Page 2 of 3 FirstFirst 123 LastLast
Results 17 to 32 of 47

Thread: Ransomware Wanna Decryptor causing IT failures across NHS

  1. #17
    Senior Member kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    28,455
    Thanks
    1,369
    Thanked
    2,781 times in 2,261 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte X58A UD3R rev 2
      • CPU:
      • Intel i7 950
      • Memory:
      • 12gb DDR3 2000
      • Graphics card(s):
      • AMD HD7870
      • PSU:
      • XFX Pro 650W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 7 Pro x64
      • Monitor(s):
      • Dell U2311H
      • Internet:
      • O2 8mbps

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by Corky34 View Post
    And it's not really the moron end users fault that they have outdated system, didn't this only work because many NHS trusts are still running XP?
    No, it has affected all versions of Windows - if you didn't patch in the last two months then you're vulnerable. It's just that there's no patch for XP.

    Also, it's a worm, so no need for user error.

    The dilemma for the NHS is they have hugely complicated inter-connected systems, presumably on very custom software. Upgrading OS, or even sometimes just running the latest update, is fraught with danger. Catch 22 is so is not upgrading.

    This wasn't targetted at NHS either. It's spread worldwide with speed of transmission related to how many computers were active - it looks like Russia/Asia were affected early, along with Europe. Then it hit UK, proliferated in NHS due to size. It also hit the US, but a lucky UK chap found the kill switch before it spread too far that way so vastly limited the damage.

  2. Received thanks from:

    Pleiades (13-05-2017)

  3. #18
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,101
    Thanks
    2,181
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by Corky34 View Post
    Yea i heard something about that, IDK if it was released before or after event but either way the cause of this is more complicated than moron end user, bad IT, evil Microsoft, or any other single point of failure, it's a series of failures.

    Having said that I'd personally attribute it mostly to a lack of money, throwing money at problems while perhaps not very cost effective tends to get them solved.
    Yes I'd agree with that, broadly. More perhaps a case of a lack of a coherent IT strategy - and one not just confined to the NHS. The attitude seems to be that while it is working, leave it alone, why spend money on it. And then when it goes wrong, it fails spectacularly.

    Interesting thought on the biological analogy of a virus. In the biological world, virus's exploit species and so biodiversity acts as a slowing down mechanism (in very simplistic terms).

    In corporate IT, where Microsoft products are prevalent, one malicious virus can infect large numbers of the system where 'immunity' doesn't exist.

    I wonder how mixed operating systems would fare, a mix of Microsoft, *nix and Apple (which are *nix based anyway) across an organisation? One subset might be affected, but the likelihood of all would be lessened.

    The downside would be the support and training, but for mission critical systems, that might be a price worth paying.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  4. Received thanks from:

    Pleiades (13-05-2017),Saracen (15-05-2017)

  5. #19
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,101
    Thanks
    2,181
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by kalniel View Post
    No, it has affected all versions of Windows - if you didn't patch in the last two months then you're vulnerable. It's just that there's no patch for XP.

    Also, it's a worm, so no need for user error.

    The dilemma for the NHS is they have hugely complicated inter-connected systems, presumably on very custom software. Upgrading OS, or even sometimes just running the latest update, is fraught with danger. Catch 22 is so is not upgrading.

    This wasn't targetted at NHS either. It's spread worldwide with speed of transmission related to how many computers were active - it looks like Russia/Asia were affected early, along with Europe. Then it hit UK, proliferated in NHS due to size. It also hit the US, but a lucky UK chap found the kill switch before it spread too far that way so vastly limited the damage.
    Well intenioned but ignorant users can be dangerous too. I remember a case where an organisation had two networks, one isolated from the net and moderately well locked down, and another computer that was used only for internet access. All was well until the machine connected to the network failed. 'Fortunaly' the internet connect machine was the same make and OS, so the user 'helpfully' swapped them over.

    You can guess the rest, the internet machine was infected but could do little damage - until it was connected to the closed system where it went rampant.

    This was some years ago so I would hope lessons were learned.....
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  6. #20
    Senior Member
    Join Date
    Dec 2013
    Posts
    1,748
    Thanks
    146
    Thanked
    156 times in 114 posts

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by kalniel View Post
    No, it has affected all versions of Windows - if you didn't patch in the last two months then you're vulnerable. It's just that there's no patch for XP.

    Also, it's a worm, so no need for user error.

    The dilemma for the NHS is they have hugely complicated inter-connected systems, presumably on very custom software. Upgrading OS, or even sometimes just running the latest update, is fraught with danger. Catch 22 is so is not upgrading.

    This wasn't targetted at NHS either. It's spread worldwide with speed of transmission related to how many computers were active - it looks like Russia/Asia were affected early, along with Europe. Then it hit UK, proliferated in NHS due to size. It also hit the US, but a lucky UK chap found the kill switch before it spread too far that way so vastly limited the damage.
    Sorry i should have been clearer, it only worked to the extent it has because many NHS trusts are still running XP that didn't receive any patches for MS17-010 in March.

    Also every worm needs user error to get started.

    Yes patches need testing and it's complicated however that's not helped by Microsoft changing to a monolithic patching system.

    Lastly as this vulnerability originated, or so it seems, from the leak of NSA exploits a few months ago ultimately their to blame as they didn't practice responsible disclosure, something that's probably against their own best practice guidelines.

  7. Received thanks from:

    Pleiades (13-05-2017)

  8. #21
    Senior Member
    Join Date
    Jul 2009
    Location
    West Sussex
    Posts
    935
    Thanks
    50
    Thanked
    114 times in 108 posts
    • kompukare's system
      • Motherboard:
      • Asus P8Z77-V LX
      • CPU:
      • Intel i5-3570K
      • Memory:
      • 2 x 8GB Crucial Ballistix Elite PC3-14900
      • Storage:
      • Crucial MX200 | Sandisk Extreme 120GB SSD | WDC 1TB Green | Samsung 1Tb Spinpoint
      • Graphics card(s):
      • Sapphire R9 290 VaporX 7950
      • PSU:
      • Antec 650 Gold TruePower (Seasonic) or Seasonic SII-330
      • Case:
      • Aerocool DS 200 (silenced, 53.6 litres)l)
      • Operating System:
      • Windows 10-64
      • Monitor(s):
      • 2 x Dell P2414H

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by Corky34 View Post
    Lastly as this vulnerability originated, or so it seems, from the leak of NSA exploits a few months ago ultimately their to blame as they didn't practice responsible disclosure, something that's probably against their own best practice guidelines.
    That was Snowden's response:
    "If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened"

    But then as this and the large hole in Intel AMT and vPro show, disclosing holes, backdoors, and flaws is not in their interest. When the Snowden stuff came out I though him mentioning backdoors over wireless was surely a joke or only where they could compromise a target's hardware and add some wireless hardware but now I am no longer so sure. Certainly, it seems Intel are either idiots or some of their stuff is being done at the behest of three-letter agencies. The only mystery would be, where would they sneak in an aerial without it being noticed. Maybe a certain track length between the CPU and the chipset but then how would it pass FCC emission unless it is off (but catch 22 how can you remotely turn it on then?). I guess it is still very unlikely but just no longer in the category of 'impossible tin-foil hat stuff'.

  9. Received thanks from:

    Pleiades (13-05-2017)

  10. #22
    Senior Member
    Join Date
    Dec 2013
    Posts
    1,748
    Thanks
    146
    Thanked
    156 times in 114 posts

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    For anyone concerned Microsoft have released an emergency patch today for all versions of Windows from XP onwards.

