Page 3 of 3 FirstFirst 123
Results 33 to 47 of 47

Thread: Ransomware Wanna Decryptor causing IT failures across NHS

  1. #33
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Interesting to see it's made relatively little money. Targeting large organisations does not seem to bear fruit - likely because of backups and other mitigating factors. Home users not so much.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

  2. #34
    Member
    Join Date
    Jan 2016
    Location
    Huntingdon
    Posts
    145
    Thanks
    1
    Thanked
    1 time in 1 post
    • Rubarb's system
      • Motherboard:
      • MSI H81m-E33
      • CPU:
      • G3258
      • Memory:
      • 8GB hyper x beast
      • Storage:
      • 120ssd, 2gb hdd
      • Graphics card(s):
      • msi gtx960 4gb
      • PSU:
      • seasonic 450w
      • Case:
      • Thermaltake mozrt tx
      • Operating System:
      • windows 10
      • Monitor(s):
      • samsung 24'
      • Internet:
      • 100mb

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I had to laugh at this,
    I'm sure we've all had this kind of thing in the past, ...format/ 1 min turn off (incase it has a monkey virus that copys to ram) and re-install cures it and it's not network bound or depenat because not all NHS computers where infected.
    Simply scaremongering from people that have no clue.

    The NHS has been ripped off for years by Dell and also HP, I had a friend that worked for Dell and he loved selling to companys or orgs like that simply becasue he could jack up the price hugly with no questions asked, the Idiots hold the cheque book.

  3. #35
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    16,354
    Thanks
    2,009
    Thanked
    2,602 times in 2,082 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by walibe View Post
    Interesting to see it's made relatively little money. Targeting large organisations does not seem to bear fruit - likely because of backups and other mitigating factors. Home users not so much.
    I was just thinking that there hasn't been any mention of home users being affected, either because it isn't newsworthy compared with the corporate systems, or few home users have been affected.
    (\__/)
    (='.'=)
    (")_(")

    My broadband speed - 750 Meganibbles/minute

  4. #36
    chj
    chj is offline
    Registered+
    Join Date
    Sep 2014
    Posts
    66
    Thanks
    0
    Thanked
    2 times in 2 posts

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Not looking forward to seeing what kind of mess it'll be in tomorrow.
    Last edited by chj; 14-05-2017 at 11:14 PM.

  5. #37
    Registered+
    Join Date
    Jan 2014
    Location
    Bristol
    Posts
    60
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by 3dcandy View Post
    I'm sorry but I did have to lol a little bit. I've heard how bad the IT departments are and this kinda confirms it
    I've heard the goverment have invested loads of money in Britains space program. Just because you've heard something doesn't make it true! Try backing up your sweeping generic statements with facts. As someone who spent the whole weekend dealing with this, it wasn't down to the IT departments. All of our servers and pcs were patched, the weak point was 3rd party servers and pc's that are left on for remote access and not rebooted so didn't take the patch. As ever it was user error that caused the problem and we are now having to try and recover from that. Hope you don't need a dr's appoinment this week and all your records are being held on a 3rd party server, bet you won't find it so funny then.

  6. #38
    Theoretical Element Spud1's Avatar
    Join Date
    Jul 2003
    Location
    North West
    Posts
    6,569
    Thanks
    207
    Thanked
    197 times in 152 posts
    • Spud1's system
      • Motherboard:
      • Mac Pro
      • CPU:
      • 2x 2.8ghz Quad Core Xeons (octo-core)
      • Memory:
      • 4gb DDR2 FB-Dimm
      • Storage:
      • 1x1TB, 1x320gb, 2x500gb, 1x250gb, 120GB SSD
      • Graphics card(s):
      • Nvidia Geforce 560Ti
      • PSU:
      • Mac pro PSU
      • Case:
      • Mac Pro Case
      • Operating System:
      • Windows 8
      • Monitor(s):
      • 1x22" LG 3D TFT 1x 19" ViewSonic
      • Internet:
      • 80mb BT Infinity

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by peterb View Post
    I was just thinking that there hasn't been any mention of home users being affected, either because it isn't newsworthy compared with the corporate systems, or few home users have been affected.
    Thousands of home users are affected by various bits "randomware" every day - but you are right it doesn't make for a good news story compared to sensationalised claims of "cyber attacks on the NHS". This was very likely nothing of the sort - everything we know so far points towards a phishing/vishing attempt via email, which a number of users have fallen victim to whilst using NHS machines. The ransomware then spread through the vulnerability as we know through N3 and internal hospital networks..and the rest is history.

    We don't know whether the source was from a personal email or NHS.net email, and the odds are this wasn't a targeted "attack" - but it sounds better in the news to call it so.

  7. #39
    Registered User
    Join Date
    Jun 2012
    Posts
    14
    Thanks
    0
    Thanked
    0 times in 0 posts
    • themandark_uk's system
      • Motherboard:
      • asrock Z77 Extreme 4
      • CPU:
      • i5-3570k
      • Memory:
      • 8gig geil
      • Storage:
      • 256 samsung evo
      • Graphics card(s):
      • gtx770
      • PSU:
      • 750 ocz
      • Case:
      • corsair 540 air
      • Operating System:
      • windows 8.1
      • Monitor(s):
      • acer 24inc

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I could of sworn that only a couple of months ago the virus companays where reporting that the nhs where in a bad state and this could happen at any min. And did the nhs listen.

