NHS Hospital Networks Infected With Ransomware

It appears that the ransomware is spreading trust to trust, possibly via email.


What happens when you don't give your employees adequate IT training update.


Microsoft have released their official statement on the topic - calling out the NSA and similar organisations for not taking responsibility when it comes to these exploits, and putting IT infrastructure at risk.

4 Likes

That sounds familiar

I predict us beeing in deep shit

1 Like

it was a spiritual successor to connficker based on Ms17-010

So for I hear it's been primarily spreading via the old N3 network.

3 Likes

Spear Fishing works well in most environments. The perpetrators of this one are likely to get more attention than they bargained for.

Apparently there are also unconfirmed reports of mass infections to computers in Italy, Portugal, Russia, Vietnam, Kazakhstan and Taiwan...

@Octobyte ... didn't they try and upgrade the IT system a while back and ended up trashing the idea, wasting millions?

NHS systems upgrade fiasco was about 10 years ago if I remember correctly. No idea what happened since then. I believe it was during a period when I worked for an unnamed company started by some guy named Ross that fled said company and left it with a bunch of texas asshats to screw up. I believe that this company defense contracts got them in to bed with thatcher and the nhs at the time.

IT in the NHS seems like a doomed recurring theme...no wonder people are still on XP!

FTFY

Seriously though, the current trend of connecting every last thing we use is insanity. If something is supposed to be a closed network it needs to be forever disconnected from the internet and set up their own back up net work. None of that can operate safely on the open internet.

4 Likes

It's MS17-010. Which was patched in March. TWO MONTHS, CARL!!!
Russian police is affected. :smiley:
And the tool is based on a leaked NSA exploit. Damn those US hackers, influencing our something or other! =)))

3 Likes

Got a RSS message from the finnish cyber security centre; WanaCrypt0r causing havoc in Europe, update your Windows machines. Lol

2 Likes

FedEx told like 80K of its employees to turn off their computers. Maybe they can turn them back on on Monday...

Oh and btw this might be a perfect time to give a shoutout to a nifty lil copyleft tool that blocks any executable outside the Program Files folder
https://iwrconsultancy.co.uk/softwarepolicy

1 Like

Patch your computer and re-enable UAC.

3 Likes

And use a regular user account for yourself, with an admin account in case you need elevated privileges.

2 Likes

Networked computers man. The Galactica was onto something.

In all seriousness people who haven't updated there systems from critical updates deserve everything they are getting. But its good to remember than more often than not the sysadmins arent always to blame when there boss says no.

8 Likes

I am not a pessimist, but I expect major, world wide problems on monday.

Keep a look out for news from russia.
It's worst there.

  1. Interior Ministry -affected
  2. Police, Power & Industry - affected
  3. Hospitals -affected
  4. Various other government institutions -affected
  5. Then there's Kaspersky Labs getting getting poked for some reason. http://www.reuters.com/article/us-usa-kaspersky-idUSKBN1872M6
  6. And all this after yesterdays Trump cyber security executive order + comey firing + etc it's the perfect storm.

At least for now one of the critical domains for Wcry exec to work has been sinkholed. It should stop the malware execution for the time being.

5 Likes

saw this thread on how to prevent this from getting to personal systems
Quote in case anyone doesn't want to open the link

These are the details collected so far:

Eden has informed me that I may post links to malware samples here :laughing:

2 Likes

A Slightly mad registry patch for wannacry that kills exec when detected.