  11. #23
    Senior Member
    Join Date
    Dec 2003
    Location
    Wilmslow
    Posts
    481
    Thanks
    178
    Thanked
    79 times in 58 posts
    • mtyson's system
      • Motherboard:
      • Gigabyte GA-B85M-HD3
      • CPU:
      • Intel Core i7 4790T
      • Memory:
      • 8GB
      • Storage:
      • Sandisk 128GB SSD + Seagate 750GB HDD
      • Graphics card(s):
      • Gigabyte Windforce GTX 660OC
      • PSU:
      • Corsair 400W
      • Case:
      • Zalman Z9 Plus
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Acer IPS 24-inch 1080p
      • Internet:
      • 50MB Virgin fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    A Microsoft TechNet blog post is available providing guidance to those affected.
    Customer Guidance for WannaCrypt attacks

  12. #24
    mush-mushroom b0redom's Avatar
    Join Date
    Oct 2005
    Location
    Middlesex
    Posts
    3,117
    Thanks
    130
    Thanked
    298 times in 227 posts
    • b0redom's system
      • Motherboard:
      • Some iMac thingy
      • CPU:
      • 3.4Ghz Quad Core i7
      • Memory:
      • 24GB
      • Storage:
      • 3TB Fusion Drive
      • Graphics card(s):
      • nViidia GTX 680MX
      • PSU:
      • Some iMac thingy
      • Case:
      • Late 2012 pointlessly thin iMac enclosure
      • Operating System:
      • OSX 10.8 / Win 7 Pro
      • Monitor(s):
      • Dell 2713H
      • Internet:
      • Be+

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by OilSheikh View Post
    DBAN all the PC's and servers
    Image them using SCCM
    Restore data from backup

    About a week's job, Could be done over the weekend with a lot of manpower.
    Well that's fine and all assuming that you don't have any compromised data. I worked recently at a place who until recently allowed remote access using BYOD until someone VPNd in using a laptop which had been compromised with ransomware. As soon as they connected to a network share it encrypted the lot. Fortunately they had a weekly backup strategy with daily incrementals so they only lost a day or so of work. Even if all of the NHS data is stored on a SAN, there must be systems which update it.

    Having worked fairly extensively in the public sector as well as the private sector, much of the reason not to move to modern OSs etc is due to risk avoidance and cover your ass by civil servants over technical reasons.

  13. #25
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Manchester
    Posts
    14,282
    Thanks
    1,126
    Thanked
    2,073 times in 1,721 posts
    • scaryjim's system
      • Motherboard:
      • HP Pavilion
      • CPU:
      • A10 4600M
      • Memory:
      • 2x 4GB DDR3-1600 SODIMM
      • Storage:
      • 1TB HDD
      • Graphics card(s):
      • Radeon HD7660G (IGP)
      • PSU:
      • Battery/HP 19v brick
      • Case:
      • HP Pavilion G6
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1366x768 laptop panel

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by kalniel View Post
    ... they have hugely complicated inter-connected systems, presumably on very custom software. ...
    The bigger issue for the NHS is that a lot of their IT managers made some dubious (but cheap) decisions in the early 2000s, contracting freelancers to build (but not support) custom systems for mission critical functions. Many of those systems used the rather dubious OS hooks in Win XP or IE6/7 that MS stripped out of later versions, so those trusts ended up, 5 - 10 years later, facing a choice of upgrade all their PCs and rewrite a lot of their critical systems from the ground up (expensive), or to leave everyone on XP and hope that everything would turn out OK (cheap). The less money they spend on IT the more money can get ploughed into patient care, so no surprise which option they took...

  14. #26
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,101
    Thanks
    2,181
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I would suspect that the digital criminal underworld are concerned at the moment.

    Last thing cyber criminals want is publicity, and the extent that this has spread, and the countries and systems affected means that there will be a lot of collaborative work by some very clever people, not only looking for a solution to the encryption, but shining a light into some dark places - and when you shine lights into dark places, it may reveal lots of interesting things.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  15. Received thanks from:

    Biscuit (14-05-2017),walibe (13-05-2017)

  16. #27
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    This is true to an extent. In my experience and from speaking to others in this world and in the 'dark side' of the web these are very organised criminals which operate like businesses in a pyramid scheme.