  8. #40
    I really don't care Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    577
    Thanks
    12
    Thanked
    74 times in 61 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 2800 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 850 EVO; RAID-0 x2 WD Black
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I expect the NHS do listen, and I expect it's sat fairly prominently on their risk logs.

    Unfortunately, Enterprise IT is slightly different from your home computer or a small business. I would hazard a guess that the bulk of the machines running unsupported OS are due to dependencies on specialised kit that has never been updated and will not run on different OS. You can't stop say, blood screening, just because support has lapsed.

    You could cry air-gap, but there is the scale of managing these estates and having any hope of updating them at all. Plus often, with Enterprise IT, data needs to be shifted, and having people wonder around with sensitive on USB drives is even worse.

    The real test is how well they can recover these systems.

  9. #41
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I believe decryption keys have now been generated so anyone affected can reverse the encryption.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

  10. Received thanks from:

    peterb (20-05-2017)

  11. #42
    Senior Member
    Join Date
    Dec 2013
    Posts
    259
    Thanks
    77
    Thanked
    41 times in 39 posts
    • satrow's system
      • Motherboard:
      • ASRock Z77E-ITX
      • CPU:
      • Ivy Xeon 1230 v2/Be Quiet Shadow Rock Topflow
      • Memory:
      • GSkill 2x8GB DDR3 2400Mhz
      • Storage:
      • 3x 256GB SSDs, 2x 2.5" HDDs.
      • Graphics card(s):
      • Asus blower GTX 1060 6GB
      • PSU:
      • Seasonic 360W Gold
      • Case:
      • BitFenix Prodigy/2x 120mm fans
      • Operating System:
      • W7x64 Pro
      • Monitor(s):
      • Dual (/triple) Dell U2412M 1900x1200
      • Internet:
      • TalkTalk FTTC ~14Mbps

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    The decryption method will only work if the machines haven't been rebooted.

    The infection was almost entirely limited to W7/Server 2003 and there is zero evidence that it was transmitted via an email attachment.

    Unpatched W7 machines connected directly to the Internet were the most likely infection route.

  12. Received thanks from:

    walibe (20-05-2017)

  13. #43
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by satrow View Post
    The decryption method will only work if the machines haven't been rebooted.

    The infection was almost entirely limited to W7/Server 2003 and there is zero evidence that it was transmitted via an email attachment.

    Unpatched W7 machines connected directly to the Internet were the most likely infection route.
    Are you on about the hunt for patient zero? Yes it's still unknown although there are some good guesses at the moment. Its obviously spread via SMB internally but thanks to VPNs its easy to escape the network and a contractors laptop would be a perfect example.

    Shame about the decryption but it's an interesting retrieval none the less and as it's businesses affected I suspect many of the machines won't have been rebooted if they haven't already been recovered, unless that part of memory is over written I guess.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

  14. #44
    I really don't care Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    577
    Thanks
    12
    Thanked
    74 times in 61 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 2800 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 850 EVO; RAID-0 x2 WD Black
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I guess it would have to be a laptop on 3G. Nobody connects to the Internet directly these days, even the most basic home broadband solution uses NAT which would block any inbound SMB sessions.

  15. #45
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by Dashers View Post
    I guess it would have to be a laptop on 3G. Nobody connects to the Internet directly these days, even the most basic home broadband solution uses NAT which would block any inbound SMB sessions.
    VPN as stated above.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

  16. #46
    I really don't care Dashers's Avatar
    Join Date
    Jun 2016
    Posts
    577
    Thanks
    12
    Thanked
    74 times in 61 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 2800 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 850 EVO; RAID-0 x2 WD Black
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    I doubt any NHS computers would be connecting to external VPNs.

  17. #47
    Senior Member walibe's Avatar
    Join Date
    Jul 2003
    Location
    Lyneham
    Posts
    928
    Thanks
    21
    Thanked
    24 times in 18 posts
    • walibe's system
      • Motherboard:
      • ASUS P8P67B Pro
      • CPU:
      • iMac 2013
      • Memory:
      • 16 Gig Corsair Vegence
      • Storage:
      • 10 T.B Total
      • Graphics card(s):
      • Nvida GTX 755M
      • Operating System:
      • Mavericks / Windows 8.1
      • Monitor(s):
      • 27"
      • Internet:
      • BT Fibre

    Re: Ransomware Wanna Decryptor causing IT failures across NHS

    Quote Originally Posted by Dashers View Post
    I doubt any NHS computers would be connecting to external VPNs.
    Regardless the scenario above was a contracter using a VPN for one reason or another then connecting laptop to same NHS network afterwards. A very likely and realistic scenario.
    Laptop - Macbook Pro Retina 13" (Early 2015) i5/8GB/256GB
    Desktop 1 - iMac 27" (late 2012) i7/32GB/1TB Fusion Drive
    Desktop 2 - i7 2600K/32GB/1TB/GTX 760
    Server - HP DL160 G6 2 x Hex Core Xenon x5650/64GB/8TB
    NAS - ASUSTOR 604T ATOM Dual Core/3GB/16TB

Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •