back to article UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …

  1. WibbleMe

    Has some one been sending emails again?

    1. Anonymous Coward
      Anonymous Coward

      The Register:

      13:22 "'Jaff' argh snakes: 5m emails/hour ransomware floods inboxes"

      14:22 "NHS hit by 'cyber attack', at least one hospital shut down"

      Coincidence?

      1. Anonymous Coward
        Anonymous Coward

        Rang my local hospital at about 13:00. They told me their IT systems had been down for about the last two hours.

    2. Anonymous Coward
      Anonymous Coward

      I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you..

      This is Avery good reminder why windows is such a security cesspit, and unless you need to run Windows stuff, you are far more secure running a Chromebook with its signed read-only runtime.... It's pretty much unhackable

      1. Robert Baker

        "I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you."

        That isn't a Windows vulnerability per se, it's an incompetently-written-email-client vulnerability. This is one reason why Pegasus Mail deliberately doesn't execute any code in an email, unless of course explicitly asked by the user to do so.

    3. Anonymous Coward
      Anonymous Coward

      That's what comes of still running Windows XP!

      At least if they ever get to Windows 10, it's a continual incremental upgrade platform and the problem of needing to go through a major upgrade every few years goes away...

      1. Anonymous Coward
        Anonymous Coward

        >At least if they ever get to Windows 10, it's a continual excremental upgrade platform

        FTFY.

    4. Anonymous Coward
      Anonymous Coward

      It appears the source IP address is...

      It appears the source IP address is ...

      Conservative Central Office.

      Conservative Central Office are still trying to find the culprit, but they suspect:

      Theresa May / Amber Rudd.

      (Well if you can't win support for full access to encrypted communications, what better than to stage a ransomware attack on the NHS, to further your cause)

      1. Anonymous Coward
        Anonymous Coward

        Re: It appears the source IP address is...

        You, sir, are a first-class c**t. This situation is not any sort of funny, nor is it an excuse to make crass "jokes" like this.

        1. Gordon 10

          Re: It appears the source IP address is...

          Sweary AC. You're not from round these parts are you?

        2. Anonymous Coward
          Anonymous Coward

          Re: It appears the source IP address is...

          Who said it was meant as a joke? It was meant to put across a serious point. Due Diligence. Encryption is getting scapegoated here, when this really boils down to lack of resources, poor management - updating/securing systems, poor choices regards Software.

          There is a narrative here being fed to the press, who are lapping it up, printing it all as gospel (especially the Guardian's coverage), typically aimed at the technically illiterate, to cause change (I believe regards encryption laws),

          What better way to achieve your goals/press that point, than hype up a very emotive "encryption target", where the general public will have difficulty understanding the full picture of the encryption attack, instead, they will be swayed by the emotional aspect of its effects.

          It all plays very well for new laws regarding the use of encryption, which lessen, rather than stengthen their own security, without them realising. This is exactly the sort of techniques that will be used to force "change" (regarding encryption law) through.

          Yes, the effects are real, but like anything, systems will be back to normal in a week, the real effects on encryption laws/personal privacy (long term) could be the real attack vector in this.

          1. hoola Silver badge

            Re: It appears the source IP address is...

            Lack of resource and funding is correct to a certain extend. One of the real issues is the equipment that has to use Windows XP because the supplier either no longer exists or it is too expensive to replace. Million pound scanners that are perfectly serviceable simply cannot be replaced because the OS of a control PC is unsupported. With many of these very high tech, high cost and low volume systems, there really is very little option.

            The armchair experts that only look after a few hundred PCs and a handful of servers simply do not understand the problems.

        3. Anonymous Coward
          Anonymous Coward

          Re: It appears the source IP address is...

          Well sir, I for one are sniggering as I stopped using that virus vector-ware called MS Windows in 2008. The brill thing about Linux is YOU have control, and can cut out as many application packages as you wish, making your installed system smaller, simpler and therefore much easier to manage.

          You choose. I'm sniggering.

        4. Anonymous Coward
          Anonymous Coward

          Re: It appears the source IP address is...

          OH but it is ...it so is

          Because it highlights that the clowns that run IT in most major orgs are clueless - but think they are gods gift

          And now thay have just been bitten and bitten hard ...

      2. bombastic bob Silver badge
        Boffin

        Re: It appears the source IP address is...

        scanning port 445, which SHOULD be blocked at the firewall. but apparently is NOT.

        According to THIS web site, the worm in question scans for vulnerabilities on port 445. This is an old problem which most net-savvy people BLOCK for incoming packets of any type. Yes, you do NOT want "teh intarwebs" accessing your SMB ports. EVAR.

        So it looks like blocking those SMB ports (445, 139) from "teh intarwebs", and (potentially) blocking SMBv1 access on your network PERIOD, are 2 ways of mitigating this problem.

        some technical info here:

        https://www.hackbusters.com/news/stories/1532486-player-3-has-entered-the-game-say-hello-to-wannacry

      3. Rob D.
        Facepalm

        Re: It appears the source IP address is...

        Hmmm but no. This all undermines Rudd's position - the NSA had their zero-day back door and, ooops, the crims eventually got hold of it. OK so it's years after it was created and the vendor has officially patched it (at least for the supported OSes) but that doesn't appear to be stopping it now being used to wreak havoc on a reasonably global scale (caveats re early speculation apply).

        Please can we have more of that kind of hole deliberately built in to the fabric of our communications infrastructure because the security services and government will be very careful to never, ever, ever let it out in to the wild. Ever.

    5. Domquark

      If it has come in on an email, then it says a lot for Trend Micro's cloud-based email scanning service they provide for the NHS.......

    6. Anonymous Coward
      Anonymous Coward

      Oh, I do so hope the US gets hit really badly. Like Americans funding the IRA until 11/9 - what goes around comes around...

  2. censored

    Strong and stable network

    1. Anonymous Coward
      Anonymous Coward

      Who Gains ?

      1. 0laf Silver badge

        Probably a misunderstanding by the attackers. Ransomware is probably quite effective against US hospitals and they may have made an assumption that all hospitals will pay to resume service.

        Or it's just collateral damage from a massive email spam list which includes hospitals. That'll be why they are hitting all parts of government as well.

        1. Naselus

          It's international. UK, Spain, Italy, China, Russia, Vietnam, Kazakhstan and Taiwan so far reporting massive numbers of infections.

          1. Anonymous Coward
            Anonymous Coward

            Details from Spain's National Cryptology Centre on which computer systems are being affected:

            Microsoft Windows Vista SP2

            Windows Server 2008 SP2 and R2 SP1

            Windows 7

            Windows 8.1

            Windows RT 8.1

            Windows Server 2012 and R2

            Windows 10

            Windows Server 2016

            1. PTW
              Pint

              Eh?

              A down vote for posting details from Spain's National Cryptology Centre?

              Weirdo down voter Foxtrot Oscar & you can have an up vote [and beer] from me

              1. Pookietoo

                Re: Eh?

                Perhaps the thumbdown didn't agree that later systems are vulnerable? But those are the affected systems reported at www.ccn-cert.cni.es

                1. Robert Baker
                  Flame

                  Re: Eh?

                  "Perhaps the thumbdown didn't agree that later systems are vulnerable?"

                  Affected system != vulnerable system. The Spanish report covers those systems which were infected (and as I have said before, downvoting a fact doesn't make it false); it doesn't distinguish between those with unpatched vulnerabilities, and those with dumb users who click on dodgy links such as those "YOUR COMPUTER IS AT RISK!!!!!" ads we have all seen.

            2. Anonymous Coward
              Anonymous Coward

              Details from Spain's National Cryptology Centre on which computer systems are being affected:

              Microsoft Windows Vista SP2

              Windows Server 2008 SP2 and R2 SP1

              Windows 7

              Windows 8.1

              Windows RT 8.1

              Windows Server 2012 and R2

              Windows 10

              Windows Server 2016

              No specific target then...

            3. Anonymous Coward
              Anonymous Coward

              Linux...

              Can't see Linux on your list.

              1. Anonymous Coward
                Anonymous Coward

                Re: Linux...

                No Specific Target then...

                (It was meant as Sarcasm)

          2. Stork

            Portugal too

            - I heard on the news. Not sure how much, they mention NHS as worst hit.

      2. Anonymous Coward
        Anonymous Coward

        He who closes the tickets

        In the large, paperless hospital I currently work in, HP's performance is measured by the number of tickets they generate and close rather than any problems they actually solve. I'm sure their performance will be way up in the coming days.

      3. Anonymous Coward
        Anonymous Coward

        Expect them to engineer a scare story every day now until polling day.

    2. Anonymous Coward
      Anonymous Coward

      Tough on Health. Tough on the causes of Health.

  3. Sgtpanda

    Ransomware

    Looks like ransomware https://twitter.com/asystoly/status/863027172453351424 , let's wait and see how they spin this into a "complex zero-day state-sponsored attack"

    1. David 155

      Re: Ransomware

      Spin? What makes you think cyber warfare is not a possibility?

      1. wolfetone Silver badge

        Re: Ransomware

        "Spin? What makes you think cyber warfare is not a possibility?"

        Because in warfare you destroy the opponents assets. You don't lock them up and demand a ransom.

        1. Chemist

          Re: Ransomware

          "You don't lock them up and demand a ransom."

          You might not now but in medieval times it was the best way of becoming rich

          1. Alumoi Silver badge

            Re: Ransomware

            You might not now but in medieval times it was the best way of becoming rich.

            It works pretty darn good for Microsoft, Adobe and their ilk. Have the paying beta testers... erm, customers locked into the Windows OS and demand increasing ammount for each forced update.

          2. wolfetone Silver badge

            Re: Ransomware

            "You might not now but in medieval times it was the best way of becoming rich"

            Look, I know after 7 years under a Tory lead bollocks job of a government it feels like we're in the medieval times. But we're not. Have faith, pip pip and make June the end of May.

            Thank you x

            1. Anonymous Coward
              Anonymous Coward

              Re: Ransomware

              Yes, hand everything back to Labour and see what happens when they waste money on the normal crap and then realise there's no more gold to sell off. Oh wait a minute, they could always copy Gordon Brown with his "once-in-a-lifetime, never to be repeated" annual raid on private pensions. Or maybe use Corporation Tax to pay for everything. Or maybe they really will pay their new Thought Police £30 a week like Dianne Abbot said, and use the remaining law enforcement budget to fund their pipe dreams.

              If Blair and Brown hadn't quite emptied the covers before they got voted out, they came very close. We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing.

              1. This post has been deleted by its author

              2. Anonymous Coward
                Anonymous Coward

                Re: Ransomware

                "We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing."

                Tory lie #1 for the last 10 years : that Labour caused the 'great recession', spend all the money, bankrupted the country etc, and therefore are not 'strong and stable'. Only an utter fool would think that Tone and Gordy caused the financial crisis of 2008. They sure did some fucked up repugnant shit : an unnecessary war being just one. Many, many things caused the 2008 financial problems. To assume that this small island and it's leaders at the time had *anything* to do with it is folly.

              3. Anonymous Coward
                Anonymous Coward

                Re: Ransomware

                O, the political corner. Yipee!

                Well, they could build lots more houses to both force down house prices and rents. They could even get local councils to build lots of council houses to help out. This could be easily funded using the same magic money tree they use to fund university education.

                More houses mean cheaper houses, mean cheaper rents, mean more money to use in the real economy, means more economic activity, means more jobs, means more people are better off, means a better life for everyone.

                Of course it won't happen because those who are doing quite nicely now, thank you very much, while sitting on their arses doing nothing other than raking in the rents, will do everything they can to stop it.

            2. Anonymous Coward
              Anonymous Coward

              Re: Ransomware @ wolfetone

              "Look, I know after 7 years under a Tory lead bollocks job of a government it feels like we're in the medieval times. But we're not. Have faith, pip pip and make June the end of May."

              Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc.

              I'm on the right wing, and I despise May as a meddling, incompetent lightweight without any strategic vision. I certainly won't be voting for her. But equally, I won't be voting for the the mad, sociliast-fundamentalist, academic, blundering Corbyn.

              1. wolfetone Silver badge

                Re: Ransomware @ wolfetone

                "Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc."

                In short: a much better life than what I've got under the Tories.

                Your arguments regarding Corbyn are completely wrong and misplaced. The idea of privatising the rails, energy etc was so that the infrastructures and rolling stock could be upgraded and improved. Instead the only thing to improve on the rails is the increase in ticket prices and over crowding. Likewise with energy, increases of energy bills yet no movement or improvement on the whole.

                All the money paid to privatised companies wouldn't leave the UK then, it'd stay in the country. The Rail/Energy would become not-for-profit, meaning any profits were put back in to the industries. What's the problem in that?

                Furthermore, with your inaccuracies in your question lead me to believe you've never read anything other than The Daily Fail et al about him and his policies. Bet you still think he ran a photographer over, don't you?

            3. Anonymous Coward
              Anonymous Coward

              Re: Ransomware

              "Look, I know after 7 years under a Tory lead"

              You know the conservatives massively increased spending on the NHS in real terms over what the last Labour government spent right? Have you seem the alternatives?! Anything is better than the socialists and Corbyn.

          3. JLV

            >You might not now but in medieval times it was the best way of becoming rich.

            Four score dozen ecus, or your sorry ass will be encrypted in my oubliettes.

            I oscillate myself between wanting to see:

            a) the lowlives targeting hospitals getting frisky with an iron maiden.

            b) strapping whoever is ultimately responsible* for XP still being used (or at least networked) naked on a horse, daubed with honey and released near a huge swarm of deer flies.

            * yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks.

            1. Simon Bramfitt
              Thumb Up

              Re: >You might not now but in medieval times it was the best way of becoming rich.

              I'd be more than happy to vote for all of the above

            2. Doctor Syntax Silver badge

              Re: >You might not now but in medieval times it was the best way of becoming rich.

              "yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks."

              You may have to look a little further back than that. Maybe at some business that was writing current applications but has now been bought and re-bought by some bigger business and somewhere along the chain the application development has been discontinued, maybe the source lost and runs on nothing newer than XP.

              There's no silver bullet.

          4. Robert Baker

            Re: Ransomware

            "You don't lock them up and demand a ransom."

            You might not now but in medieval times it was the best way of becoming rich

            Ever wondered why the phrase "worth a king's ransom" came into being? That's because it originally wasn't just a metaphor.

        2. Chinashaw

          Re: Ransomware

          You might not, you might want to tie up resources and cause stress to enemy systems, much like snipers shooting people to wound and so tying up resources both medically and for the wounded soldiers friends.

        3. DavCrav

          Re: Ransomware

          "Because in warfare you destroy the opponents assets. You don't lock them up and demand a ransom."

          Never heard of privateers, have you?

        4. Allan George Dyer

          Re: Ransomware

          What a limited view of warfare you have. Why not lock up assets, demand a ransom, get paid and destroy the assets anyway?

    2. Anonymous Coward
      Anonymous Coward

      Re: Ransomware

      Surely a threat detection system can notice that a lot of files are being encrypted and pop up a warning to block that process and let you know.

      So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?

      I remember someone wrote a piece of software that put a honeypot file in every directory and checked them for changes. If they changes then the user account would be blocked immediately.

      Hopefully a major incident like this will spur some action from someone.

      1. Pen-y-gors

        Re: Ransomware

        @AC

        "So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?"

        Because when Windows XP was being developed in 2001 no-one thought it was important (and I believe a lot of the NHS still uses that). Of course that doesn't excuse weaknesses in Win 10.

        1. Timmay

          Backup

          No need for messing about with clever detection routines that use up valuable system resources and still won't catch it early enough to protect everything - just backup your shit, ffs. There's so many lightweight endpoint backup solutions out there, there's no excuse - just roll back to a date/time just before the attack and carry on with your day.

          1. Anonymous Coward
            Anonymous Coward

            Re: Backup

            A backup is a start and will help you recover a few user docs that have aged a little, but if you believe that will save you from any issues you are clueless.

            Roll back your DB to your last backup 24hours ago, or 5 hours ago or even 5 minutes ago and for some people you may as well not have a backup at all unless there is also systems in place to recover the data from then until a few seconds ago.

            If you think the issues being experienced today by the NHS could be solved just by putting last night's backup tape in and everything will be back to normal, why not go and knock on their door they would love to hear from you - similar to all the other organisations which may or may not be having a similar nightmare day today. You'll earn a fortune as a consultant.

            In fact why not hire yourself out as a consultant and guarantee that any company who hires you will never get into any serious trouble as you'll install a backup system for them. You better have a pretty good insurance policy backing you up on your claims though.

            1. Anonymous Coward
              Anonymous Coward

              Re: Backup

              If you're running a business-critical back-end database on a Windows box that is in any way accessible by a clueless user who can manage to get it infected with a virus, then my friend, you deserve all you get.

              1. Anonymous Coward
                Anonymous Coward

                Re: Backup

                "that is in any way accessible by a clueless user who can manage to get it infected with a virus, then my friend, you deserve all you get"

                Of course, it's all so easy. There is no way anything could run a privilege escalation attack on system process and then propagate through the network to trusted resources. Or open a hole in a previously secure protocol or hijack a privileged app updater routine, or etc etc.

                Life isn't so easy in the security arena. Anyone who thinks it is isn't responsible for systems security at anything approaching a large organisation.

              2. Anonymous Coward
                Anonymous Coward

                Re: Backup

                "If you're running a business-critical back-end database on a Windows box "

                Then in the last decade it has had way way fewer remotely exploitable vulnerabilities than say an Oracle database on a Linux box...

              3. Doctor Syntax Silver badge

                Re: Backup

                "then my friend, you deserve all you get."

                But your users and those they serve don't.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Backup

                  @Doctor Syntax

                  Exactly. You're entirely responsible for your users and those they serve.

                  That's what you're expletive deleted being paid for!

              4. hoola Silver badge

                Re: Backup

                SQL Filestream anyone.......

                Equally clueless, and before the Linux advocates start honking on, the OS of the backend system is totally and utterly irrelevant. If it has SMB or CIFS available then it can be compromised. The same goes for any NAS appliance or anything else. This is a client driven attack.

            2. Anonymous Coward
              Anonymous Coward

              Re: Backup

              Roll back your DB to your last backup 24hours ago, or 5 hours ago or even 5 minutes ago and for some people you may as well not have a backup at all unless there is also systems in place to recover the data from then until a few seconds ago.

              I worked on systems with this capability over two decades ago. This isn't rocket science.

            3. Anonymous Coward
              Anonymous Coward

              Re: Backup

              If you put your transaction logs on a secure server then you can load the last backup and run through the transaction logs o get to the same pace as you stopped. Of course if you are silly enough to put the logs on the same machine then they will probably be useless as they would be if you have a fire or a flood.

              There probably are clueless people about that do keep them on the same machine but lets hope they learn.

          2. druck Silver badge
            Unhappy

            Re: Backup

            According to at least one hospital official interviewed tonight; there is no electronic backup, there is no paper backup, more than likely patient data will not be recovered.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ransomware

        "Surely a threat detection system can notice that a lot of files are being encrypted and pop up a warning to block that process and let you know. So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?"

        Malwarebytes claims that their Endpoint Security product for businesses will do this. They also have a free anti-ransomware product for desktops (beta for past year).

      3. AlbertH

        Re: Ransomware

        Hopefully a major incident like this will spur some action from someone.

        This is Windows you're talking about. "Security" just doesn't exist.

  4. frank ly

    Surprises?

    "... it also meant that the Trust’s telephone system is not able to accept incoming calls."

    Is that because they use VoIP?

    "My wife is a GP and their systems were just shut down ..."

    Is there not local storage and caching for local patient data? Either it's not very resilient or this is a massive attack.

    1. Anonymous Coward
      Anonymous Coward

      Re: Surprises?

      Well, yes, but who knows how far the ransomware/attack has penetrated so it's better to disconnect/shutdown and prevent further contamination/corruption while you assess the situation, fix the holes and recover.

      As for phones, plenty of DoH and NHS systems are using IP telephony that's dependent on the PCs being up, the phone number follows the user's network login so shutting down the PC means you lose telephony as well.

      1. Blotto Silver badge
        Pint

        Re: Surprises?

        Unified Comms anyone? No handsets just a headset attached to the computer via USB or Bluetooth for the execs.

        What could possibly go wrong?

        Maybe critical infrastructures should use a separate dedicated network for voice using non compatible with tcp / ip protocols to connect handsets to hardened gateways that can then connect to a providers phone network, but crucially using the same physical connections as the data network.

        Maybe that's too radical an idea?

        1. usbac Silver badge

          Re: Surprises?

          @Blotto

          When we converted to VOIP, we set up physical IP phones, and put them and the VOIP servers on their own network segment firewalled off from the corporate network. We're talking about a separate physical network, not VLANS! The VOIP trunks have their own path to the internet.

          The firewall between networks only allows for an HTTPS connection originating from the corporate LAN to the VOIP servers for administration. And that's only allowed from two workstations.

          All of the IP phones are POE, and the POE switches are powered by an enterprise class 17KVA UPS.

          If our data network goes down, we still have phones!

        2. TheVogon

          Re: Surprises?

          "No handsets just a headset attached to the computer via USB or Bluetooth for the execs."

          This is the NHS. USB headsets cost less than £20. IP phones typically cost over £300...

      2. not.known@this.address

        Re: Surprises?

        Um, no, it's the other way around - the phones will work quite happily without the PC as long as the switchboard is up, but the PC is just a paperweight if the phones go down (especially if someone thought it was a good idea to use decent-spec PCs as dumb terminals running Shitrix with Windows on the servers. I thought we did away with mainframes years ago but apparently not...)

    2. Anonymous Coward
      Anonymous Coward

      Re: Surprises?

      "Is there not local storage and caching for local patient data? Either it's not very resilient or this is a massive attack."

      My wife used to work at a Housing Association where he office (and all the others) were connected onto a single network with main servers in head office. Meant that if anything went wrong with head office or the networks between their and the regional office then while they might have some data stored locally on their PC they couldn't print anything as the print server controlling the printer in their office was in the head office!

    3. 100113.1537

      Re: Surprises?

      "Is there not local storage and caching for local patient data? Either it's not very resilient or this is a massive attack."

      Ever since data breaches became a big ticket item, local data storage became a no-no. You can't secure all GP's office computers, so you make sure they don't hold any data - the classic security bind.

      1. TRT

        Re: Surprises?

        It's not just IP telephony. When the KCL system went down, it took out the virtual machine that was running the mapping of the circuit switching I/O cards in the exchange to the telephone number being dialled. The more they overthink the plumbing, the easier it is to stop up the drain.

      2. h4rm0ny

        Re: Surprises?

        I believe (having worked in the NHS) that it was safer when all the data was stored at individual GP practices. Firstly, this prevented a massive treasure trove of data being collected which will inevitably be stolen (if it has not already). Rather than numerous small troves which had to be individually gone after and thus weren't pursued by intelligence agencies or criminals. Secondly, it inherently partitioned the data according to need. Someone couldn't find the sexual history of their partner or look up the address of someone they were stalking just because they worked at ANY GP practice. When we pointed this out, they told us only people who had agreed to strict privacy controls were given access. By this they meant the bit of paper that every GP secretary and anyone else signs without reading. We pushed and were told that all accesses were logged but we investigated and at the time they weren't (not that this takes the place of restricting access). I.e. they lied to some of the people actually responsible for this stuff! Maybe those controls are implemented now but the principle that far, far more people have access to this data than need it remains in place.

        So no, I don't think it has made it safer even in principle. A thousand boxes, each individually locked and each containing a pittance. Or Smaug's heap of gold entrusted to whichever company's director is mates with the Health Secretary of the day. I know which I think is safest in principle.

  5. Mattjimf

    Oop North

    Not heard any panic up here in the North East so far.

    1. Tom 7

      Re: Oop North

      The internet and phones are down then!

  6. John Crisp

    Heart failure

    NHS suffers 'heart' attack

    Good luck to the patients

  7. 7-zark-7

    Telefonica Spain and Santander affected too.

    https://www.bleepingcomputer.com/news/security/telefonica-tells-employees-to-shut-down-computers-amid-massive-ransomware-outbreak/

    1. TRT

      Spanish flu?

      1. Robert Baker

        And introducing acoustic flu?

  8. Your alien overlord - fear me

    Pity the IT security staff had been let go to save on costs.

    1. Anonymous Coward
      Anonymous Coward

      IT support is outsourced.

      1. wolfetone Silver badge

        Nationalise the IT support comrades!

      2. Buzzword

        Re: IT support is outsourced.

        Pity it's after pub o'clock in India.

      3. not.known@this.address

        I was wondering if there might be something like that behind all this - has anyone checked to see if all the affected companies/organisations have a common factor like the same Outsourcer?

  9. Anonymous Coward
    Anonymous Coward

    Quick, someone blame Russia/DPRK/Iran/China/ISIS/Tory cuts/Donald Trump/Jeremy Corbyn/My local shopkeeper who looks dodgy and has a Russian sounding accent. Best to get it in there early to avoid confusion.

    1. Pen-y-gors

      I vote for 'Tory cuts' closely linked to 'Jezza Ffrynt-Botham'

    2. Flywheel

      You missed Brexit !

    3. h4rm0ny

      Quick, someone blame Russia/DPRK/Iran/China/ISIS/Tory cuts/Donald Trump/Jeremy Corbyn

      One of these is not like the others...

  10. wolfetone Silver badge

    You know, there's something to be said for not having a health care system attatched to the internet.

    1. Anonymous Coward
      Anonymous Coward

      It doesn't currently look like it came from the internet.

      1. adam 40

        It doesn't have to be connected to t'internet

        Exactly - all NHS computers I've seen recently have USB ports within a patient's reach, it just takes a miscreant to plug in a memory stick and blammo!

        1. Dwarf

          Re: It doesn't have to be connected to t'internet

          I take if that you've either been on a different planet or asleep under a rock whilst the variety of USB VID/PID control products hit the market then ?