    They will have people who compete and carry out the phishing activities and work on the basis of if we get paid $300 to remove the ransomeware you get $50 of it. They even hold daily, weekly and monthly competitions where the top performers are awarded iPads and in one cases they gave away a brand spanking new Lexus. I'm not even kidding.

    They also have some of the best customer care that the likes of even Apple can only dream of. Say you are the victim and decide to pay the fee, they even provide phone support and in some cases help you patch yourself because you are now their customer.

    It's crazy. These gangs do go down frequently and are almost always multi national. This one has become too successful for its own good in a very short space of time and will now be very much in the spotlight like peterb says.

    I could write a couple of articles about this in the new few weeks if anyone wants to know more and recommend further reading etc.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

  17. Received thanks from:

    Biscuit (14-05-2017),peterb (13-05-2017),Xlucine (13-05-2017)

  18. #28
    Senior Member
    Join Date
    May 2014
    Posts
    913
    Thanks
    144
    Thanked
    52 times in 48 posts
    • Xlucine's system
      • Motherboard:
      • Gigabyte Z97MX Gaming 5
      • CPU:
      • i5 4690K @stock, until I upgrade my graphics
      • Memory:
      • 16GB @2133 11-11-11-27
      • Storage:
      • Crucial MX500 512GB, 2TB storage
      • Graphics card(s):
      • EVGA 980ti
      • PSU:
      • Seasonic S12G-550
      • Case:
      • Silverstone TJ08-E

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    A couple of years ago the NHS agreed a deal with microsoft to extend support for windows XP for a year, so they had time to finish switching from XP to more modern systems
    https://www.theguardian.com/technolo...-public-sector
    The extended support deal comes with a requirement that PCs be migrated from Windows XP, Office 2003 or Exchange 2003 within a year. The government expects the majority of machines to be upgraded from Windows XP by April 2015.
    If systems were still on XP and not airgapped, that's gross incompetence.

    Quote Originally Posted by peterb View Post
    I would suspect that the digital criminal underworld are concerned at the moment.

    Last thing cyber criminals want is publicity, and the extent that this has spread, and the countries and systems affected means that there will be a lot of collaborative work by some very clever people, not only looking for a solution to the encryption, but shining a light into some dark places - and when you shine lights into dark places, it may reveal lots of interesting things.
    I'd give it a couple of months before we get research identifying a statistically significant uptick in mortality during the outage

  19. Received thanks from:

    walibe (13-05-2017)

  20. #29
    Yay a custom user title! =assassin='s Avatar
    Join Date
    Jan 2007
    Posts
    749
    Thanks
    66
    Thanked
    48 times in 32 posts

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I'm at Blackpool Victoria Hospital, and we have Windows 7 on every machine, not XP.

  21. #30
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by =assassin= View Post
    I'm at Blackpool Victoria Hospital, and we have Windows 7 on every machine, not XP.
    But as you all operate as different trusts, not every trust has upgraded their I.T systems yet. Plus if Windows 7 talks SMB v1 which by default it won't, but if it's set to in group policy or was installed as an upgrade (in which case it automatically enables SMBv1) you can still be vulnerable and will continue to be so. The key thing here is that everyone should be on version 3 and at least 2 with SMB v1 completely disabled.

    Plus I'd put money on a vast amounts of your medical equipment still being XP embedded. Even the cash machines mostly run XP embedded still.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

  22. #31
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,101
    Thanks
    2,181
    Thanked
    2,756 times in 2,207 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Very interesting read here about how the infection was halted

    https://www.forbes.com/sites/thomasb.../#63eadc5274fc
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  23. Received thanks from:

    walibe (13-05-2017)

  24. #32
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Oops
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •