to execute).
There are hundreds of organisations in both public and private sector that run legacy OS' going back to the NT4 and Windows 2000 days.
Screenshot from earlier was a Windows Vista or 7 machine, so it was more updated than that.
Linkstrikesback
Member
Ransomware is super nasty shit. It's even more disgusting that this is happening to hospitals.
Not too surprised in retrospect, though. I imagine that medical facilities tend to be less up to date in terms of cybersecurity, since their staff have much more pressing things to worry about and are usually tight on resources to begin with.
Not too surprised in retrospect, though. I imagine that medical facilities tend to be less up to date in terms of cybersecurity, since their staff have much more pressing things to worry about and are usually tight on resources to begin with.
And the police:
The Register - Aug '16
The Inquirer - Dec '16
Though they do seem to be making some effort to upgrade.
To Windows 8.1
Godspeed. <oI'm a system admin for one of those companies....
Honey Bunny
Member
Heartless bastards
Yeah, if. How long is it reasonable to do so and ensure it's followed nationwide compared to updating? I'd imagine it's a hell of a thing to manage either way between the various NHS trusts and local authorities.
Similar threads
- Locked