          Its trivially simple to control USB device insertion to only approved device types / types & Serial numbers and/or to specific users

          1. Tridac

            Re: It doesn't have to be connected to t'internet

            One of the simplest, things to do on machines is to disable autoruns on all drives, a primary access method for malware. Teach users to delete any emails that they don't recognise, disable script and stick to plain text emails only.

            The stupidity anmd cluelessness of this amazes me. All critical infrastructure should be on private networks with no direct access to the internet. Where access is needed, it should be via a single point, with firewalls and mail and attachment scanners that actually work. Those resposible for all this must be asleep at the wheel, unbelievable...

            1. Allan George Dyer

              Re: It doesn't have to be connected to t'internet

              @Tridac - "Teach users to delete any emails that they don't recognise"

              So do you open the email with the subject, "Please change my appointment"? Anyone whose job is to interact with the public can be targeted by a suitable email. Sure, dumping any email client with scripting support is good (if you disable it, do you trust that the next update doesn't turn it back on silently, for whatever reason), but how do you force the public to only send plain text?

              1. Tridac

                Re: It doesn't have to be connected to t'internet

                Opening an email doesn't run anything if scripting is disabled and if you click on an attachment without being sure who it's from then it's your own fault :-). For linfrastructure and large arganisations, secure setup can be handled via initial machine provisioning and automated, with application software settings locked down. The OS config should be bare bones, with all but needed services disabled by default. Perimeter firewalls should have all but needed ports blocked by default, ideally with separate hardware firewalls between each internal subnet. Wouldn't surprise me to hear that they have smb shares across the global internet with no vpn, but that's a worse case scenario.

                Even Win Xp is fine in a properly configured and protected environment, but the whole system must be configured to design out the vulnerabilities. Assume that any network can be broken, given enough resources. Think systems engineering...

      2. Daggerchild Silver badge

        No, it looks like it came from an internal network accessed by a VPN by a supplier employee who was infected by a colleague who almost certainly clicked on something from the Internet.

        I'm thinking he probably airlock switched his infected local PC from his corporate LAN to the supplier LAN to do some work.

      3. Wayland

        The wards in Colchester General have free WiFi. It would be easy to push a USB WiFi into one of those trusty XP machines they have all over the place. The IT department are usually out to lunch at Colchester and Clacton anyway. Try getting blood results at Clacton when they have been put on the computer in Ipswich. Better to wait for the postman or get someone in Ipswich to read the screen out to you over the phone.

        1. Robert Baker
          WTF?

          "The wards in Colchester General have free WiFi."

          And? Nearly all hospitals have patient wi-fi, either free (such as at St. Thomas') or paid (such as at King's College Hospital), but unless the IT staff are not just clueless but total freakin' idiots (read: none of them), the patient wi-fi doesn't come anywhere near being connected to the hospital's wireless network(s).

    2. cantankerous swineherd

      digital by default pal.

      1. Anonymous Coward
        Anonymous Coward

        That doesn't make any sense.

    3. Anonymous Coward
      Anonymous Coward

      Benefit: The Internet is a cheap wide area network.

      Risk: Cheap doesn't mean secure.

      *

      Benefit: The Internet supports "convergence" -- so email, file transfers, VOIP, central database access, etc all go over the same pipe.

      Risk: Everything on every client and every server is (potentially) available to anyone!!

      *

      So....pick the benefit which you want -- but recognise the risks. Clearly for the NHS -- CHEAP trumps RISK (no pun intended)

  11. tin 2

    Appears to just be a very good (at spreading) ransomware, not a particularly dedicated attack.

    1. chivo243 Silver badge
      Childcatcher

      @tin 2

      I just such dramatics on the beeb news intro... It's an all out attack on the NHS! Hospitals shutting down sending patients home...

      How is some user clicking on an attachment in such an environment an attack? Attacked! I say! Targeted with surgical precision, just like the systems they were running...

      1. DavCrav

        "How is some user clicking on an attachment in such an environment an attack?"

        Well, it's obviously an attack. Just because the defence wasn't great (assuming that) doesn't mean it isn't an attack.

    2. TRT

      It's using an exploit leaked by the CIA whistleblower. Cheers, pal.

      Very effective against NHS systems because they've left older SMB protocol versions running in order to service XP-based clients, and there's a lot of digital real-estate not updated to 7 or above, for very good reasons.

      So, this highlights the danger of running un-supported Operating Systems, does it? Perhaps it highlights the disadvantage of continuously changing operating systems in this rapid release format that Microsoft have switched to. Will there be a version of Windows 10 in, say, 10 years time that is deemed 'unsupported'? We heard a while back that Windows 10 was the last version of Windows you'll ever get, because they're ditching that idea of releasing versions. Yet within 2 years we are onto 'Creators edition', potentially back to how it was. Good or bad? We've yet to see.

      Will this be a lesson for developers to produce something that is "buy once"?

  12. Anonymous Coward
    Anonymous Coward

    I was just about to post that it was to do with Telefonica, a friend in IT at NHS said that it's initially been spread from Telefonica who provide networking over the N3 connections the hospitals use.

    I hope they put more effort into tracking and prosecuting the people behind these things as hitting hospitals, if anyone dies, it's manslaughter in my eyes!

    1. fandom

      Manslaughter? If someode dies it should be first degree.

      1. Rosie Davies

        This is the UK. We don't have the construct of first degree murder. I feel it might be quite challenging to prove that $whatever was released specifically to kill, which is what you'd need for a pre-meditated murder conviction (UK's equivalent of first degree) but causing death by being a silly bugger (AKA manslaughter) would be more likely to succeed.

        Nope, I'm not a lawyer nor do I work for the police. I just work in IT so take an interest for...ummm...idle curiosity. Yes, that's it. Definitely that.

        Rosie

        1. DavCrav

          "This is the UK. We don't have the construct of first degree murder. I feel it might be quite challenging to prove that $whatever was released specifically to kill, which is what you'd need for a pre-meditated murder conviction (UK's equivalent of first degree) but causing death by being a silly bugger (AKA manslaughter) would be more likely to succeed."

          Don't need the whole murder, manslaughter thing. If anyone gets caught for this, it's committing a terrorist act they'll be done for. Attacking national infrastructure tends to get treated in that way.

      2. Tom 7

        First degree?

        So the only way to get decent qualifications these days is to kill people for them?

      3. katrinab Silver badge

        I would imagine they would go for Terrorism, with Computer Misuse Act and Blackmail charges as an alternative lesser charge.

        1. Anonymous Coward
          Anonymous Coward

          It'll be The Computer Misuse Act 1990, Section 3ZA - 'Unauthorised acts causing, or creating risk of, serious damage.'

          Punishments are up to 14 years in prison, or a fine, or both. Offenders can be sentenced to life imprisonment where their actions endanger human welfare or national security.

          But first you have to catch the buggers.

        2. adam 40

          you forgot the catchall "Money Laundering" as they are asking for Bitcoin.

  13. Anonymous Coward
    Anonymous Coward

    Not withstanding ..

    that is behooved of internal and external IT providers to have effective measures against such attacks - at what point does the government get off its collective hairy arse and decide to send SF to kill or castrate the perpetrators? This is costing money better spent on bullets - we are too nice for our own good.

  14. Locky

    Who would have thought that NHS systems would have been vunerable to a ransomware attack?

    How's that XP migration project going by the way?

    1. Chris Miller

      That's the migration project from Win2k, I assume?

      1. Anonymous Coward
        Windows

        Yes, they are migrating from Win2K TO Windows XP :)

    2. Planty Bronze badge

      This weeks windows vulnerability affects ALL versions of Windows. Let's not pretend something newer would have been immune. It might have been safer, but by how much? Windows is still horrendously insecure ... Also the screenshot clearly shows windows 7... Nothing to do with xp or win2k..

      The widespread nature suggests worm and self replication and self execution..

  15. Anonymous Coward
    Anonymous Coward

    I believe the way this works is that it will turn out to be the fault of one of the many private companies being paid huge amounts of money by the NHS, and the consequence will be that the NHS will take the blame & pay any legal liabilities (using our money) while there will be no comeback against the private company which will however have its NHS contract(s) extended.

  16. lawndart

    Come on GCHQ, this is your time to shine. Get in there and sort this out.

    1. Anonymous Coward
      Anonymous Coward

      > Come on GCHQ, this is your time to shine. Get in there and sort this out.

      Preferably with cricket bats.

      1. MJI Silver badge

        Sod cricket bats

        Send the SAS.

        With cricket bats!

        1. Tom Paine

          Re: Sod cricket bats

          Send them where? Crapita, Fujitsu, Cap Gemini?

      2. ShortLegs

        "> Come on GCHQ, this is your time to shine. Get in there and sort this out.

        Preferably with cricket bats."

        Preferably with one of the green-coloured units that have a dotted sideways line to you on the org chart.

        1. Gavin Park Weir

          Having been a supplier to the NHS in the past. The reason none of us greedy bastard, no good, only out for ourselves, shoody outfits provide the right high quality solution is this:

          NHS: Can I have a good thing to update / fix / provide (delete as needed) this service

          Supplier: We would recommend X which costs £Y

          NHS: We can't afford Y because we are not able to negotiate the budget we need to fix update / fix / provide (delete as needed). What can you for £Z?

          Supplier: How about this 2003 PC running XP?

      3. Nifty

        Sorry but GCHQ aren't going to reveal they've got working probes into the blockchain that reveal where the ransom recipients are.

        1. MJI Silver badge

          Just SAS them then.

      4. Anonymous Coward
        Anonymous Coward

        Preferably with cricket bats..

        How did you know we go to Lords for the annual GCHQ day out?

        1. MJI Silver badge

          GCHQ Cricket Bats

          Use to know people who worked there.

          A very competent group.

    2. Solarflare

      Oh they already played a blinder there!

      https://mobile.twitter.com/GazTheJourno/status/863039598984908800

      They removed their tweet shortly after the news broke...

    3. Daggerchild Silver badge

      Let me guess...

      "Come on GCHQ, this is your time to shine"

      Every year:

      GCHQ: They're going to get pwned unless you fix this list of things *unrolls*

      HEALTH MINISTER: That looks expensive, and will cause disruption that will make me look bad because nobody can see the benefit. They'll be fine! You'll just pull out a magic wand and fix it. I won't blame you if you can't, I promise!

      GCHQ: *sigh*

      1. Anonymous Coward
        Anonymous Coward

        Be careful what you wish for...

        https://pbs.twimg.com/media/C_XQpj0XcAEg7Hu.jpg

        https://pbs.twimg.com/media/C_XP1MqXsAENwH3.jpg

        #Deadbeats

    4. Anonymous Coward
      Anonymous Coward

      Damn right, it's high time that only GCHQ be allowed to install malware on her mejesty's subjects computers.

      Oh, wait...

    5. N2
      Pint

      Come on GCHQ, this is your time to shine

      - Get in there and sort this out.

      That made me smile, pint cos its Friday, just

  17. 87red

    Here is a screenshot of the claimed randsomware: https://twitter.com/LawrenceDunhill/status/863032679595421696/photo/1

    Looking up that bitcoin address it appears that someone has paid the ransom 0.15 BTC ($267, a bit short of the $300 requested).

    1. emmanuel goldstein

      that discrepancy could easily be down to volatile intra-day exchange rates, which BTC certainly has.

    2. Anonymous Coward
      Anonymous Coward

      Is it possible to blacklist bitcoin addresses or is this a "sub-address" not traceable to wherever the money is accumulating?

      There will always be a crook to ignore a blacklist but if it's possible, why make it easy for anyone?

      1. Anonymous Coward
        Anonymous Coward

        > Is it possible to blacklist bitcoin addresses or is this a "sub-address" not traceable to wherever the money is accumulating?

        I'm sure the authorities will be extremely interested in any transactions that subsequently move the bitcoins onwards from that address. If whoever does so isn't behind 7 proxies, or knows what a mixing service is, they'll discover how unanonymous bitcoin is.

        1. Anonymous Coward
          Anonymous Coward

          they'll discover how unanonymous bitcoin is.

          This is where we discover jiust how competent (or not) GCHQ is.

    3. 87red

      Another waller address shown in a screenshot on BBC News was also paid, 0.16321544 BTC to https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

  18. Anonymous Coward
    Anonymous Coward

    Merseyside NHS

    merseycare.nhs.uk has Server Error in '/' Application.

    Exception Details: System.ComponentModel.Win32Exception: The network path was not found.

    then a screen full of sql exceptions.

  19. BlueAdmiral
    Holmes

    Not just the NHS

    Looks like some of the biggest companies in Spain have been hit too with the same bug

  20. TimeBandit

    Using Windows?

    Why do they use Windows PCs if malware can be installed so easily on them? Surely critical systems should be running Linux so folks can't just install rogue exes on their PCs?

    1. Anonymous Coward
      Anonymous Coward

      Re: Using Windows?

      We use Windows PCs because a lot of the dedicated software we use won't run on anything else. Also for the same reason that we use Microsoft Office instead of Open/LibreOffice - user whine about anything different...

      1. TRT

        Re: Using Windows?

        User's WINE was that you said?

      2. alain williams Silver badge

        Re: Using Windows?

        We use Windows PCs because a lot of the dedicated software we use won't run on anything else.

        Aw, come on! The NHS is a large enough customer that if they wanted it on a Linux or BSD system the supplier would do the port.

        1. MisterHappy

          Re: Using Windows?

          With few exceptions the NHS is not a single large organisation, it is made up of lots and lots of Trusts & surgeries that are all responsible for their own IT systems.

          1. Pen-y-gors

            Re: Using Windows?

            @MisterHappy

            "With few exceptions the NHS is not a single large organisation, it is made up of lots and lots of Trusts & surgeries that are all responsible for their own IT systems."

            Remind me again, how did such an odd and inefficient system come to pass?

            1. MisterHappy

              Re: Using Windows?

              Someone in government decided that it would 'save money' to make each and every Trust/Surgery/Dentist etc responsible for their own budgets. There are a few NHS purchasing consortia but this is typically for consumables & not IT systems.

            2. Tom Paine

              Re: Using Windows?

              That's more or less how it's always been since 1947.

            3. AlbertH

              Re: Using Windows?

              Remind me again, how did such an odd and inefficient system come to pass?

              A clue for you..... The NHS began in 1948. Who was in government in 1948?

              Most NHS computer systems were installed in the early 2000s..... Who was in government in 2000...?

              Who got a nice house bought for him in Eaton Square SW1 by Bill Gates? Clue: He was Prime Minister in 2001......

              1. InNY

                Re: Using Windows?

                Re: Using Windows?

                what a load of bollocks.

                The NHS was created by popular demand after the 2nd World War because the men and women who went to war, to defend the free democracies, didn't want to return to a system that punished them for being poor or "just about managing". They wanted a society where equality in the provision of society's services was equal for everyone. - do your homework - look up the Beveridge Report 1942

                Most NHS systems were not installed in 2000. They were installed well before - they were extended in the late 1990's so that patients and those providing the required services could do efficiently and safely. The installation of IT services within the NHS was, and continues to be, a model of efficiency and effectiveness. That the service has been downgraded since 2010 is not the fault of the government in power in 2001.

                Microsoft Windows was/is used for the exact same reason that nearly every governmental organization in the world uses it. Because it was available; relatively cheap; easy to use; easy to install; there were/are plenty of people skilled in its various technicalities and it does the job exceedingly well.

                Who the f* cares who bought whom a house in a posh bit of London? Apart form which, where on earth did you dig that up from? Perhaps you could provide a valid link for the report? I've looked an can't find it. I look forward to enlightening us.

                Now, sod off and on your way admire the sheer grit, determination and marvel at the amazing skills of the NHS IT staff as they do all they can to remediate a catastrophic mess for which they can carry no blame.

                If you really want know who's responsible look towards the cheapskate management and chap who's name rhymes with c*nt...

          2. Alan Ferris

            Re: Using Windows?

            I can only speak for England, but you the taxpayer provide ALL GPs with computers and software. And it's all Windows based. I get no choice over hardware, clinical software or even antivirus. And the electronic booking system is only compatible with Internet Explorer... and not even the most recent versions.

            We are all doomed

        2. John 110

          Re: Using Windows?

          "Aw, come on! The NHS is a large enough customer that if they wanted it on a Linux or BSD system the supplier would do the port."

          The NHS is, but bits of the NHS aren't, software running microtitre plate readers for Lab tests is quite specialized and there just aren't that many labs in the NHS in the UK. It took us forever to get a version that would run under Windows 7.

          I think you'll find that replicated across many machines and services.

    2. Big Z

      Re: Using Windows?

      Windows can be secured from running rogue .exes, most Malware is JavaScript based, or macro based, and Sophos' 2017 malware forecast report stated they have seen significant (albeit still low) increases on Linux based ransomware attacks over the past 18 months. It essentially comes down to poor security implementation and practices (the IoT devices used in botnets are running Linux), and poor user education.

      1. Tom Paine

        Re: Using Windows?

        Windows can be secured from running rogue .exes, most Malware is JavaScript based, or macro based [...]

        Bollocks. Sorry, but it is.

        1. Tridac

          Re: Using Windows?

          Ok, so what is the main culprit, or is that just a bollocks response as well ?...

          1. InNY

            Re: Using Windows?

            Read last sentence...

    3. Delapsus

      Re: Using Windows?

      Unfortunatly none of the clinical software runs on Linux. Even the MRI scanners run windows

      1. Daggerchild Silver badge

        Re: Using Windows?

        Honestly, I'd skip Linux and port medical devices to Android. Everyone's computer is a phone these days anyway and they should be dedicated devices with decent realtime foo that you can lock down to the ground. If you're running antivirus on it, you've already lost.

        ChromeOS might also make a good cheap disposable desktops, seeing as the local practise PC's seem to be client-only anyway.

        *umbrella*

  21. crivensjings

    Oh, for goodness sake... It's only $300. Just pay it!

    1. Bill M

      Probably $300 per computer. I don't how many computers the NHS has but certainly a lot more the one.

      1. Shocker-z

        Well there's also the case that if any network files were encrypted then surely the last pc to encrypt them would have to be the first to decrypt the previously encrypted PCs.. Also NHS has 1.7 million staff.. so even a 1% infection is $5.1million.. Soon adds up. Obviously most PCs shouldn't have any data local so can just be wiped anyway, but then you're dealing with the huge IT task of wiping PC's and checking first, which ones do or don't have any local data that's needed...

        I know that I certainly wouldn't like to be IT support on a day like this for them...

        1. Anonymous Coward
          Stop

          And even if you can mass-pay the ransom, there is the little issue of making crime pay well enough that the criminals will be back again.

          1. Anonymous Coward
            Anonymous Coward

            So don't vote Tory then.

      2. katrinab Silver badge

        The NHS has the world's largest deployment of Microsoft Exchange server. I believe it is somewhere in the region of 850,000 users. NHS England has 1.2 million employees in total, if you include NHS Scotland and NHS Wales, it is 1.4 million. Northern Ireland has its own health service which isn't called the NHS.

        They are the world's fourth largest employer, and the three largest - Walmart, People's Liberation Army and Indian Railways, don't have as many people who would use email at work.

        So anyway, we are looking at a ransomware demand of at least £200m, which the NHS certainly doesn't have as spare cash.

        1. Anonymous Coward
          Anonymous Coward

          >if you include NHS Scotland and NHS Wales, it is 1.4 million

          The NHS census used for this counts employees multiple times

          >They are the world's fourth largest employer, and the three largest Walmart, People's Liberation Army and Indian Railways

          McDonalds employs 1.9 million, DoD 3.2 million - there are a dozen more larger than NHS employers even if you use the bogus census data.

          Please stop repeating this 'cut the overblown NHS' Daily Telegraph bull

          1. Anonymous Coward
            Anonymous Coward

            "McDonalds employs 1.9 million"

            Aren't most McDonalds franchises?

    2. Anonymous Coward
      Anonymous Coward

      $300 - but $300 for what?

      Per PC, and Per server? That could be a massive amount of money in the NHS and the logistics of trying to pay against a separate code for every PC and server would be daunting. Then there's the clean up to stop the same thing happening tomorrow.

      Not easy AT ALL!

    3. Dr Dan Holdsworth

      "Oh look, the sucker just paid! Stick him on the list of plonkers we can re-visit".

    4. Alumoi Silver badge

      "Oh, for goodness sake... It's only $300. Just pay it!"

      And we found the criminal!

  22. Prosthetic Conscience
    Unhappy

    My heart goes out to the IT grunts dealing with this on a Friday

    1. wyatt

      Yep, and me. I'm on call this weekend and we run some services over the N3 network.. here's to hoping our firewalls and patching are up to date.

      1. Danny 14

        Im on call too. But we have sophos interceptX. Im tempted to fire up a quarantined VM and try running the ransomware.

        1. Anonymous Coward
          Anonymous Coward

          Had a demo of InterceptX this week looks good, so every cloud and all that this'll help me get the buget out of our bean counter!

    2. Tom Paine

      Why oh why...

      ...is it always Friday?

      And when will they let us work Wednesday to Sunday so we can rely on having a couple of days a week off?

      Currently still sat at my desk when I was hoping to be away 30 mins ago (17:00), waiting to hear we're definitely OK...

  23. Nash

    something or nothing....

    I've never worked on the NHS systems but ive worked on a lot of systems and some were NOT setup to handle this type of attack.....i would hope that the NHS endpoint PC's which are being presented with this ransomeware message are acting as Terminals i.e Installed with windows but locked down to the point that data CANNOT be saved locally to the C:\ drive. That way if the PC is infact encrypted then the patient records that the PC has been accessing are on a Network location and that network location (server) is not affected? - the PC can be re-imaged although inconvenient, recoverable to OS Level. if the PC's hold local databases loaded with patient info then im afraid someone needs an @ss kicking.

    N.B would be nice to heard from someone who has worked on the NHS IT Systems at Engineer/1'st/2'nd/3'rd line level to get an idea of the setup.

    1. Anonymous Coward
      Anonymous Coward

      Re: something or nothing....

      Why would the data not be affected, if it's on a network share? It encrypts the data. It doesn't really care where the data is.

      1. Nash

        Re: something or nothing....

        ever tried deleting/moving/modifying a file on a network share that you only have "read" permissions to?

        1. Doctor Syntax Silver badge

          Re: something or nothing....

          "ever tried deleting/moving/modifying a file on a network share that you only have "read" permissions to?"

          Those file you only have read permission to - how did they get there? Could it be that someone has to have write permission?

          On a more practical, albeit longer term scale alternatives to simple shared folder need to be looked at. As one approach I'm currently setting up Nextcloud at home. I have several alternative ways to share files with a client. One is to use the webdav client to sync a specific desktop folder with the server. That means that even if I had a ransomware program running wild on the client PC it could only (a) affect files on the synced folder and (b) the contents of the folder on the server are versioned so that the last good version can be restored.

        2. Adam 52 Silver badge

          Re: something or nothing....

          As we discovered last time the NHS had a ransomware attack - which must have been all of a few months ago - everyone has full permission on everything at an SMB level.

          If this turns out to be spread via SMB or anything below layer then someone needs to explain how the network was configured so badly.

          1. Anonymous Coward
            Anonymous Coward

            Re: something or nothing....

            trouble is smbv1 is ON by default to turn it off you have to do this (win7) on EACH BOX

            sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi

            sc.exe config mrxsmb10 start= disabled

            Now who in a Doctors surgery is going to do that!? And with XP turning of SMBv1 is likely to break things!

  24. Anonymous Coward
    Anonymous Coward

    NHS staff

    PEBKAC.

    1. Anonymous Coward
      Anonymous Coward

      Re: NHS staff

      I've taken your name in case you need a kidney some day...

      1. Bill M

        Re: NHS staff

        I think all NHS staff are wonderful and all deserve a medal or at the very least some hearty thanks and congratulations.

        ps. any chance of earmarking a liver for me - may need a new one next year.

    2. h4rm0ny
      Paris Hilton

      Re: NHS staff

      Having worked in the NHS and seen how hard people at the bottom often work, I'm more inclined to say it's PEIDO. (Problem Exists In Director's Office).

    3. AlbertH

      Re: NHS staff

      No - PICNIC

      Problem In Chair Not In Computer

  25. bexley

    these exploits are worthless

    this is not a ¨cyber attack¨, this is somebody with admin privileges clicking on something they should not have done.

    Some local files being encrypted really should not be a problem these days for a decent IT department, they should have it all puppetised and be wiping and rebuilding those machines now, or this morning, whenever this started.

    If their databases have been encrypted then lets hope that they have tested their backup strategy and have already restored this last nights backups

    1. Alister

      Re: these exploits are worthless

      this is not a ¨cyber attack¨, this is somebody with admin privileges clicking on something they should not have done.

      Curious then that it has affected so many dispersed bits of the country. I think you'll find that the evidence so far is that this is collateral damage from an attack on Telefonica (who just happen to manage network links for some of the NHS).

      1. Naselus

        Re: these exploits are worthless

        "Curious then that it has affected so many dispersed bits of the country. "

        The term you're looking for is 'continent'. Or possible 'world'; Russia has millions of infections right now, with Taiwan and China both heavily hit too. Half of Europe is being hit. List on the BBC's breaking news site currently says UK, Spain, Italy, China, Russia, Vietnam, Kazakhstan and Taiwan. Avast alone has 36,000 infections going live right now.

        This is fucking massive.

      2. Danny 14

        Re: these exploits are worthless

        It could also be a zero day exploit or a known unpatched exploit. This would bypass local admin requirements but would still fail on network read only shares.

      3. Adam 52 Silver badge

        Re: these exploits are worthless

        "an attack on Telefonica (who just happen to manage network links for some of the NHS)."

        If it is, we need to be asking serious questions about why the end user PCs are so trusting of the wide area network.

  26. 0laf Silver badge
    Facepalm

    Awareness issues, tech will do so much but some spam will always get in. You can't sop the signal Mal! Someone somewhere clicked.

