I have to admit, the (albeit unrealistic, but still) prospect of a CD with "Windows XP: Submarine Edition" printed on it is making me cackle.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Guardian: Hospitals across England hit by large-scale cyber attack
- Thread starter Stead Fast
- Start date
I have to admit, the (albeit unrealistic, but still) prospect of a CD with "Windows XP: Submarine Edition" printed on it is making me cackle.
Windows XP for NUKES and embedded workstations
Bruce Springsteen
Member
apologies for my repeat thread
this is terrifying, basically the worst case scenario of a cyber attack directly effecting peoples health
this is terrifying, basically the worst case scenario of a cyber attack directly effecting peoples health
johancruijff
Banned
a colleague told me that Telefonica too has been attacked by the same ransomware
jeeez
jeeez
"V. important, pls do not copy or leave on the bus."
SlickShoes
Member
I was on a course with someone from the NHS a couple of years ago and their domain controller was still on Windows NT. That must have been a horrific upgrade process assuming it actually happened and isn't still on NT.
BareKnuckle
Member
My GF works for the NHS and we are both on O2... should we flee the country/planet?
Jezbollah
Member
People are actually paying the ransom
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
I'm just a small time freelancer IT drone in Germany, but from my experience, IT security standards at any location employing medical staff are at best atrocious. So I kinda wouldn't bat an eye if this turned out to be your bog standard email attachment scam by your average cookie cutter ransomware and not a targeted attack.
I just hope nobody dies to this. Best of luck to all the patients and doctors. (Also, next time the IT department comes up with another one of those obnoxious security guidelines and restrictions, please think of this event. We aren't doing this to torture you. Well, most of us. Usually.)
I just hope nobody dies to this. Best of luck to all the patients and doctors. (Also, next time the IT department comes up with another one of those obnoxious security guidelines and restrictions, please think of this event. We aren't doing this to torture you. Well, most of us. Usually.)
Stead Fast
Banned
Agreed, besides the already awful situation of this happening to an international bank, or telecommunications company, the added danger of patients who may have been scheduled for aid or operation suffering makes it worse.
GifGafIsTheBestGaf
Member
how do you protect yourself from something like this? aside from good practices because it is hard to train people that barely knows how to use their fucking pcs, does antiviruses work?
Jezbollah
Member
Just heard that the variant of the attack we're seeing here is exploiting a vulnerability that was patched by Microsoft in march.
Ineffective Patch Update process on the infrastructure, ladies and gents.
Stead Fast
Banned
I'm not at all surprised, given the amount of sites and companies effected, at least one person responsible for one computer is going to pay to make it go away.
Being up to date with the systems and restricting file usage through exchange helps, also reminding people of security. aaand backups 24/7 like we do, but otherwise? nothing. close everything up
Let me tell you something, I don't know about the UK but having worked in Cybersecurity for a hospital system the U.S. I can tell you, one of the problems is doctors. Whenever we had a project to secure up the network, they would rattle on how inconvenienced they were, throwing hissy fits, threaten to quit, etc. When we blocked Google Drive, WWIII started.
"This submarine is not running genuine Windows"
GifGafIsTheBestGaf
Member
damn.
Dreams-Visions
Member
This stuff has been happening for a long time now. These are from about this time last year:
http://msinc.com/security/crypto-ransomware-health-care-protecting-your-health-care-entity/
http://msinc.com/press-release/lapt...s-and-mitigation-in-the-health-care-industry/
http://blog.talosintelligence.com/2016/03/samsam-ransomware.html
https://www.us-cert.gov/ncas/alerts/TA14-295A
It's why HIPAA regulators are more aggressively stepping up enforcement here in the United States and why medical companies and hospitals are being trained more consistently in basic security protocols and how to handle patient information. It's not a fucking game, and hospitals have been a big target lately due to lax security procedures and oversights being made by staff.
If you're in healthcare IT and you're not doing everything you can to develop good procedures and safety protocols for your medical staff when it comes to computer hardware that stores or accesses patient information files (phones, hard drives, computers, flash drives, etc), you're a disaster, a government fine and a lawsuit waiting to happen.
No, shira. It's Vista.
http://msinc.com/security/crypto-ransomware-health-care-protecting-your-health-care-entity/
http://msinc.com/press-release/lapt...s-and-mitigation-in-the-health-care-industry/
http://blog.talosintelligence.com/2016/03/samsam-ransomware.html
https://www.us-cert.gov/ncas/alerts/TA14-295A
It's why HIPAA regulators are more aggressively stepping up enforcement here in the United States and why medical companies and hospitals are being trained more consistently in basic security protocols and how to handle patient information. It's not a fucking game, and hospitals have been a big target lately due to lax security procedures and oversights being made by staff.
If you're in healthcare IT and you're not doing everything you can to develop good procedures and safety protocols for your medical staff when it comes to computer hardware that stores or accesses patient information files (phones, hard drives, computers, flash drives, etc), you're a disaster, a government fine and a lawsuit waiting to happen.
No, shira. It's Vista.
shira
Member
A photo of the message posted onto Twitter.
It seems a lot more medical sites further north are effected, with GPs unable to access any patient records.
Is that windows XP?
The circular start button makes it either Windows 7 or Server 2008.
Linkstrikesback
Member
The taskbar suggests it's​ 7 or later, at least
From Twitter: Confirmed - wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.
This was from that NSA tool dump. Looks like updated systems on Vista SP2 or later should be fine. Windows 10 was never vulnerable.
No, that's 7 or equivilent.
This was from that NSA tool dump. Looks like updated systems on Vista SP2 or later should be fine. Windows 10 was never vulnerable.
No, that's 7 or equivilent.
My friend is a nurse and all their systems are shutdown as a precaution, I guess.
shira
Member
ayyyy ok thanks. I'm like if you are running xp no wonder you got hacked
I work for a medical software company that recently had some sites hit with ransomware. I don't know how it is in England, but the law here basically forces our hand to pay up because private heath data is involved. Ended up paying ~$30k and they were very helpful in decrypting everything.
Apparently they want these to go as smooth as possible since word will get out and when others are affected, they won't fight and just pay up.
Apparently they want these to go as smooth as possible since word will get out and when others are affected, they won't fight and just pay up.
Considering private companies like Telefonica, KPMG and Santander are affected too, you'd probably look pretty stupid.
So I'm guessing within the next hour.
Stead Fast
Banned
I'm sure we'd only have to glance around on twitter for five minutes before you'd find people calling out for it.
Jezbollah
Member
This is no political issue, it comes down to bad IT security practice.
It could have been prevented (and has been prevented by many other NHS organisations) by proper testing and update deployment.
THE:MILKMAN
Member
Honestly it sounds like the wrong thing to do in paying up to these criminals. I'm pretty confident the NHS/Government won't pay a penny to these scum.
Oh, I assumed he was talking about someone who matters.
You're probably still right.
Yup, the patch to stop this has been available for over 2 months on Vista SP2 and above.
Bitmap Frogs
Mr. Community
I hope we are ok - where I work everything runs on the server and is served through citrix...
THE:MILKMAN
Member
From the BBC and according to Spain's NCC systems affected:
Microsoft Windows Vista SP2
Windows Server 2008 SP2 and R2 SP1
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2012 and R2
Windows 10
Windows Server 2016
Microsoft Windows Vista SP2
Windows Server 2008 SP2 and R2 SP1
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2012 and R2
Windows 10
Windows Server 2016
But it is already patched from what security people on Twitter were saying. 2 months ago.
Dreams-Visions
Member
Money is money.
And again, health care is one of the easiest targets of any industry in the world.
https://oag.ca.gov/breachreport2016
We don't know if it was targeted or not. They're still pieces of shit, but they may not have decided to directly go after hospitals.
THE:MILKMAN
Member
Maybe it isn't just that vulnerability if Windows 10 is affected?
Jezbollah
Member
This is the thing though - 99% of the time the people who look after these PCs will just say "fuck it, we'll wipe the device and re-image it". You will always have the 1% who have stored their data on it, and cannot afford to lose that data. It's for that reason you always have attacks like this.
Audioboxer
Member
More like to buy Overwatch loot boxes. The thirst for cosmetic items.
Just caught this news on the BBC after making dinner. Mental.
Dunno, people who are respected in the field are saying what it is, even saying that blocking certain ports to stop it from getting on the system. No-ones out there saying it's using some 0-day or unpatched security and I know some of these guys would love to bash MS if they could.
Not sure what the initial entry point is for the attacks, but as it affects SMB shares, once it's on one system, it just spreads through it.
Didn't realise this had made national news, I work in one of the affected NHS Trusts. There were rumours spreading around lunchtime of PC's being affected by some kind of virus on another hospital site a few miles away, about half an hour later it started locking all the PC's in our offices one by one. I've spent most of the afternoon running around to the different wards and outpatient departments on our site to get them to shut everything down before it spread.
I've no doubt this has come about from someone opening something they shouldn't have, we get chain emails making their way around the Trust a few times a week minimum, awareness of IT security seems to be lacking in the NHS to say the least.
I've no doubt this has come about from someone opening something they shouldn't have, we get chain emails making their way around the Trust a few times a week minimum, awareness of IT security seems to be lacking in the NHS to say the least.
Jesus.. For those reading this outside the UK, the Trusts are like responsible for regions the hospitals operate in, so we're probably talking multiple hospitals within those trusts.
Similar threads
- Locked