    I imagine hospitals are a bit like schools with lots of staff that feel very important and that security measures are not for them because they must not be impeded in doing their important stuff (even if that is playing on their new phone).

    Ok I'm generalising but I've yet to be proved wrong.

    1. chivo243 Silver badge

      @0laf

      well said, people that are too important to be bothered to act like it...

  27. Martin Summers

    Just been in to my doctors. He didn't know until I told him. Couldn't bring up any patient history and has had to resort to paper. Their phone system is down too.

  28. christopherkopec@yahoo.com

    Good luck to all IT staffers involved

    Good luck to all IT staffers involved in sorting this out!!

  29. Anonymous Coward
    Anonymous Coward

    Неверная цель, выключите ее

    Talk about poking a sleeping bear with a stick.

    Malware was happily making money by hitting thousands of individuals with a $300 demand.

    Malware wanders onto the systems of a beloved national institution.

    Government facing an imminent election so will demand action.

    New GCHQ unit (NCSC) looking to make a name for itself.

    Whether they find the source, this malware group have just engaged an adversary that they probably wanted to avoid.

    1. Danny 14

      Re: Неверная цель, выключите ее

      Indeed. This can make a name for someone if they can crack or decrypt.

    2. Boris the Cockroach Silver badge
      Black Helicopters

      Re: Неверная цель, выключите ее

      I'd suspect if they are found it will be a bunch of guys far more serious than a GCHQ code breaker knocking on the door.

      I'd expect 1/2 the worlds special forces black ops groups are currently organising a list of who goes in first to kill the little shitheads.....

      1. Phil Endecott

        Re: Неверная цель, выключите ее

        > I'd suspect if they are found it will be a bunch of guys far more

        > serious than a GCHQ code breaker knocking on the door.

        "If they are found" - no, the real danger is that the actaul perpetrators don't need to be found; they will be tempted to just drop a bomb on some random people in some unpopular country somewhere and claim they were responsible, with some dodgy dossier to prove it. But then, if they actually did bomb the right people, we'll still consider that the dossier was dodgy and not believe them. (Like the Sony hack.). They can't win.

  30. Daggerchild Silver badge
    Joke

    Phew!

    It's a good thing they keep good backups, so they won't have to hand any taxpayer money over to criminals!

    *cries*

    1. h4rm0ny

      Re: Phew!

      All tax payer money gets handed over to criminals.

      A small portion of it they give back to us.

  31. Voadenr@uk.ibm.com

    I gave up Windows for this very reason...

    I moved completely to iOS as I couldn't stand the Constant security patching. It was wasting huge amounts of my precious time.

    1. Danny 14

      Re: I gave up Windows for this very reason...

      Thats great. Unfortunately MRI, xray and most of the software the nhs use only runs on windows.

      1. Anonymous Coward
        Anonymous Coward

        Re: I gave up Windows for this very reason...

        And that, in and of itself, is a PERFECT EXCUSE to never bother to learn or ask if alternate versions of the control software are available, or plan to be made available. And also, never learn anything new yourself. Why bother, if you don't get paid for it, right? I only work in the Linux part of any shop anymore, and I got here because I knew my Linux from well before it became the best solution for modern big compute data centers in terms of price/performance. I don't need to consult the Top500 super computer clusters in the world. I already know what OS most of them run. It was just a hobby in the 1990s. I know Windows. I've setup Windows. I've installed some mildly complicated Windows-Only wares and made damn sure I told the vendor; "when are you going to have a proper Linux version of this tool (VMware vCenter vRealize vThingy)?" They were already working on one. No matter, I'm on a different site, but you get the idea. Hey, even most all of the factory testing systems at the assembly lines of Foxconn, where the iPhones are made, are Windows boxes. If virus exposure for these highly quarantined systems were to materialize, you would have a major vendor asking their major manufacturer to look into getting non-Windows test systems. That is the problem; it's easy to find coders and integrations for developing cheap solutions to controlling the building of physical products using Windows. It is a common OS, and it makes sense to just dev on that, rather than progress to anything more modern for a host of reasons; too expensive to dev, not enough customer requests, cheap hardware platform, and obviously too hard for the "we only know one OS" crew to dev on. So, if it was not Windows, it would be millions of old legacy systems running MacOS 7, or C/PM. It's not the systems, it's the lazy and stupid end users who treat the connected computers like toasters; only the crumb tray ever needs servicing.

        Like with IoT, you can secure these devices, when you have the knowledge and the motivation to do it. Otherwise, the vendor should be shipping completely locked down devices, but they won't because; stupid people. And cheap to the point of stupid people. The fine people of the NHS got tricked. They got tricked into thinking their computers were more useful and safer than writing on paper. Today, they learn the value of a good pen and a study pad of papyrus. Seriously, NHS, welcome to 1984...BC.

  32. Panicnow

    MAKE BITCOIN ILLEGAL

    And prosecute anyone that makes a single transfer.

    It is money laundering plain and simple.

    #Or do the politicians get their bungs in Bit coin?

  33. Retron

    Can't believe any network would allow users to run stuff from %temp%...

    It's just one of the things a network admin can do which helps lock the system down. From what I've seen (on a VM used for the purpose), malware from emails / web browsers invariably tries to run an EXE from the temp directory.

    1. Danny 14

      Just about every MSI ive seen runs from TEMP. That includes windows updates.

      1. DaLo

        I presume the running of exe from temp is for users only (non-PC admin). MSI and windows update require admin privileges.

        However, the initial file is a PDF/Word doc that can create a non-PE file that could still encrypt files, or scan for an executable-allowed directory. Or they use a vulnerability in existing software that then uses privilege escalation - like the recent windows SMB bug.

    2. Anonymous Coward
      Anonymous Coward

      Run from Temp

      Good old Cryptoprevent!

  34. John Crisp

    Windows are closed

    Great comment from a friend

    "All my Windows are closed. Should I draw the curtains?"

    Thankfully neither of us run the worlds desktop of choice

  35. Mark Fell-Crook

    Have they tried turning it off and on again and then this ;

    https://dowser.org/wanna-decryptor-virus-ransomware-remove/

  36. Amraj
    Facepalm

    I hope the IT guys behind this are able to achieve a decent recovery time from this.

    Had one of these a couple of years ago, took 6 months to fully recover from it.

    Going to wear my tin foil hat over the weekend!

  37. captainbrexit

    ive been trying all afternoon, but cannot get this damn ransomware to install on my Linux OS !

    1. Mr Dogshit

      Ha ha ha

      Ha ha ha

      Shut up

  38. Anonymous Coward
    Anonymous Coward

    GCHQ

    Given how much we pay these guys (in our privacy, as well as cash) I would hope that - if nothing else - they will be able to provide the decryption keys.

    And if they can't, lets sack them, and employ the geniuses who wrote this malware.

  39. Sam Haine
    FAIL

    Security vs convenience

    The security versus convenience compromise is usually wrong in the NHS because messages from doctors, nurses, pharmacists etc on the front line are ignored by those who make the implementation decisions.

    I worked in one large hospital where management decided to tighten up security and have a whitelist of accessible websites. Unfortunately they didn't include the British National Formulary, TOXBASE etc with predictably hairy results. When they eventually responded to this they overreacted and scrapped far too many security measures with predictably hairy results in the other direction.

    1. Robert Baker

      Re: Security vs convenience

      I worked in one large hospital where management decided to tighten up security and have a whitelist of accessible websites. Unfortunately they didn't include the British National Formulary, TOXBASE etc with predictably hairy results.

      I once read an account by an A&E doctor, who (not being able to diagnose a patient's problem with 95% or better certainty, as often happens especially in A&E) decided to run a query on the Best Bet site, this being a website especially for A&E workers faced with this kind of lemma. Unfortunately, the hospital's I(dio)T department had installed filters which blocked access to Best Bet on the (false) assumption that it was a gambling site.

      Fortunately he was able to work around this by ringing a friend in another A&E and having the friend access Best Bet on his behalf. I bet he had a few choice words to say to IT/management when called in to the disciplinary hearing about this episode.

  40. myhandler

    Maybe it's the wake up call the government needs - doesn't matter what colour govt.

    OTOH it gives them more ammunition to lock down access for everyone.

  41. Anonymous Coward
    Anonymous Coward

    PHEW

    I'm going to hell for this I know, but... I can't help feeling a tiny twinge of relief that

    (1) we're more or less completely patched, partly because I made a big fuss and jumped and down insisting these ones really HAD TO BE APPLIED, ASAP. So I should still have a Friday evening ahead of me and a weekend to boot

    (2) that it'll be a bit easier to make the case next time I want to insist they break the habits of a lifetime and apply the damn patches, already :)

    (3) I might even get a few brownie points for making myself unpopular and -- oh wait, it's infosec, I was forgetting...

  42. This post has been deleted by its author

    1. MisterHappy

      Re: Need a DNS Firewall

      " Access to the N3 network is severely limited " - Hahahahahahahaha

    2. Anonymous Coward
      Anonymous Coward

      Re: Need a DNS Firewall

      This.

      OpenDNS stops these types of phone homes every day. No phone home, no malware trigger. People get infected but the payload doesn't launch.

  43. CrustyDanBear

    Incompetence

    So will the IT bod who designed the security around this system be struck off the register of IT professionals or simply skulk off onto the next project. Oh, wait.

    1. Duffaboy
      Trollface

      Re: Incompetence

      Polishing his/her linkedin profile now

  44. Anonymous Coward
    Anonymous Coward

    Hey Theresa, Amber and your HO Mandarins

    Are you watching? Will you learn?

    1. SnowPatrol

      Yes, they're watching

      They're learning how dangerous encryption is. We need to ban it or the NHS is doomed! Anyone who says otherwise is an extortionist or a terrorist!

  45. Blotto Silver badge

    Outsourcing leading to fragmentation and this

    This is the unfortunate consequence of constant outsourcing and fragmenting of former internal systems.

    If it was all under 1 roof with clear responsibilities it might have still happened but also would have been sorted much quicker.

  46. Anonymous Coward
    Anonymous Coward

    Alternatives?

    When choosing software...

    1: You do not normally have to use Windows. There are more secure alternatives.

    2: If you do have to use Windows, do you really have to use FAT or NTFS for your data?

    1. Ben Tasker

      Re: Alternatives?

      > 1: You do not normally have to use Windows. There are more secure alternatives.

      If you've just spent millions on an MRI machine and the software for it is Windows only, you do.

      > 2: If you do have to use Windows, do you really have to use FAT or NTFS for your data?

      Most ransomware can encrypt data on any mount that your install can write to, so it doesn't matter too much whether you're using FAT/NTFS locally or NFS or Samba to go upstream. Having a journal'd filesystem upstream is only so much help when near every file you've got has been encrypted.

      Obviously it'd be nice if there were restrictions in place on who/what could edit or remove existing files, but we don't currently know that that's not the case here. It only takes someone with those permissions and you're back in this position.

      1. Anonymous Coward
        Anonymous Coward

        Re: Alternatives?

        Perhaps the MRI has to run Windows, but the army of office and nursing staff? Surely Libre Office and a browser would do the job? As regards data storage, I suspect, but don't know, that FAT and NTFS being part of the same environment as Windows would be more vulnerable, just as IE is a worse choice than say Opera.

        1. bitmap animal

          Re: Alternatives?

          Have you seen how many updates there are for Libre Office? That also sits on Java, if you want the grammar tools, and so that has it's own can of worms.

        2. Uncle Timbo

          Re: Alternatives?

          Google Apps or whatever it's called today would do most admin people in terms of functionality (which is excellent).

          However, then there's another problem... Be nice if Google sold that suite for self hosting.

        3. Mr Dogshit

          Re: Alternatives?

          What a load of crap. LibreOffice - a reverse engineered copy of Office 97, yeah, let's use that.

          GPs are not NHS employees. Surgeries need to have computers and you can't determine what they can or can't do with their computers.

          1. Anonymous Coward
            Anonymous Coward

            Re: Alternatives?

            NHS Boards can and do employ GPs, especially in difficult to recruit to geographical areas. Mine has adverts out for 4 at the moment.

      2. Steve Davies 3 Silver badge

        Re: Alternatives?

        If you have spent Loadamoney on a bit of kit then it is your duty to make it as secure as possible.

        You can't air-gap it but you can isolate it on its own physical subnet behind a carrier grade firewall. etc etc

        Don't for christ sakes put expensive bits of kit on the main ethernet backbone.

        If you do then you need to be put in the MRI scanner and left there to fry.

        Only a few years ago, my local NHS trus had a lot of their data on a VMS system. Some high paid MS consultants came through and the VMS System was gone.

        MS has a lot to answer for.

        When with a country say to MS, get outa here. You and your insecure POS are not wanted here.

        Will this event be the catalyst that makes this happen?

      3. tfewster
        Facepalm

        Re: Alternatives?

        "If you've just spent millions on an MRI machine and the software for it is [out of date]..."

        You say "We're not paying for that, as it's faulty." A few pushbacks like that, and I expect the vendor would start taking security seriously. It may cost them millions up front to do so, but they can recoup by dividing the cost between their customers, by increasing maintenance contracts by a few %.

        The first MRI supplier to do that will be rewarded with a monopoly on sales for a while, as insecure systems will be disqualified from tendering. Win-win.

    2. Doctor Syntax Silver badge

      Re: Alternatives?

      "1: You do not normally have to use Windows. There are more secure alternatives."

      As others have said there's a lot of specialist kit for which only Windows drivers and/or applciations exists (which version of Windows is another worry). So it's not as simple as that. However there should be proper network segmentation to protect these.

      OTOH plain vanilla desktop office/mail/web machines could well be shifted to other platforms. However this would buy time, not complete protection. A booby-trapped email will inevitably find a supply of boobies if it's widely spammed.

      What's needed is a better architecture that doesn't allow some random application to save or update whatever file it wants.

      1. Anonymous Coward
        Anonymous Coward

        Re: Alternatives?

        "As others have said there's a lot of specialist kit for which only Windows drivers and/or applciations exists "

        In my experience it's quite the opposite. The MRI, NMR, robot of some sort or whatever will often use a Unix-based OS to run the machine and interact with its storage and hardware and then there will be console or two which might well provide the output/control input and which might be a Windows PC.

  47. Anonymous Coward
    Facepalm

    I for one, welcome the return of the paper patient notes.

    Mainly because, when my surgery sent them off to be uploaded to the NHS database, I ended up as a 70 year old woman on heart pills and hormone replacement therapy.

    Either way, I have never been able to get a diagnostic error from 17 years ago rectified; but at least the paper notes correctly identify me as man of less than pensionable age.

    1. Danny 2

      Re: I for one, welcome the return of the paper patient notes.

      I've been trying for years to be in charge on my own NHS files, or at least to correct some of the errors within, to no effect. Politicians assume I am mad to suggest such a thing.

      The lack of logic in the NHS at every level is worrying. My medical records are so off they are funny and worrying. The time a cat attacked my hand, the senior nurse listed me as a possible heroin addict because I had fifty bloody puncture wounds in my hand - I really don't think that is the way junkies inject.

      I was tested for breast cancer one afternoon - I didn't have it but the test is so painful that if you are ever in that situation then I suggest you ask for a second opinion before even having the test. Better than not having the test and actually having it of course. Still, at the start I was asked to fill out a standard NHS form, on of the questions was "Are you still having your periods? [Y] / [N]"

      How do you answer that as an Aspergers male?

      1. N2

        Re: I for one, welcome the return of the paper patient notes.

        Which is what happens here in France, you get everything on paper. I'm not suggesting its better but I scan my notes to PDF to back them up so its simple & reliable.

  48. Jim Willsher

    Whilst the NHS is huge, with about a million computers, it doesn't help itself by having dinosaur policies. Buying extended support from Microsoft for XP is a prime example.

    There's every chance that this has spread by one of the zero-day exploits that were made public this week, this month or even this year, you can bet that their computers are very poorly patched.

    Hit a poorly maintained LAN with a wormable encryptor and game over; all local files and network shares are encrypted very quickly on high-bandwidth networks.

    Rolling back to "last night's backup" will be a challenge, and even a few hours' worth of lost work on a million PCs is a lot of work.

    It was bound to happen eventually.

    1. Duffaboy
      Trollface

      "Do you have last nights backup"

      Erm , whats a backup ?

  49. Danny 2

    Not the whole NHS - yet

    It's interesting that either by chance or design only certain trusts and practices have been affected so far.

    I've got nothing better to do so I'll check on Monday morning if my dentist needs any help. He is my longest relationship with any professional and he does love his new tech without understanding IT. I doubt it is appropriate to offer my local hospitals as their data is more sensitive, but if any of you work for established IT companies with the relevant expertise then perhaps suggest offering your help for free to your local NHS trusts. It's the right thing to do and you can sell it to your boss as great publicity.

  50. Duffaboy
    FAIL

    Dear NEWS Orgs this is not a cyber attack

    It's just some users who opened and email attachment

  51. Duffaboy
    Joke

    It's very simple

    Follow the money....(erm maybe not)

  52. Anonymous Coward
    Anonymous Coward

    www.shite

    Welcome to the World of Windows

  53. Duffaboy
    Trollface

    Fear not help is at hand

    Just a quick click to linkedin to find all those security specialists they are ten a penny.

  54. Kaltern

    Saying this wasn't an organised attack is a little naive, considering the number of continents involved, simultaneously, and differing companies.

    If it was just 'someone opening an attachment', that would hardly be enough to encrypt half the NHS and Telefonica etc... not unless a system admin did it on a PC with write access to the central NHS systems, for example - and that still wouldn't explain the other infections.

    1. Brewster's Angle Grinder Silver badge

      It appears to be billions of emails and thousands of people who've opened them with catastrophic results. So it's not an attack in the invasion-of-Iraq meaning of "attack". But it is an attack in the sense of a guy standing in a middle of street firing a machine gun randomly -- except the bullets on this gun can travel round the world.

      1. Chemist

        " But it is an attack in the sense of a guy standing in a middle of street firing a machine gun randomly"

        It seems more than just that - each bullet starts infecting as well . It seems to contain a worm using a SMB vuln.

        (https://isc.sans.edu/)

      2. BongoJoe

        It's not hard to hear the opening chords of Deep Purple's "Child In Time" in one's head after reading what you put.

  55. Steve Davies 3 Silver badge
    Mushroom

    Time to move off Windows

    only about 15 years too late.

    1. aqk
      Coffee/keyboard

      Re: Time to move off Windows

      Move off of Windows onto what? A typewriter? Or perhaps a quill pen?

      1. Adam 52 Silver badge

        Re: Time to move off Windows

        For medical records, yes, pretty much. A notepad, a biro, a thick envelope and one of those big filing cabinets are all you need.

        Computerisation adds nothing except the ability to sell records to Google.

        X-rays and other imaging a bit different, but they don't need a massive system and importantly don't need to be part of the same system as patient details, history and notes.

        1. Gavin Park Weir

          Re: Time to move off Windows

          If you think waiting times are bad now, removing most of the computers from the NHS would be a disaster. The time saved just from electronic scheduling must be in the ten of thousand man days a year if not 100s of.

          1. This post has been deleted by its author

  56. This post has been deleted by its author

  57. Anonymous Coward
    Anonymous Coward

    heads should roll

    GCHQ must have been busy monitoring EVERYONE EVERYWHERE plus a 56k link from ISIS land and probably missed some bozo with excessive privileges browsing the internet and clicking on stuff at a hospital.

    Cant wait for the brain dead government view about it #hashtags and all.

  58. Anonymous Coward
    Anonymous Coward

    From what I've heard this was using an exploit patched in the March release of Windows (ms17-010)

    Being generous you might say the places affected have a 2 month test cycle and they release them the 1st Monday after Patch Wednesday.

    Being cynical/realistic, I'd say they have a sporadic patching strategy and there will be some serious questions asked next week

    1. Ken Hagan Gold badge

      It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.

      1. adam 40

        It tells us more about Windoze 10...

        >> MS have therefore been publishing exploits against XP for several years now.

        If there had been so many exploits against XP which were lurking there for years, just think how many more are waiting to be found in Windoze 10...

      2. Anonymous Coward
        Anonymous Coward

        XP patches

        Thanks to a well-known registry hack I'm still receiving XP security updates ....

  59. Charlie Clark Silver badge
    Mushroom

    I for one have full confidence in the government's ability to protect me and my family because…

    … well I can't actually think of any but I'm open to suggestions.

    In the meantime let's watch Mother Theresa, who as Home Minister a year ago is surely largely responsible for a large shovel of this shit, and her incompetent colleagues try and bluster their way out of this one. And these people are supposed to be responsible for major international political, security and trade negotiations?

    So, your Majesty, how exactly does reducing the number of EU farm workers help protect the NHS from attack? Does Brexit contain a secret plan to protect the UK from nefarious computer hacking by following the lead of the Taleban and deindustrialising as fast as possible? After all, once the peasants have to worry about things like starvation or dying from Polio or the measles they're not really going to be protesting about freedom.

  60. Putonghua73

    I was discussing ransomware with the Head of IT Operations at the Trust where I work yesterday. He said that our Trust was in a good place but much more funding was needed to get security where it needed to be to really feel comfortable.

    The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support.

    He informed me that another Trust had carried out a phishing / malware test, where 1 in 4 of the staff clicked on the link. This is the uphill struggle that Trust IT Depts are fighting against.

    I heard from a colleague that our Trust was relatively unaffected as the IT Dept locked everything up tight as soon as they got wind of what was going on. Our ERP system went down as it is supported by another Trust that got completely taken offline. I did think of the IT Team as soon as news went round whilst I was offsite. I suspect they'll be pulling a weekender. I also suspect the Trust will suddenly cough up funding for enhanced security and support for user restrictions.

    1. Duffaboy
      FAIL

      It's all down to cutting costs on end user training

      I work for many organisations in IT support and most of the tickets we look at are down to user error. I have only ever work for one company where when a new o/s or device was rolled out there was mandatory training afterwards.

      Here my friends is where the problem lies, end users clicking on links attachments deleting stuff they shouldn't.

    2. Adam 52 Silver badge

      "The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media."

      Oh dear, an IT manager dinosaur. You guys are in trouble. Securing the perimeter is a hopelessly outdated model.

      If you make your systems unpleasant to use people will work around your restrictions.

      Accept that your network will be compromised and design everything with that scenario in mind.

    3. Danny 2

      "The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support."

      I understand the pressure from users but security should trump usability every time. No serious financial institution allows employees work access to the internet or personal emails or removable media. Your boss should treat other peoples most intimate data they way they treat our money. Provide terminals with no soundcards or USB or CDs to access the internet, unconnected to the local network, for people to browse their out of work nonsense.

  61. aqk

    What it's only $300?

    PAY IT!

    Hell, that's only one hospital flunky administrator's supper money!

    A few years ago, The U. of Alberta (I think) got hit for $Thousands in ransomware.

    If you're gonna be foolish, you better learn how to manage Bitcoins! You're gonna need to!

    1. OttoOtts

      Re: What it's only $300?

      That's actually about 350,000 GBP. It's Bitcoin not USD!

      1. Anonymous Coward
        Anonymous Coward

        Re: What it's only $300?

        I got the solution, just send the cheque in the mail, NHS! You can pay me in crumpets or scones, if you prefer, I don't think I'll notice the difference. NO HYBRID BREAD PRODUCTS though. Thank you.

        Here is the solution, which is mine, and I own it, and here it is. And it is mine, here it is, my solution. Which is mine:

        Have one person pay the ransom, then save all those files to a clean USB stick, and you have all the files back, there you go. Bob's your uncle. Okay?! Super.

  62. aqk
    Big Brother

    He sees it all the time....

    Following is from a disgruntled friend about to retire: And thenhe's gonna provide Bitcoin services/knowledge to people who have never heard of bitcoin, but suddenly need it for some strange reason.. ;-)

    ===============================

    Executives, and in this case Doctors (remember XXXXXs), are the reason IT backs down and drops their pants and leaves the door ajar for hackers. I see it all the time here at work. Screaming executives demand their f’n new toy or phone gets 100% access on our network NOW before their big meeting (or just before you get fired), or even board members cry to IT directors, who then order guys like me to “open er up”. We have no real power in IT.

    The Russians KGB types now type all documents on typewriters, and lock them up in real vaults. In security circles in the USSR, nothing is on a computer.

    So when Putin screams in your face, you open the vault, not the network firewall or switch ACLs. Then you’re poisoned or shot.

  63. Anonymous Coward
    Anonymous Coward

    It's only asking for $300. Some kid in his bedroom has downloaded a list of hacked emails and sent out his designer malware package. He's now sh1ting himself because what he's done is all over the news. I hope he enjoys the meagre returns knowing that people may have actually died because of cancelled operations.

  64. Anonymous Coward
    Anonymous Coward

    Ransomware problems have been rife in the NHS for ages. The thing that is different here is the scale.

  65. Anonymous Coward
    Anonymous Coward

    https://www.igt.hscic.gov.uk/

    Requirement No: 14-311

    Initiative: Information Security Assurance

    Organisation Type: Acute Trust

    Version: 14.0

    Requirement Description:

    Precautions are required to prevent and detect the introduction of malicious and unauthorised mobile code into an information asset’s computer components. Failure to defend against viruses and other malware could lead to significant damage to your organisation's business capabilities and serious impact on service user or patient care.

    2: The approved and documented controls and procedures to mitigate against malware risks have been implemented.

  66. LM34234

    I blame Tony Blair's Labour government who thought it was a good idea to madate that all public sector end user PCs were given internet access. Arbitrary code execution and an network connection to billions of potentially hostile computers/actors. It a disaster waiting to happen. But the main priorty was ensuring civil servant can buy of eBay and amazon while at work.

  67. Anonymous Coward
    Anonymous Coward

    how did it spread my monies on

    Be interesting how this has spread. Lots of talk, mainly be numpties, on the radio about the NHS System as if it’s some massive system that everybody in the NHS is connected to. Whereas you’ve got trusts and individual GP surgeries and even dental practises being hit, barring in mind those are pretty much totally separate sites divorced from systems in hospitals etc, there’s no way SMBv1 traffic is going to by magic make its way around various sites on its own . My money is on an email that members of staff at each site have opened independently, or a common NHS website that has been compromised and that has sent the malware out when individuals have accessed that site.

    Lots of XP boxes still in the NHS hence the vector of SMBv1 would make sense as that tends still to be used for backward compatibility and there will be lots of old bits of legacy rubbish floating around in the NHS. And as XP isn’t support it ain’t been patched!

    Going to be a right old buggers muddle of a job to sort out glad I don’t work in any form of NHS IT. Anyone from an NHS site that's been shafted got a comment? (probably up to their nuts in sh1t so we'll understand if you don't!)

  68. Rol

    back to basics?

    With limited functionality for users comes limited opportunity for hackers.

    Why did the NHS fall over itself to accommodate every whim and fancy, of what is predominately an IT illiterate gaggle of muppets.

    It was chaos, as midwives and managers GP's and gynaecologists, queued round the block to have their input on how the system should work, and look what we've got. An all singing all dancing system that has more potential points of attack than a Cruft's show in North Korea.

    "What!!? You're entering my diagnosis onto the same PC you've just been reading your emails on? Are you absolutely without compassion or did you win your license to practice at a gurning contest?"

  69. OttoOtts

    $300 in Bitcoin is a NOT $300 US$

    $300 in Bitcoin is about 411,000 Euros or about 350,00 GBP

    Amateurs!

    1. aqk
      Facepalm

      Re: $300 in Bitcoin is a NOT $300 US$

      Sorry, but 300 dollars is 300 dollars. Australian, Canadian or USA.

      I have currently half a bitcoin. I think it's now worth about $400. I haven't checked lately

      You probably mean 300 BITCOINS, = Ƀ300, not $300. There is no ASCII character for the bitcoin symbol yet. Nor likely will be!

      Ƀ is a proposed symbol (see http://www.bitcoinsymbol.org/ )

      But that's OK.. you're an amateur, right?

  70. Anonymous Coward
    Anonymous Coward

    The decrypted contents is coming through from the first Windows hard drive, disk sectors show...

    Linux.LInux.Linux.Linux.Linux.LInux.Linux.Linux.Linux.Linux.LInux.Linux

    Linux.Linux.LInux.Linux.LInux.Linux.Linux.Linux.Linux.Linux.Linux.LInux

    Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux

    Linux.LInux.Linux.Linux.Linux.LInux.Linux.Linux.Linux.Linux.LInux.Linux

    Linux.Linux.LInux.Linux.LInux.Linux.Linux.Linux.Linux.Linux.Linux.LInux

    Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux

    Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux

    Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux

    Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux

    Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux

    Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux

  71. Anonymous Coward
    Anonymous Coward

    Stop Press: NHS goes tits up and May goes tits out.

    That should give you a nice thought for the weekend.

  72. Anonymous Coward
    Anonymous Coward

    Patching

    I went to a meeting a couple of weeks ago and several Trusts said they were not regularly patching machines. Not wanting to be smug but at my Trust we patch machines two days after Microsoft release them. We also patch non MS products.

    The NHS needs to get tougher with suppliers and mandate that they will not deal with any suppliers whose software does not run on modern versions of browsers or have road maps to upgrade to SQL 2016 or Server versions.

    Feel sorry for all the Trusts IT staff affecting, but patching costs nothing.....

  73. bitmap animal

    Is it per workstation

    I've not seen if this is encrypted once per workstation. It looks like the infection and ransom is running on an individual machine, if there are communal files with say 10,000 machines sharing access then I'm not sure how this would work.

    Can the scumware recognise a file already 'locked' and so leaves that alone. If that is the case them theoretically each workstation could encrypt a different file with what I presume is a different key. It's no longer a case of pay your bitcoin and get your company back - assuming the file is recoverable as there was one strain recently which was a fraud and couldn't be recovered.

    1. patrickstar

      Re: Is it per workstation

      Typically what ransomware does is add an extension to the file (like ".encrypted"), and then has a whitelist of extensions to actually encrypt.

  74. mrchuckles

    And, of course, nobody saw it coming

    Fixing this is going to cost a pretty penny.

    Maybe it's a forced upgrade?

  75. Imran Chaudhry

    Time for the NHS (and all public service and government systems) to switch to a Linux desktop - I suggest Debian running MATE it's close enough to Windows XP to be figured out by everyone.

  76. johnsteeves

    Gotta move to Linux

    Geez! It's like Windows gets more dangerous by the day.

    Honestly, by now these hospitals should probably start thinking about moving to Linux. It's matured a lot in the past few years and become really easy to switch over from Windows. I've been using a Linux distro called Zorin for the past few months and the transition was completely painless, and it doesn't get these Windows viruses.

    1. acid andy
      Devil

      Re: Gotta move to Linux

      "I've been using a Linux distro called Zorin for the past few months and the transition was completely painless, and it doesn't get these Windows viruses."

      Don't tell them that. If they all start using Linux, the virus devs will move on to that.

      1. AlbertH

        Re: Gotta move to Linux

        Don't tell them that. If they all start using Linux, the virus devs will move on to that.

        That's pretty unlikely. The underlying permissions structure of Linux, BSD and Unix make most of the types of attacks impossible. A user could (theoretically) screw up their own files, but the damage would be very confined.

        The Linux problems at the moment are:

        It's perceived as "geeky" and difficult to use:

        My whole family have used Linux only for he last ten years, and most of them haven't a clue about anything other than basic use of a computer.

        There's too much choice and no definitive "version":

        One of the bigger distributions could be chosen - probably something like Debian / Mate - as the "definitive" version.

        There's no support:

        There is if you go with a bigger vendor....

        All the objections can be easily overcome.

        1. Anonymous Coward
          Linux

          Re: Gotta move to Linux

          You can say that moving to Linux is the obvious choice, and longer-term it is. But in the short term there is new software acquisition, testing, identification of systems/equipment that are dependent on Windows or XP in particular, user interface development, retraining users, perhaps some new hardware because legacy hardware doesn't run the new software, etc.

          (Tux--because he would never let us down!)

  77. BagOfSpanners

    Why did it take so long for someone to combine a worm with ransomware?

    I'm surprised this hasn't happened before. Most of the ransomware I've read about seems content just to encrypt the local disks in the PC of the person unwise enough to open a dodgy email attachment. Is this the first time a virulent worm has been combined with ransomware?

    When one of my colleagues' PC was obviously infected with ransomware, the off-shored out-sourced IT helpdesk insisted it remain connected to the network for several hours while they tried to remotely connect and diagnose the problem. Fortunately that ransomware didn't seem interested in spreading itself.

    1. noddybollock

      Re: Why did it take so long for someone to combine a worm with ransomware?

      My thoughts exactly - never aired them so as not to encourage it,

      but not in the least bit surprised.

      Sigh!!

      Just waiting for the 'guverment' kickback - encryption should be banned.

      Also interesting the UK new's TV progs don't mention the use of NSA developed tool's that helped make this spread.

      Surprised - NOT!

      sprll mistakes - I'm pissed! - twats shut the pub early again the alan b'tards

  78. Anonymous Coward
    Anonymous Coward

    MS Ransomeware attack

    >> The security hole has been patched for modern Windows versions, but not WindowsXP –

    >> and the NHS is a massive user of the legacy operating system.

    MS do produce security patches for XP (e.g. embedded) but choose only to make them available to e.g. NHS in rerturn for inreasingly exorbitant "support" charges; rather they try to "persuade" organisations like the NHS to cough up for newer versions of the OS (with new bugs) - and to spend huge amounts of money dealing with the consequent changes to other software components.

    The moral position is highly questionable.

  79. InNY

    There's a f**k load of ignorance on this thread

    Really, there is.

    Why Windows? Thirty years ago Linux was not available... and what did every organization use in the rush to computerize in the mid to late 90's? Oh, that's right it was MS Windows!

    Computerized records, why not use pen and paper? Are you willing to pay for the storage? Are you willing to pay for your records to be mailed/faxed each time you visit another department, let alone another county/country? Or do you like the convenience of phoning in for your prescription (no need to visit the doctor, no need to explain to the receptionist why you need that tablet, no need to fetch your prescription and then take it and wait at the pharmacy) and then fetching it with no other interaction from you?

    Do you like your life saving care to come from people who have access to your medical records and can see you are allergic to anti-histamines or whatever - because it says so on the screen?

    Do you want you medical care provider to provide you with care for the best possible cost and not to be spending your hard-earned tax money on paper, creating forms that don't get completed or filed properly (mainly because the doctor/nurse/filing clerk is so totally over-worked it's mind boggling how and why they actually keep going), just so that you can drop dead because the bit of paper listing your allergy to common-sense was at the back of file, folded up and not at the front open for all to see (as and when they find your records in the huge warehouse; then someone carefully takes each page out and places it in the fax machine; then once they have faxed your records to correct place - "oh dear very famous person, I really didn't mean for your records to go to the local gossip blogger - the numbers are so similar. Never mind dear, I'll try again")

    I know which I prefer. The question you have to ask yourself, do I prefer cost-effective health care or the shambles and inefficiencies of the 1970's?

    Do I want my health care to work?

    Do I want my health care to ensure I live?

    If the answer is yes, then stop banging on about Linux is better than Windows, because they are both the sodding same. Really they are.

    Windows is an OS; Linux is the kernel of a system that makes up an OS. Both do what they do very efficiently and effectively. Do you really think the pure evil hackers of the world would stick to Windows if Linux or Mac or Uncle Bob's OS was more popular?

  80. Rob D.
    Coat

    Mrs Wilkinson, welcome to your new job

    > April 2017, NHS Digital Chair Noel Gordon said: "I am delighted that Sarah is joining NHS Digital at such a pivotal time for health and care as we work hard to empower the system through digital transformation."

    I bet she wasn't expecting this kind of digital transformation.

  81. A_Melbourne

    Well done Microsoft. Cooperating with US intelligence services comes at a price. The Russians, Chinese and so on are moving away from American operating systems and software.

    When is the last time you saw a new Detroit-made car in Europe?

    That is what happens to people who make shoddy products - let alone products designed with integrated faults.

    1. GrumpyOldBloke

      But where is GCHQ? An attack on the realm and the spooks are nowhere to be seen. Where is the government rushing in with a key generation service? How bad does it have to get before this turkey sold as keeping us safe actually starts to fly.

      It is easy to blame the Yanks but the glorious British empire is culpable as well. Now if only we had that magic encryption that is secure but with backdoors.

      1. Anonymous Coward
        Anonymous Coward

        GCHQ will be churning out forest after forest of impenetrable procedures for hapless civil servants to follow regarding the storage of crypto material or somesuch...

        They're short on practical advice or action and usually several years behind the curve e.g. witness numerous Govt Depts that until fairly recently were still lumbered with obsolete Blackberries disabled to virtual uselessness whilst everyone had a personal iPhone/Android devices.

    2. MJI Silver badge

      Cars

      Why would we want to?

      Without leaving the contintent we can have plenty of brilliant cars.

      Why buy a US generic big saloon when you can drive a BMW, Mercedes or Jaguar?

      Why buy a US 4x4 when the best are made in Solihull?

      Sports cars, hello Italy

      Then there are the grand tourers, hatches, estate cars, so many decent ones available.

      No need to go to Yankland

  82. Anonymous Coward
    Anonymous Coward

    May says "no indication" patient records compromised

    Nice 'plausible deniability' excuse... From a kingpin politician who might as well live in the 1800's as regards getting to grips with the current clusterfuck that is net-security / patient-records-privacy (DeepMind etc)...

  83. Anonymous Coward
    Anonymous Coward

    "NHS-CIO: Remove all external access to the HSE's Network to protect the integrity of clinical IT"

    * For how long? Just "over the weekend"... WTF??? Isn't anyone getting the message that the net is toxic... We need to start over with new net security models. What we have isn't working. Its turning semi-apocalyptic...

    * Governments in particular need to stop connecting internal systems to the net in the hope of saving pennies but actually becoming net facing 'marks'... Everyone else needs to seriously consider unplugging too, especially organizations / scada industry etc etc...

    * The Data Wars are already lost to scammers, cybercrims, hackers... But nothing will change while aging politicians pretend to run the show... And since no one even bothered to buy the Shadow Brokers/NSA tools to keep them off the market, expect nothing but more chaos!

    1. Bilious

      Remove all external access?

      Some actually do need to access web mail during working hours, and some do need to extract or enter files on removable media. Research and teaching does not always take place on the same network as the patient records, but both are legitimate and necessary - so data needs to be moved between networks. Material has to be made somewhere, whether at work, during travel or at home. Restrictions tend to making research and teaching overly cumbersome, so there needs to be a compromise between usability and security. This is complex and requires people from different professions working together. My experience is that both IT decision makers and institution leaders ignore it.

      1. Danny 2

        Re: Remove all external access?

        Some actually do need to access web mail during working hours, and some do need to extract or enter files on removable media
        Fair enough, then your employer should provide you with an insulated console for you to browse porn. Or, and this is just a suggestion, why not get internet access in your own home and update your kitty porn videos on your own time.

        This is NHS medical testing systems that have been compromised, I totally expect deaths to come from this hack. There is no debate on the rights of the NHS worker to browse the internet at work.

    2. Anonymous Coward
      Anonymous Coward

      "Remove all external access?"

      What's so wrong with a lock-down of medical / hospital machines regardless of M$ Swiss cheese holes. In the age of cloud why can't a medical pc or app poll / send changes from / to the Cloud on port 80? Everything else remains dead and off-limits! Plus why can't this lock-down be proprietary too, so it isn't on some NSA zero-day hit-list that hackers acquire? Its a reasonable question to ask...

      1. Wayland

        Re: "Remove all external access?"

        I believe this was a co-ordinated attack from the inside, an inside job. Look at who was not attacked as well as who was. I don't believe this worm tunneled in through the firewall, it was already on the LAN. If the LAN was segmented then the worm would need seeding on each segment. It would need seeding at each hospital.

        If this worm came from the Internet then members of the public would have been hit. Although I have seen this sort of worm before, we're not seeing this one on home computers and small businesses.

  84. Jason Hindle Silver badge

    Oh dear. XP

    So I Googled "Does the NHS still use Windows XP," and quickly found an El Reg atticle from last December. Sounds like the people who think we have too many experts have been ignoring expert advice, again.

    1. Duffaboy
      FAIL

      Re: Oh dear. XP

      There are still big corporate companies running XP it's not just NHS.

      1. Jason Hindle Silver badge

        Re: Oh dear. XP

        Indeed. Along with IE6 and ActiveX controls. As I've commented elsewhere, there are still cowboys getting away providing browser dependent applications....

      2. the Jim bloke

        Re: Oh dear. XP

        Also many Oz government offices, local councils whatever..

        Not the sexy, high prestige, celebrity government offices, but the nuts and bolts departments that actually have work to do, and a budget that has to be split between maintaining their garbage truck, providing PPE and shovels to lean on for their workers, and stationery and office equipment - which is probably what they use instead of an IT budget.

    2. Wzrd1 Silver badge

      Re: Oh dear. XP

      Oddly, Microsoft sent out a patch for XP.

      Good idea, as this rubish code belongs in a rubbish tip, not a fucking operating system. And to be honest, this shit code likely has existed since the US DoD bought the NT4 source code.

      Blaming the NSA for doing what defense organizations do is idiotic, as they didn't write the shit code, Microsoft did and gave all six major vulnerabilities a free pass, for decades!

      Do research how long the SMB1 stack has existed.

      Hint: SMB1 is nearly as old as our children, who are in their mid-30's. It's nearly 30 years old.

      We have one thing that's over 30, other than our children, our wedding bands. Everything else was either lost, destroyed in a move or damaged beyond repair in moving or normal life.

      Or do we also need to get netbui fixed as well?

      Yeah, I'm *that* old and a bit older.

      Hint, the Queen of England sat 9 years on her throne before I was born, but my earliest memory, beyond a diaper pin jab, when I wriggled and understood what mom was warning me of, was JFK being shot to death.

      This is a case of one complaining of a Model T Ford not running worth a damn on modern gasoline and worse, the valves hammering themselves to death.

      1. Asylum_visitor

        Re: Oh dear. XP

        Funnily enough the last time I used NetBEUI, I was working for the NHS!

        Have an Upvote :)

  85. Anonymous Coward
    Anonymous Coward

    Govt depts and system patching

    During my decade of experience in a Govt dept they were terrible at patching. I've heard that things have improved but during my time there it was normal for systems to be never patched at all or every few years if that. It wasn't lack of finances (they spunked money on all sorts of unnecessary sh1t) just senior management incompetence. I was hoping that the NHS would be better.

    I'm still public sector now but in my current employment it's "patch or die", thank goodness. This generates work but a lot less than not patching for years or until the latest Heartbleed/Shellshock or whathaveyou comes out.

    1. Wzrd1 Silver badge

      Re: Govt depts and system patching

      Not only government. I work for a major corporation, derived from a Fortune 200 corporation.

      This weekend, Saturday being my "Monday", I found major patching for this frigging vulnerability going on.

      Back when I was IASO for a major US military installation, patches of the OS were delayed, at most, by 30 days.

      Net result, due to equally anal retentive antivirus states, the 2008 cyberattack on the US DoD, which was centered on our area, failed.

      Following best business practices also helped. A lot.

      A tad of commonsense also helped.

  86. Anonymous Coward
    Anonymous Coward

    Missing the Obvious

    Has no-one thought that we could just reboot the patients!?

    1. Wzrd1 Silver badge

      Re: Missing the Obvious

      I invite you to lead by example, so that others will follow.

      Let us all know how that works out for you.

  87. Dwarf

    Budgets

    I guess that if the NHS was better funded then they would have the budget to spend on keeping the IT that keeps their business working up-to-date.

    Its a bit rich that Amber Rudd is quoted on the BBC as saying that "the NHS must learn from Friday's cyber-attack and upgrade its IT systems". Surely the fault lays at the door of the of government funding (or the lack of it). Critical public services must be correctly funded - irrespective of which government that happens to be on any given day as they are all as bad as each other in this regard.

    I also believe that key supplier such as Microsoft should be forced to support applications for a longer period of time that reflects the complexity of making significant changes in large enterprises. This is a cost of doing business with such customers.

    1. SloppyJesse

      Re: Budgets

      "Its a bit rich that Amber Rudd is quoted on the BBC as saying that "the NHS must learn from Friday's cyber-attack and upgrade its IT systems". Surely the fault lays at the door of the of government funding (or the lack of it). "

      Not just funding, but also policy when it comes to IT. They DID spend lots of money (12 billion plus?) but it was on white elephant national programme for IT rather than upgrading/securing out dated systems within hospitals.

    2. Wzrd1 Silver badge

      Re: Budgets

      First, there's that entire WSUS thingie that's free.

      Creating a test group, trivial.

      Been there, done that, created the damned program.

      Add in SCCM and assorted other package management software, well, seriously. This is a management complacency issue.

      Now, long fangs are hooked upon many, many, many management asses, not only UK, but throughout the EU.

  88. Anonymous Coward
    Anonymous Coward

    The first rule of business?

    Protect the business ! I think that is attributable to the mafia.

    Good luck to those tasked with having to fix this, you have my sympathies.

  89. Anonymous Coward
    Anonymous Coward

    Ransomware..

    (Let's say what should be said regards Microsoft..)

    Not sure what's worse regards the NHS,

    Annual Microsoft Patch 'Ransomware' v Regular ransomware.

    So much of the money spent on MS licencing could be used to build a proper secure Linux distro/solution for the NHS.

    1. Wzrd1 Silver badge

      Re: Ransomware..

      We have precisely one Windows system in the house.

      The POS from work. An HP EliteBook, with it's cracked NIC port, which isn't considered part of warranty and *why* HP won't be next year's vendor.

      As for Microsoft, the only MS system in the house is the one from work. Although, I do keep one bootable under an obsolete version of Windows to patch assorted other systems that I'd rather throw into the trashcan.

  90. conscience

    Let's hope that if/when the NHS does upgrade their IT systems then it's not with any MS operating system, primarily because there's nothing in Win10 to stop all this from happening again when some future forced update breaks key functionality and/or associated medical equipment needed to run hospitals. Not that the data slurping would allow many/most organisations and businesses to adopt Win10 in any case.

    Neither should the NHS or other government departments/vital services consider purchasing any future vital equipment (e.g. NHS scanners) that relies on MS software in order to prevent a repeat of this dangerous situation.

    Perhaps in future the NHS could set up a new hardware/software platform that is not subject to commercial pressures of forced obsolescence for profit. Their own Linux distro perhaps? Adding any new custom code they require needn't be expensive when shared out between all the NHS and potentially all UK government departments. All built atop some chip/architecture with multiple vendors to avoid any future problems that may arise. All vendors wanting to participate must agree to support whatever they contribute for a very long period of time e.g. several decades minimum. I don't think we can afford not to take control of our important IT, the likes of MS have proved they are not up to the task.

    1. Dwarf

      They don't need their own Linux distro, there are plenty that will already do what they need.

      1. Wayland

        They do need their own Linux distro if only to put in the mechanism for supporting it should the original distro die. The NHS distro could be Debian with some NHS specific tuning. It might even contain WindowsXP virtual machines just to smooth over the transition for things that need rewriting for Linux.

      2. Wayland

        PS most big organisations brew their own Windows distro.

  91. MarkSitkowski

    Seems that Bitcoin only exists to enrich criminals and fund terrorists. Isn't it time to make it illegal to trade bitcoin for real money? Or, better still, shut down any organisation trading in it?

    1. Mister Fluffy

      Not when there is money to be made from 'trading' in Bitcoin.

  92. Archie1954

    Do you remember just who it was that started this whole cyber warfare? Think back several years to the joint US/Israeli stux worm attack against Iran. Yes the same nation whose NSA worm was negligently allowed to proliferate into the Worldwide Net started the whole cyberwar evil. The British healthcare system and all others harmed by these cyber attacks should sue the NSA for gross negligence or willful misfeasance.

  93. Wzrd1 Silver badge

    Irritating

    For one, the NSA didn't write the garbage code that was SMB1. Microsoft did.

    Said code repeatedly passed the excuse for code validation that Microsoft has.

    That the NSA found six vulnerabilities and likely utilized them, well, they're military defense. Do you honestly expect any military organization to give away an advantage?

    This is odd for me, as I have rarely defended the NSA!

    I'll close with, *anyone* who permitted SMB1 protocol to exist on their network needs to be given the sack. Inefficient, network hogging worse that YouTube cat videos and pure rubbish coding has long turned that code to be a top list of first to disable on a baseline configuration. Right next to autorun, which even Microsoft figured out to disable by default. The only damned thing it's not vulnerable to is ping of death!

  94. Mister Fluffy

    2001

    On a side-note, I was told, during an interview without coffee in 2001, that computers were the only way forward in General Practice.

    Personally, I can maintain eye contact with a patient, and make far more detailed hand-written notes than is possible when sitting with a screen in front of me; I wear my watch on my right wrist in order to be able to note the time whilst writing, rather than on my left which demonstrates the time-keeping.

    My concerns regarding the not infrequent network failures were pushed aside, back-up was something that might be occurring, and password sharing was common amongst staff.

    Consultations recorded on computers, generally (and I've reviewed tens of thousands), cut corners, lack detail, and offer little protection to medico-legal challenge.

    The grey suited spectre from the Department of Health was singularly unimpressed when I enquired about long-term work force planning given the numbers of ageing general practitioners, and the increasing number of part-time and female partners.

    I left general practice shortly afterwards and undertook another, expensive, four year training programme.

    Work was far more satisfying, but I still had 'managers' who were far less qualified than I was who insisted on telling me how to run my service to the point of bullying, harassment and false reporting.

    The conflict within the NHS is a workforce that, typically, knows what they are doing (in a grossly underfunded service), and a management that is self-promoting, and does not listen to the concerns of their own staff.

    Add in the duplicity of the government, and the conspicuous absence of the Secretary of State for Health, and you have a system teetering on the verge of collapse.

    I might suggest private health insurance but you're going to get fleeced by the companies concerned.

  95. Anonymous South African Coward Bronze badge

    Windows = virus/worm/trojan petri dish

  96. Anonymous Coward
    Anonymous Coward

    Four systems (two server2003 and two legacy XP systems) patched.

    *touch wood*

  97. Jobacon

    Don't use WINDOZE!

    The answer is: don't use Windows for vital services such as hospitals! Most IT departments hire people who know nothing else. The main problem is that the government always hires the wrong IT companies for its large projects, companies run by megarich businessmen who know nothing about IT rather than smaller companies run by mavens. That is why the NHS computer services have more holes in them than a Gruyère cheese. Remember the millions wasted by the NHS trying to computerise its entire system, only to discover that they were incapable of doing it? The NHS needs its own proprietary operating system that cannot be penetrated by cyberterrorists.

  98. ancient-strider

    TELL ME AGAIN - HOW DO I BACK UP?

    NHS data losses can be expected. They are not willing to pay a decent rate for a decent Tech-team.

    The skilled guys are tech consultants but not for the NHS. And how do two guys keep up with a whole hospital's needs with computing, electronic records, bar-code-only to locate patients hard copy records on miles of shelves....... etc.

    As an ex-admin in the NHS, my wife has first hand experience of the constant fails and crashes, and panics if an operation was about to be cancelled because notes could not be located.

    This crisis is nothing new - just different!

  99. Potemkine Silver badge
    Trollface

    Bloody European Union!

    It's all because of the EU!

    With the £350 millions the EU steals to the NHS each week, the latter could have afford to change its antiquated Windows XP! Luckily in less than 2 years NHS will buy up-to-date configurations, right? ^^

  100. Anonymous Coward
    Anonymous Coward

    This is what you get

    When you still think Windoze is the best.

    It's my personal opinion that if you aren't looking at Linux to replace systems, you're a fucking moron that should be taken outback and shot in the back of the head.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like