Has some one been sending emails again?
UK hospital meltdown after ransomware worm uses NSA vuln to raid IT
UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …
COMMENTS
-
-
Friday 12th May 2017 18:05 GMT Anonymous Coward
I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you..
This is Avery good reminder why windows is such a security cesspit, and unless you need to run Windows stuff, you are far more secure running a Chromebook with its signed read-only runtime.... It's pretty much unhackable
-
Monday 15th May 2017 11:38 GMT Robert Baker
"I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you."
That isn't a Windows vulnerability per se, it's an incompetently-written-email-client vulnerability. This is one reason why Pegasus Mail deliberately doesn't execute any code in an email, unless of course explicitly asked by the user to do so.
-
-
Friday 12th May 2017 18:30 GMT Anonymous Coward
It appears the source IP address is...
It appears the source IP address is ...
Conservative Central Office.
Conservative Central Office are still trying to find the culprit, but they suspect:
Theresa May / Amber Rudd.
(Well if you can't win support for full access to encrypted communications, what better than to stage a ransomware attack on the NHS, to further your cause)
-
-
-
Saturday 13th May 2017 02:44 GMT Anonymous Coward
Re: It appears the source IP address is...
Who said it was meant as a joke? It was meant to put across a serious point. Due Diligence. Encryption is getting scapegoated here, when this really boils down to lack of resources, poor management - updating/securing systems, poor choices regards Software.
There is a narrative here being fed to the press, who are lapping it up, printing it all as gospel (especially the Guardian's coverage), typically aimed at the technically illiterate, to cause change (I believe regards encryption laws),
What better way to achieve your goals/press that point, than hype up a very emotive "encryption target", where the general public will have difficulty understanding the full picture of the encryption attack, instead, they will be swayed by the emotional aspect of its effects.
It all plays very well for new laws regarding the use of encryption, which lessen, rather than stengthen their own security, without them realising. This is exactly the sort of techniques that will be used to force "change" (regarding encryption law) through.
Yes, the effects are real, but like anything, systems will be back to normal in a week, the real effects on encryption laws/personal privacy (long term) could be the real attack vector in this.
-
Monday 15th May 2017 07:48 GMT hoola
Re: It appears the source IP address is...
Lack of resource and funding is correct to a certain extend. One of the real issues is the equipment that has to use Windows XP because the supplier either no longer exists or it is too expensive to replace. Million pound scanners that are perfectly serviceable simply cannot be replaced because the OS of a control PC is unsupported. With many of these very high tech, high cost and low volume systems, there really is very little option.
The armchair experts that only look after a few hundred PCs and a handful of servers simply do not understand the problems.
-
-
Saturday 13th May 2017 21:34 GMT Anonymous Coward
Re: It appears the source IP address is...
Well sir, I for one are sniggering as I stopped using that virus vector-ware called MS Windows in 2008. The brill thing about Linux is YOU have control, and can cut out as many application packages as you wish, making your installed system smaller, simpler and therefore much easier to manage.
You choose. I'm sniggering.
-
-
Friday 12th May 2017 23:43 GMT bombastic bob
Re: It appears the source IP address is...
scanning port 445, which SHOULD be blocked at the firewall. but apparently is NOT.
According to THIS web site, the worm in question scans for vulnerabilities on port 445. This is an old problem which most net-savvy people BLOCK for incoming packets of any type. Yes, you do NOT want "teh intarwebs" accessing your SMB ports. EVAR.
So it looks like blocking those SMB ports (445, 139) from "teh intarwebs", and (potentially) blocking SMBv1 access on your network PERIOD, are 2 ways of mitigating this problem.
some technical info here:
https://www.hackbusters.com/news/stories/1532486-player-3-has-entered-the-game-say-hello-to-wannacry
-
Friday 12th May 2017 23:47 GMT Rob D.
Re: It appears the source IP address is...
Hmmm but no. This all undermines Rudd's position - the NSA had their zero-day back door and, ooops, the crims eventually got hold of it. OK so it's years after it was created and the vendor has officially patched it (at least for the supported OSes) but that doesn't appear to be stopping it now being used to wreak havoc on a reasonably global scale (caveats re early speculation apply).
Please can we have more of that kind of hole deliberately built in to the fabric of our communications infrastructure because the security services and government will be very careful to never, ever, ever let it out in to the wild. Ever.
-
-
-
-
Friday 12th May 2017 15:34 GMT 0laf
Probably a misunderstanding by the attackers. Ransomware is probably quite effective against US hospitals and they may have made an assumption that all hospitals will pay to resume service.
Or it's just collateral damage from a massive email spam list which includes hospitals. That'll be why they are hitting all parts of government as well.
-
-
-
-
-
Monday 15th May 2017 11:58 GMT Robert Baker
Re: Eh?
"Perhaps the thumbdown didn't agree that later systems are vulnerable?"
Affected system != vulnerable system. The Spanish report covers those systems which were infected (and as I have said before, downvoting a fact doesn't make it false); it doesn't distinguish between those with unpatched vulnerabilities, and those with dumb users who click on dodgy links such as those "YOUR COMPUTER IS AT RISK!!!!!" ads we have all seen.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Friday 12th May 2017 21:23 GMT Anonymous Coward
Re: Ransomware
Yes, hand everything back to Labour and see what happens when they waste money on the normal crap and then realise there's no more gold to sell off. Oh wait a minute, they could always copy Gordon Brown with his "once-in-a-lifetime, never to be repeated" annual raid on private pensions. Or maybe use Corporation Tax to pay for everything. Or maybe they really will pay their new Thought Police £30 a week like Dianne Abbot said, and use the remaining law enforcement budget to fund their pipe dreams.
If Blair and Brown hadn't quite emptied the covers before they got voted out, they came very close. We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing.
-
This post has been deleted by its author
-
Friday 12th May 2017 22:33 GMT Anonymous Coward
Re: Ransomware
"We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing."
Tory lie #1 for the last 10 years : that Labour caused the 'great recession', spend all the money, bankrupted the country etc, and therefore are not 'strong and stable'. Only an utter fool would think that Tone and Gordy caused the financial crisis of 2008. They sure did some fucked up repugnant shit : an unnecessary war being just one. Many, many things caused the 2008 financial problems. To assume that this small island and it's leaders at the time had *anything* to do with it is folly.
-
Saturday 13th May 2017 21:53 GMT Anonymous Coward
Re: Ransomware
O, the political corner. Yipee!
Well, they could build lots more houses to both force down house prices and rents. They could even get local councils to build lots of council houses to help out. This could be easily funded using the same magic money tree they use to fund university education.
More houses mean cheaper houses, mean cheaper rents, mean more money to use in the real economy, means more economic activity, means more jobs, means more people are better off, means a better life for everyone.
Of course it won't happen because those who are doing quite nicely now, thank you very much, while sitting on their arses doing nothing other than raking in the rents, will do everything they can to stop it.
-
-
Saturday 13th May 2017 07:26 GMT Anonymous Coward
Re: Ransomware @ wolfetone
"Look, I know after 7 years under a Tory lead bollocks job of a government it feels like we're in the medieval times. But we're not. Have faith, pip pip and make June the end of May."
Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc.
I'm on the right wing, and I despise May as a meddling, incompetent lightweight without any strategic vision. I certainly won't be voting for her. But equally, I won't be voting for the the mad, sociliast-fundamentalist, academic, blundering Corbyn.
-
Monday 15th May 2017 10:55 GMT wolfetone
Re: Ransomware @ wolfetone
"Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc."
In short: a much better life than what I've got under the Tories.
Your arguments regarding Corbyn are completely wrong and misplaced. The idea of privatising the rails, energy etc was so that the infrastructures and rolling stock could be upgraded and improved. Instead the only thing to improve on the rails is the increase in ticket prices and over crowding. Likewise with energy, increases of energy bills yet no movement or improvement on the whole.
All the money paid to privatised companies wouldn't leave the UK then, it'd stay in the country. The Rail/Energy would become not-for-profit, meaning any profits were put back in to the industries. What's the problem in that?
Furthermore, with your inaccuracies in your question lead me to believe you've never read anything other than The Daily Fail et al about him and his policies. Bet you still think he ran a photographer over, don't you?
-
-
-
Friday 12th May 2017 21:19 GMT JLV
>You might not now but in medieval times it was the best way of becoming rich.
Four score dozen ecus, or your sorry ass will be encrypted in my oubliettes.
I oscillate myself between wanting to see:
a) the lowlives targeting hospitals getting frisky with an iron maiden.
b) strapping whoever is ultimately responsible* for XP still being used (or at least networked) naked on a horse, daubed with honey and released near a huge swarm of deer flies.
* yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks.
-
Saturday 13th May 2017 10:39 GMT Doctor Syntax
Re: >You might not now but in medieval times it was the best way of becoming rich.
"yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks."
You may have to look a little further back than that. Maybe at some business that was writing current applications but has now been bought and re-bought by some bigger business and somewhere along the chain the application development has been discontinued, maybe the source lost and runs on nothing newer than XP.
There's no silver bullet.
-
-
-
Friday 12th May 2017 15:38 GMT Anonymous Coward
Re: Ransomware
Surely a threat detection system can notice that a lot of files are being encrypted and pop up a warning to block that process and let you know.
So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?
I remember someone wrote a piece of software that put a honeypot file in every directory and checked them for changes. If they changes then the user account would be blocked immediately.
Hopefully a major incident like this will spur some action from someone.
-
Friday 12th May 2017 16:15 GMT Pen-y-gors
Re: Ransomware
@AC
"So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?"
Because when Windows XP was being developed in 2001 no-one thought it was important (and I believe a lot of the NHS still uses that). Of course that doesn't excuse weaknesses in Win 10.
-
Friday 12th May 2017 16:39 GMT Timmay
Backup
No need for messing about with clever detection routines that use up valuable system resources and still won't catch it early enough to protect everything - just backup your shit, ffs. There's so many lightweight endpoint backup solutions out there, there's no excuse - just roll back to a date/time just before the attack and carry on with your day.
-
Friday 12th May 2017 16:49 GMT Anonymous Coward
Re: Backup
A backup is a start and will help you recover a few user docs that have aged a little, but if you believe that will save you from any issues you are clueless.
Roll back your DB to your last backup 24hours ago, or 5 hours ago or even 5 minutes ago and for some people you may as well not have a backup at all unless there is also systems in place to recover the data from then until a few seconds ago.
If you think the issues being experienced today by the NHS could be solved just by putting last night's backup tape in and everything will be back to normal, why not go and knock on their door they would love to hear from you - similar to all the other organisations which may or may not be having a similar nightmare day today. You'll earn a fortune as a consultant.
In fact why not hire yourself out as a consultant and guarantee that any company who hires you will never get into any serious trouble as you'll install a backup system for them. You better have a pretty good insurance policy backing you up on your claims though.
-
-
Friday 12th May 2017 19:38 GMT Anonymous Coward
Re: Backup
"that is in any way accessible by a clueless user who can manage to get it infected with a virus, then my friend, you deserve all you get"
Of course, it's all so easy. There is no way anything could run a privilege escalation attack on system process and then propagate through the network to trusted resources. Or open a hole in a previously secure protocol or hijack a privileged app updater routine, or etc etc.
Life isn't so easy in the security arena. Anyone who thinks it is isn't responsible for systems security at anything approaching a large organisation.
-
Monday 15th May 2017 08:08 GMT hoola
Re: Backup
SQL Filestream anyone.......
Equally clueless, and before the Linux advocates start honking on, the OS of the backend system is totally and utterly irrelevant. If it has SMB or CIFS available then it can be compromised. The same goes for any NAS appliance or anything else. This is a client driven attack.
-
-
Friday 12th May 2017 18:22 GMT Anonymous Coward
Re: Backup
Roll back your DB to your last backup 24hours ago, or 5 hours ago or even 5 minutes ago and for some people you may as well not have a backup at all unless there is also systems in place to recover the data from then until a few seconds ago.
I worked on systems with this capability over two decades ago. This isn't rocket science.
-
Friday 12th May 2017 20:52 GMT Anonymous Coward
Re: Backup
If you put your transaction logs on a secure server then you can load the last backup and run through the transaction logs o get to the same pace as you stopped. Of course if you are silly enough to put the logs on the same machine then they will probably be useless as they would be if you have a fire or a flood.
There probably are clueless people about that do keep them on the same machine but lets hope they learn.
-
-
-
-
Friday 12th May 2017 17:41 GMT Anonymous Coward
Re: Ransomware
"Surely a threat detection system can notice that a lot of files are being encrypted and pop up a warning to block that process and let you know. So why is there no universal endpoint protection system that does this, in fact this should be baked in to the OS by now.?"
Malwarebytes claims that their Endpoint Security product for businesses will do this. They also have a free anti-ransomware product for desktops (beta for past year).
-
-
-
Friday 12th May 2017 14:37 GMT frank ly
Surprises?
"... it also meant that the Trust’s telephone system is not able to accept incoming calls."
Is that because they use VoIP?
"My wife is a GP and their systems were just shut down ..."
Is there not local storage and caching for local patient data? Either it's not very resilient or this is a massive attack.
-
Friday 12th May 2017 14:46 GMT Anonymous Coward
Re: Surprises?
Well, yes, but who knows how far the ransomware/attack has penetrated so it's better to disconnect/shutdown and prevent further contamination/corruption while you assess the situation, fix the holes and recover.
As for phones, plenty of DoH and NHS systems are using IP telephony that's dependent on the PCs being up, the phone number follows the user's network login so shutting down the PC means you lose telephony as well.
-
Friday 12th May 2017 16:04 GMT Blotto
Re: Surprises?
Unified Comms anyone? No handsets just a headset attached to the computer via USB or Bluetooth for the execs.
What could possibly go wrong?
Maybe critical infrastructures should use a separate dedicated network for voice using non compatible with tcp / ip protocols to connect handsets to hardened gateways that can then connect to a providers phone network, but crucially using the same physical connections as the data network.
Maybe that's too radical an idea?
-
Friday 12th May 2017 19:37 GMT usbac
Re: Surprises?
@Blotto
When we converted to VOIP, we set up physical IP phones, and put them and the VOIP servers on their own network segment firewalled off from the corporate network. We're talking about a separate physical network, not VLANS! The VOIP trunks have their own path to the internet.
The firewall between networks only allows for an HTTPS connection originating from the corporate LAN to the VOIP servers for administration. And that's only allowed from two workstations.
All of the IP phones are POE, and the POE switches are powered by an enterprise class 17KVA UPS.
If our data network goes down, we still have phones!
-
-
Friday 12th May 2017 21:29 GMT not.known@this.address
Re: Surprises?
Um, no, it's the other way around - the phones will work quite happily without the PC as long as the switchboard is up, but the PC is just a paperweight if the phones go down (especially if someone thought it was a good idea to use decent-spec PCs as dumb terminals running Shitrix with Windows on the servers. I thought we did away with mainframes years ago but apparently not...)
-
-
Friday 12th May 2017 14:47 GMT Anonymous Coward
Re: Surprises?
"Is there not local storage and caching for local patient data? Either it's not very resilient or this is a massive attack."
My wife used to work at a Housing Association where he office (and all the others) were connected onto a single network with main servers in head office. Meant that if anything went wrong with head office or the networks between their and the regional office then while they might have some data stored locally on their PC they couldn't print anything as the print server controlling the printer in their office was in the head office!
-
Friday 12th May 2017 14:59 GMT 100113.1537
Re: Surprises?
"Is there not local storage and caching for local patient data? Either it's not very resilient or this is a massive attack."
Ever since data breaches became a big ticket item, local data storage became a no-no. You can't secure all GP's office computers, so you make sure they don't hold any data - the classic security bind.
-
Friday 12th May 2017 15:36 GMT TRT
Re: Surprises?
It's not just IP telephony. When the KCL system went down, it took out the virtual machine that was running the mapping of the circuit switching I/O cards in the exchange to the telephone number being dialled. The more they overthink the plumbing, the easier it is to stop up the drain.
-
Friday 12th May 2017 16:59 GMT h4rm0ny
Re: Surprises?
I believe (having worked in the NHS) that it was safer when all the data was stored at individual GP practices. Firstly, this prevented a massive treasure trove of data being collected which will inevitably be stolen (if it has not already). Rather than numerous small troves which had to be individually gone after and thus weren't pursued by intelligence agencies or criminals. Secondly, it inherently partitioned the data according to need. Someone couldn't find the sexual history of their partner or look up the address of someone they were stalking just because they worked at ANY GP practice. When we pointed this out, they told us only people who had agreed to strict privacy controls were given access. By this they meant the bit of paper that every GP secretary and anyone else signs without reading. We pushed and were told that all accesses were logged but we investigated and at the time they weren't (not that this takes the place of restricting access). I.e. they lied to some of the people actually responsible for this stuff! Maybe those controls are implemented now but the principle that far, far more people have access to this data than need it remains in place.
So no, I don't think it has made it safer even in principle. A thousand boxes, each individually locked and each containing a pittance. Or Smaug's heap of gold entrusted to whichever company's director is mates with the Health Secretary of the day. I know which I think is safest in principle.
-
-
-
-
-
-
-
-
-
Friday 12th May 2017 20:40 GMT Dwarf
Re: It doesn't have to be connected to t'internet
I take if that you've either been on a different planet or asleep under a rock whilst the variety of USB VID/PID control products hit the market then ?
Its trivially simple to control USB device insertion to only approved device types / types & Serial numbers and/or to specific users
-
Friday 12th May 2017 22:56 GMT Tridac
Re: It doesn't have to be connected to t'internet
One of the simplest, things to do on machines is to disable autoruns on all drives, a primary access method for malware. Teach users to delete any emails that they don't recognise, disable script and stick to plain text emails only.
The stupidity anmd cluelessness of this amazes me. All critical infrastructure should be on private networks with no direct access to the internet. Where access is needed, it should be via a single point, with firewalls and mail and attachment scanners that actually work. Those resposible for all this must be asleep at the wheel, unbelievable...
-
Saturday 13th May 2017 01:20 GMT Allan George Dyer
Re: It doesn't have to be connected to t'internet
@Tridac - "Teach users to delete any emails that they don't recognise"
So do you open the email with the subject, "Please change my appointment"? Anyone whose job is to interact with the public can be targeted by a suitable email. Sure, dumping any email client with scripting support is good (if you disable it, do you trust that the next update doesn't turn it back on silently, for whatever reason), but how do you force the public to only send plain text?
-
Saturday 13th May 2017 15:17 GMT Tridac
Re: It doesn't have to be connected to t'internet
Opening an email doesn't run anything if scripting is disabled and if you click on an attachment without being sure who it's from then it's your own fault :-). For linfrastructure and large arganisations, secure setup can be handled via initial machine provisioning and automated, with application software settings locked down. The OS config should be bare bones, with all but needed services disabled by default. Perimeter firewalls should have all but needed ports blocked by default, ideally with separate hardware firewalls between each internal subnet. Wouldn't surprise me to hear that they have smb shares across the global internet with no vpn, but that's a worse case scenario.
Even Win Xp is fine in a properly configured and protected environment, but the whole system must be configured to design out the vulnerabilities. Assume that any network can be broken, given enough resources. Think systems engineering...
-
-
-
-
-
Friday 12th May 2017 19:11 GMT Daggerchild
No, it looks like it came from an internal network accessed by a VPN by a supplier employee who was infected by a colleague who almost certainly clicked on something from the Internet.
I'm thinking he probably airlock switched his infected local PC from his corporate LAN to the supplier LAN to do some work.
-
Friday 12th May 2017 19:38 GMT Wayland
The wards in Colchester General have free WiFi. It would be easy to push a USB WiFi into one of those trusty XP machines they have all over the place. The IT department are usually out to lunch at Colchester and Clacton anyway. Try getting blood results at Clacton when they have been put on the computer in Ipswich. Better to wait for the postman or get someone in Ipswich to read the screen out to you over the phone.
-
Monday 15th May 2017 12:37 GMT Robert Baker
"The wards in Colchester General have free WiFi."
And? Nearly all hospitals have patient wi-fi, either free (such as at St. Thomas') or paid (such as at King's College Hospital), but unless the IT staff are not just clueless but total freakin' idiots (read: none of them), the patient wi-fi doesn't come anywhere near being connected to the hospital's wireless network(s).
-
-
-
-
Friday 12th May 2017 18:39 GMT Anonymous Coward
Benefit: The Internet is a cheap wide area network.
Risk: Cheap doesn't mean secure.
*
Benefit: The Internet supports "convergence" -- so email, file transfers, VOIP, central database access, etc all go over the same pipe.
Risk: Everything on every client and every server is (potentially) available to anyone!!
*
So....pick the benefit which you want -- but recognise the risks. Clearly for the NHS -- CHEAP trumps RISK (no pun intended)
-
-
-
Friday 12th May 2017 17:39 GMT chivo243
@tin 2
I just such dramatics on the beeb news intro... It's an all out attack on the NHS! Hospitals shutting down sending patients home...
How is some user clicking on an attachment in such an environment an attack? Attacked! I say! Targeted with surgical precision, just like the systems they were running...
-
Friday 12th May 2017 18:51 GMT TRT
It's using an exploit leaked by the CIA whistleblower. Cheers, pal.
Very effective against NHS systems because they've left older SMB protocol versions running in order to service XP-based clients, and there's a lot of digital real-estate not updated to 7 or above, for very good reasons.
So, this highlights the danger of running un-supported Operating Systems, does it? Perhaps it highlights the disadvantage of continuously changing operating systems in this rapid release format that Microsoft have switched to. Will there be a version of Windows 10 in, say, 10 years time that is deemed 'unsupported'? We heard a while back that Windows 10 was the last version of Windows you'll ever get, because they're ditching that idea of releasing versions. Yet within 2 years we are onto 'Creators edition', potentially back to how it was. Good or bad? We've yet to see.
Will this be a lesson for developers to produce something that is "buy once"?
-
-
Friday 12th May 2017 14:53 GMT Anonymous Coward
I was just about to post that it was to do with Telefonica, a friend in IT at NHS said that it's initially been spread from Telefonica who provide networking over the N3 connections the hospitals use.
I hope they put more effort into tracking and prosecuting the people behind these things as hitting hospitals, if anyone dies, it's manslaughter in my eyes!
-
-
Friday 12th May 2017 15:24 GMT Rosie Davies
This is the UK. We don't have the construct of first degree murder. I feel it might be quite challenging to prove that $whatever was released specifically to kill, which is what you'd need for a pre-meditated murder conviction (UK's equivalent of first degree) but causing death by being a silly bugger (AKA manslaughter) would be more likely to succeed.
Nope, I'm not a lawyer nor do I work for the police. I just work in IT so take an interest for...ummm...idle curiosity. Yes, that's it. Definitely that.
Rosie
-
Friday 12th May 2017 22:53 GMT DavCrav
"This is the UK. We don't have the construct of first degree murder. I feel it might be quite challenging to prove that $whatever was released specifically to kill, which is what you'd need for a pre-meditated murder conviction (UK's equivalent of first degree) but causing death by being a silly bugger (AKA manslaughter) would be more likely to succeed."
Don't need the whole murder, manslaughter thing. If anyone gets caught for this, it's committing a terrorist act they'll be done for. Attacking national infrastructure tends to get treated in that way.
-
-
-
Friday 12th May 2017 16:14 GMT Anonymous Coward
It'll be The Computer Misuse Act 1990, Section 3ZA - 'Unauthorised acts causing, or creating risk of, serious damage.'
Punishments are up to 14 years in prison, or a fine, or both. Offenders can be sentenced to life imprisonment where their actions endanger human welfare or national security.
But first you have to catch the buggers.
-
-
-
-
Friday 12th May 2017 14:54 GMT Anonymous Coward
Not withstanding ..
that is behooved of internal and external IT providers to have effective measures against such attacks - at what point does the government get off its collective hairy arse and decide to send SF to kill or castrate the perpetrators? This is costing money better spent on bullets - we are too nice for our own good.
-
-
Saturday 13th May 2017 06:23 GMT Planty
This weeks windows vulnerability affects ALL versions of Windows. Let's not pretend something newer would have been immune. It might have been safer, but by how much? Windows is still horrendously insecure ... Also the screenshot clearly shows windows 7... Nothing to do with xp or win2k..
The widespread nature suggests worm and self replication and self execution..
-
Friday 12th May 2017 15:05 GMT Anonymous Coward
I believe the way this works is that it will turn out to be the fault of one of the many private companies being paid huge amounts of money by the NHS, and the consequence will be that the NHS will take the blame & pay any legal liabilities (using our money) while there will be no comeback against the private company which will however have its NHS contract(s) extended.
-
-
-
-
Friday 12th May 2017 18:55 GMT Gavin Park Weir
Having been a supplier to the NHS in the past. The reason none of us greedy bastard, no good, only out for ourselves, shoody outfits provide the right high quality solution is this:
NHS: Can I have a good thing to update / fix / provide (delete as needed) this service
Supplier: We would recommend X which costs £Y
NHS: We can't afford Y because we are not able to negotiate the budget we need to fix update / fix / provide (delete as needed). What can you for £Z?
Supplier: How about this 2003 PC running XP?
-
-
-
Friday 12th May 2017 16:08 GMT Daggerchild
Let me guess...
"Come on GCHQ, this is your time to shine"
Every year:
GCHQ: They're going to get pwned unless you fix this list of things *unrolls*
HEALTH MINISTER: That looks expensive, and will cause disruption that will make me look bad because nobody can see the benefit. They'll be fine! You'll just pull out a magic wand and fix it. I won't blame you if you can't, I promise!
GCHQ: *sigh*
-
-
-
-
Friday 12th May 2017 16:06 GMT Anonymous Coward
> Is it possible to blacklist bitcoin addresses or is this a "sub-address" not traceable to wherever the money is accumulating?
I'm sure the authorities will be extremely interested in any transactions that subsequently move the bitcoins onwards from that address. If whoever does so isn't behind 7 proxies, or knows what a mixing service is, they'll discover how unanonymous bitcoin is.
-
-
-
-
-
-
-
Friday 12th May 2017 20:11 GMT AlbertH
Re: Using Windows?
Remind me again, how did such an odd and inefficient system come to pass?
A clue for you..... The NHS began in 1948. Who was in government in 1948?
Most NHS computer systems were installed in the early 2000s..... Who was in government in 2000...?
Who got a nice house bought for him in Eaton Square SW1 by Bill Gates? Clue: He was Prime Minister in 2001......
-
Friday 12th May 2017 22:03 GMT InNY
Re: Using Windows?
Re: Using Windows?
what a load of bollocks.
The NHS was created by popular demand after the 2nd World War because the men and women who went to war, to defend the free democracies, didn't want to return to a system that punished them for being poor or "just about managing". They wanted a society where equality in the provision of society's services was equal for everyone. - do your homework - look up the Beveridge Report 1942
Most NHS systems were not installed in 2000. They were installed well before - they were extended in the late 1990's so that patients and those providing the required services could do efficiently and safely. The installation of IT services within the NHS was, and continues to be, a model of efficiency and effectiveness. That the service has been downgraded since 2010 is not the fault of the government in power in 2001.
Microsoft Windows was/is used for the exact same reason that nearly every governmental organization in the world uses it. Because it was available; relatively cheap; easy to use; easy to install; there were/are plenty of people skilled in its various technicalities and it does the job exceedingly well.
Who the f* cares who bought whom a house in a posh bit of London? Apart form which, where on earth did you dig that up from? Perhaps you could provide a valid link for the report? I've looked an can't find it. I look forward to enlightening us.
Now, sod off and on your way admire the sheer grit, determination and marvel at the amazing skills of the NHS IT staff as they do all they can to remediate a catastrophic mess for which they can carry no blame.
If you really want know who's responsible look towards the cheapskate management and chap who's name rhymes with c*nt...
-
-
Friday 12th May 2017 18:05 GMT Alan Ferris
Re: Using Windows?
I can only speak for England, but you the taxpayer provide ALL GPs with computers and software. And it's all Windows based. I get no choice over hardware, clinical software or even antivirus. And the electronic booking system is only compatible with Internet Explorer... and not even the most recent versions.
We are all doomed
-
-
Friday 12th May 2017 19:51 GMT John 110
Re: Using Windows?
"Aw, come on! The NHS is a large enough customer that if they wanted it on a Linux or BSD system the supplier would do the port."
The NHS is, but bits of the NHS aren't, software running microtitre plate readers for Lab tests is quite specialized and there just aren't that many labs in the NHS in the UK. It took us forever to get a version that would run under Windows 7.
I think you'll find that replicated across many machines and services.
-
-
Friday 12th May 2017 15:42 GMT Big Z
Re: Using Windows?
Windows can be secured from running rogue .exes, most Malware is JavaScript based, or macro based, and Sophos' 2017 malware forecast report stated they have seen significant (albeit still low) increases on Linux based ransomware attacks over the past 18 months. It essentially comes down to poor security implementation and practices (the IoT devices used in botnets are running Linux), and poor user education.
-
-
Friday 12th May 2017 18:06 GMT Daggerchild
Re: Using Windows?
Honestly, I'd skip Linux and port medical devices to Android. Everyone's computer is a phone these days anyway and they should be dedicated devices with decent realtime foo that you can lock down to the ground. If you're running antivirus on it, you've already lost.
ChromeOS might also make a good cheap disposable desktops, seeing as the local practise PC's seem to be client-only anyway.
*umbrella*
-
-
-
-
-
Friday 12th May 2017 15:50 GMT Shocker-z
Well there's also the case that if any network files were encrypted then surely the last pc to encrypt them would have to be the first to decrypt the previously encrypted PCs.. Also NHS has 1.7 million staff.. so even a 1% infection is $5.1million.. Soon adds up. Obviously most PCs shouldn't have any data local so can just be wiped anyway, but then you're dealing with the huge IT task of wiping PC's and checking first, which ones do or don't have any local data that's needed...
I know that I certainly wouldn't like to be IT support on a day like this for them...
-
Friday 12th May 2017 16:15 GMT katrinab
The NHS has the world's largest deployment of Microsoft Exchange server. I believe it is somewhere in the region of 850,000 users. NHS England has 1.2 million employees in total, if you include NHS Scotland and NHS Wales, it is 1.4 million. Northern Ireland has its own health service which isn't called the NHS.
They are the world's fourth largest employer, and the three largest - Walmart, People's Liberation Army and Indian Railways, don't have as many people who would use email at work.
So anyway, we are looking at a ransomware demand of at least £200m, which the NHS certainly doesn't have as spare cash.
-
Friday 12th May 2017 22:14 GMT Anonymous Coward
>if you include NHS Scotland and NHS Wales, it is 1.4 million
The NHS census used for this counts employees multiple times
>They are the world's fourth largest employer, and the three largest Walmart, People's Liberation Army and Indian Railways
McDonalds employs 1.9 million, DoD 3.2 million - there are a dozen more larger than NHS employers even if you use the bogus census data.
Please stop repeating this 'cut the overblown NHS' Daily Telegraph bull
-
-
-
-
Friday 12th May 2017 15:29 GMT Nash
something or nothing....
I've never worked on the NHS systems but ive worked on a lot of systems and some were NOT setup to handle this type of attack.....i would hope that the NHS endpoint PC's which are being presented with this ransomeware message are acting as Terminals i.e Installed with windows but locked down to the point that data CANNOT be saved locally to the C:\ drive. That way if the PC is infact encrypted then the patient records that the PC has been accessing are on a Network location and that network location (server) is not affected? - the PC can be re-imaged although inconvenient, recoverable to OS Level. if the PC's hold local databases loaded with patient info then im afraid someone needs an @ss kicking.
N.B would be nice to heard from someone who has worked on the NHS IT Systems at Engineer/1'st/2'nd/3'rd line level to get an idea of the setup.
-
-
-
Friday 12th May 2017 16:36 GMT Doctor Syntax
Re: something or nothing....
"ever tried deleting/moving/modifying a file on a network share that you only have "read" permissions to?"
Those file you only have read permission to - how did they get there? Could it be that someone has to have write permission?
On a more practical, albeit longer term scale alternatives to simple shared folder need to be looked at. As one approach I'm currently setting up Nextcloud at home. I have several alternative ways to share files with a client. One is to use the webdav client to sync a specific desktop folder with the server. That means that even if I had a ransomware program running wild on the client PC it could only (a) affect files on the synced folder and (b) the contents of the folder on the server are versioned so that the last good version can be restored.
-
Friday 12th May 2017 18:00 GMT Adam 52
Re: something or nothing....
As we discovered last time the NHS had a ransomware attack - which must have been all of a few months ago - everyone has full permission on everything at an SMB level.
If this turns out to be spread via SMB or anything below layer then someone needs to explain how the network was configured so badly.
-
Friday 12th May 2017 18:31 GMT Anonymous Coward
Re: something or nothing....
trouble is smbv1 is ON by default to turn it off you have to do this (win7) on EACH BOX
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
Now who in a Doctors surgery is going to do that!? And with XP turning of SMBv1 is likely to break things!
-
-
-
-
-
Friday 12th May 2017 15:32 GMT bexley
these exploits are worthless
this is not a ¨cyber attack¨, this is somebody with admin privileges clicking on something they should not have done.
Some local files being encrypted really should not be a problem these days for a decent IT department, they should have it all puppetised and be wiping and rebuilding those machines now, or this morning, whenever this started.
If their databases have been encrypted then lets hope that they have tested their backup strategy and have already restored this last nights backups
-
Friday 12th May 2017 16:01 GMT Alister
Re: these exploits are worthless
this is not a ¨cyber attack¨, this is somebody with admin privileges clicking on something they should not have done.
Curious then that it has affected so many dispersed bits of the country. I think you'll find that the evidence so far is that this is collateral damage from an attack on Telefonica (who just happen to manage network links for some of the NHS).
-
Friday 12th May 2017 16:22 GMT Naselus
Re: these exploits are worthless
"Curious then that it has affected so many dispersed bits of the country. "
The term you're looking for is 'continent'. Or possible 'world'; Russia has millions of infections right now, with Taiwan and China both heavily hit too. Half of Europe is being hit. List on the BBC's breaking news site currently says UK, Spain, Italy, China, Russia, Vietnam, Kazakhstan and Taiwan. Avast alone has 36,000 infections going live right now.
This is fucking massive.
-
-
-
Friday 12th May 2017 15:38 GMT 0laf
Awareness issues, tech will do so much but some spam will always get in. You can't sop the signal Mal! Someone somewhere clicked.
I imagine hospitals are a bit like schools with lots of staff that feel very important and that security measures are not for them because they must not be impeded in doing their important stuff (even if that is playing on their new phone).
Ok I'm generalising but I've yet to be proved wrong.
-
Friday 12th May 2017 15:50 GMT Anonymous Coward
Неверная цель, выключите ее
Talk about poking a sleeping bear with a stick.
Malware was happily making money by hitting thousands of individuals with a $300 demand.
Malware wanders onto the systems of a beloved national institution.
Government facing an imminent election so will demand action.
New GCHQ unit (NCSC) looking to make a name for itself.
Whether they find the source, this malware group have just engaged an adversary that they probably wanted to avoid.
-
Friday 12th May 2017 16:28 GMT Boris the Cockroach
Re: Неверная цель, выключите ее
I'd suspect if they are found it will be a bunch of guys far more serious than a GCHQ code breaker knocking on the door.
I'd expect 1/2 the worlds special forces black ops groups are currently organising a list of who goes in first to kill the little shitheads.....
-
Friday 12th May 2017 17:13 GMT Phil Endecott
Re: Неверная цель, выключите ее
> I'd suspect if they are found it will be a bunch of guys far more
> serious than a GCHQ code breaker knocking on the door.
"If they are found" - no, the real danger is that the actaul perpetrators don't need to be found; they will be tempted to just drop a bomb on some random people in some unpopular country somewhere and claim they were responsible, with some dodgy dossier to prove it. But then, if they actually did bomb the right people, we'll still consider that the dossier was dodgy and not believe them. (Like the Sony hack.). They can't win.
-
-
-
-
Friday 12th May 2017 18:42 GMT Anonymous Coward
Re: I gave up Windows for this very reason...
And that, in and of itself, is a PERFECT EXCUSE to never bother to learn or ask if alternate versions of the control software are available, or plan to be made available. And also, never learn anything new yourself. Why bother, if you don't get paid for it, right? I only work in the Linux part of any shop anymore, and I got here because I knew my Linux from well before it became the best solution for modern big compute data centers in terms of price/performance. I don't need to consult the Top500 super computer clusters in the world. I already know what OS most of them run. It was just a hobby in the 1990s. I know Windows. I've setup Windows. I've installed some mildly complicated Windows-Only wares and made damn sure I told the vendor; "when are you going to have a proper Linux version of this tool (VMware vCenter vRealize vThingy)?" They were already working on one. No matter, I'm on a different site, but you get the idea. Hey, even most all of the factory testing systems at the assembly lines of Foxconn, where the iPhones are made, are Windows boxes. If virus exposure for these highly quarantined systems were to materialize, you would have a major vendor asking their major manufacturer to look into getting non-Windows test systems. That is the problem; it's easy to find coders and integrations for developing cheap solutions to controlling the building of physical products using Windows. It is a common OS, and it makes sense to just dev on that, rather than progress to anything more modern for a host of reasons; too expensive to dev, not enough customer requests, cheap hardware platform, and obviously too hard for the "we only know one OS" crew to dev on. So, if it was not Windows, it would be millions of old legacy systems running MacOS 7, or C/PM. It's not the systems, it's the lazy and stupid end users who treat the connected computers like toasters; only the crumb tray ever needs servicing.
Like with IoT, you can secure these devices, when you have the knowledge and the motivation to do it. Otherwise, the vendor should be shipping completely locked down devices, but they won't because; stupid people. And cheap to the point of stupid people. The fine people of the NHS got tricked. They got tricked into thinking their computers were more useful and safer than writing on paper. Today, they learn the value of a good pen and a study pad of papyrus. Seriously, NHS, welcome to 1984...BC.
-
-
-
Friday 12th May 2017 15:59 GMT Retron
Can't believe any network would allow users to run stuff from %temp%...
It's just one of the things a network admin can do which helps lock the system down. From what I've seen (on a VM used for the purpose), malware from emails / web browsers invariably tries to run an EXE from the temp directory.
-
-
Friday 12th May 2017 16:42 GMT DaLo
I presume the running of exe from temp is for users only (non-PC admin). MSI and windows update require admin privileges.
However, the initial file is a PDF/Word doc that can create a non-PE file that could still encrypt files, or scan for an executable-allowed directory. Or they use a vulnerability in existing software that then uses privilege escalation - like the recent windows SMB bug.
-
-
-
-
Friday 12th May 2017 16:10 GMT Sam Haine
Security vs convenience
The security versus convenience compromise is usually wrong in the NHS because messages from doctors, nurses, pharmacists etc on the front line are ignored by those who make the implementation decisions.
I worked in one large hospital where management decided to tighten up security and have a whitelist of accessible websites. Unfortunately they didn't include the British National Formulary, TOXBASE etc with predictably hairy results. When they eventually responded to this they overreacted and scrapped far too many security measures with predictably hairy results in the other direction.
-
Monday 15th May 2017 17:46 GMT Robert Baker
Re: Security vs convenience
I worked in one large hospital where management decided to tighten up security and have a whitelist of accessible websites. Unfortunately they didn't include the British National Formulary, TOXBASE etc with predictably hairy results.
I once read an account by an A&E doctor, who (not being able to diagnose a patient's problem with 95% or better certainty, as often happens especially in A&E) decided to run a query on the Best Bet site, this being a website especially for A&E workers faced with this kind of lemma. Unfortunately, the hospital's I(dio)T department had installed filters which blocked access to Best Bet on the (false) assumption that it was a gambling site.
Fortunately he was able to work around this by ringing a friend in another A&E and having the friend access Best Bet on his behalf. I bet he had a few choice words to say to IT/management when called in to the disciplinary hearing about this episode.
-
-
Friday 12th May 2017 16:15 GMT Anonymous Coward
PHEW
I'm going to hell for this I know, but... I can't help feeling a tiny twinge of relief that
(1) we're more or less completely patched, partly because I made a big fuss and jumped and down insisting these ones really HAD TO BE APPLIED, ASAP. So I should still have a Friday evening ahead of me and a weekend to boot
(2) that it'll be a bit easier to make the case next time I want to insist they break the habits of a lifetime and apply the damn patches, already :)
(3) I might even get a few brownie points for making myself unpopular and -- oh wait, it's infosec, I was forgetting...
-
This post has been deleted by its author
-
-
Friday 12th May 2017 16:47 GMT Ben Tasker
Re: Alternatives?
> 1: You do not normally have to use Windows. There are more secure alternatives.
If you've just spent millions on an MRI machine and the software for it is Windows only, you do.
> 2: If you do have to use Windows, do you really have to use FAT or NTFS for your data?
Most ransomware can encrypt data on any mount that your install can write to, so it doesn't matter too much whether you're using FAT/NTFS locally or NFS or Samba to go upstream. Having a journal'd filesystem upstream is only so much help when near every file you've got has been encrypted.
Obviously it'd be nice if there were restrictions in place on who/what could edit or remove existing files, but we don't currently know that that's not the case here. It only takes someone with those permissions and you're back in this position.
-
Friday 12th May 2017 16:55 GMT Anonymous Coward
Re: Alternatives?
Perhaps the MRI has to run Windows, but the army of office and nursing staff? Surely Libre Office and a browser would do the job? As regards data storage, I suspect, but don't know, that FAT and NTFS being part of the same environment as Windows would be more vulnerable, just as IE is a worse choice than say Opera.
-
Friday 12th May 2017 17:36 GMT Steve Davies 3
Re: Alternatives?
If you have spent Loadamoney on a bit of kit then it is your duty to make it as secure as possible.
You can't air-gap it but you can isolate it on its own physical subnet behind a carrier grade firewall. etc etc
Don't for christ sakes put expensive bits of kit on the main ethernet backbone.
If you do then you need to be put in the MRI scanner and left there to fry.
Only a few years ago, my local NHS trus had a lot of their data on a VMS system. Some high paid MS consultants came through and the VMS System was gone.
MS has a lot to answer for.
When with a country say to MS, get outa here. You and your insecure POS are not wanted here.
Will this event be the catalyst that makes this happen?
-
Saturday 13th May 2017 02:35 GMT tfewster
Re: Alternatives?
"If you've just spent millions on an MRI machine and the software for it is [out of date]..."
You say "We're not paying for that, as it's faulty." A few pushbacks like that, and I expect the vendor would start taking security seriously. It may cost them millions up front to do so, but they can recoup by dividing the cost between their customers, by increasing maintenance contracts by a few %.
The first MRI supplier to do that will be rewarded with a monopoly on sales for a while, as insecure systems will be disqualified from tendering. Win-win.
-
-
Friday 12th May 2017 16:59 GMT Doctor Syntax
Re: Alternatives?
"1: You do not normally have to use Windows. There are more secure alternatives."
As others have said there's a lot of specialist kit for which only Windows drivers and/or applciations exists (which version of Windows is another worry). So it's not as simple as that. However there should be proper network segmentation to protect these.
OTOH plain vanilla desktop office/mail/web machines could well be shifted to other platforms. However this would buy time, not complete protection. A booby-trapped email will inevitably find a supply of boobies if it's widely spammed.
What's needed is a better architecture that doesn't allow some random application to save or update whatever file it wants.
-
Friday 12th May 2017 17:11 GMT Anonymous Coward
Re: Alternatives?
"As others have said there's a lot of specialist kit for which only Windows drivers and/or applciations exists "
In my experience it's quite the opposite. The MRI, NMR, robot of some sort or whatever will often use a Unix-based OS to run the machine and interact with its storage and hardware and then there will be console or two which might well provide the output/control input and which might be a Windows PC.
-
-
-
Friday 12th May 2017 16:33 GMT Anonymous Coward
I for one, welcome the return of the paper patient notes.
Mainly because, when my surgery sent them off to be uploaded to the NHS database, I ended up as a 70 year old woman on heart pills and hormone replacement therapy.
Either way, I have never been able to get a diagnostic error from 17 years ago rectified; but at least the paper notes correctly identify me as man of less than pensionable age.
-
Friday 12th May 2017 17:15 GMT Danny 2
Re: I for one, welcome the return of the paper patient notes.
I've been trying for years to be in charge on my own NHS files, or at least to correct some of the errors within, to no effect. Politicians assume I am mad to suggest such a thing.
The lack of logic in the NHS at every level is worrying. My medical records are so off they are funny and worrying. The time a cat attacked my hand, the senior nurse listed me as a possible heroin addict because I had fifty bloody puncture wounds in my hand - I really don't think that is the way junkies inject.
I was tested for breast cancer one afternoon - I didn't have it but the test is so painful that if you are ever in that situation then I suggest you ask for a second opinion before even having the test. Better than not having the test and actually having it of course. Still, at the start I was asked to fill out a standard NHS form, on of the questions was "Are you still having your periods? [Y] / [N]"
How do you answer that as an Aspergers male?
-
-
Friday 12th May 2017 16:44 GMT Jim Willsher
Whilst the NHS is huge, with about a million computers, it doesn't help itself by having dinosaur policies. Buying extended support from Microsoft for XP is a prime example.
There's every chance that this has spread by one of the zero-day exploits that were made public this week, this month or even this year, you can bet that their computers are very poorly patched.
Hit a poorly maintained LAN with a wormable encryptor and game over; all local files and network shares are encrypted very quickly on high-bandwidth networks.
Rolling back to "last night's backup" will be a challenge, and even a few hours' worth of lost work on a million PCs is a lot of work.
It was bound to happen eventually.
-
Friday 12th May 2017 16:48 GMT Danny 2
Not the whole NHS - yet
It's interesting that either by chance or design only certain trusts and practices have been affected so far.
I've got nothing better to do so I'll check on Monday morning if my dentist needs any help. He is my longest relationship with any professional and he does love his new tech without understanding IT. I doubt it is appropriate to offer my local hospitals as their data is more sensitive, but if any of you work for established IT companies with the relevant expertise then perhaps suggest offering your help for free to your local NHS trusts. It's the right thing to do and you can sell it to your boss as great publicity.
-
Friday 12th May 2017 17:01 GMT Kaltern
Saying this wasn't an organised attack is a little naive, considering the number of continents involved, simultaneously, and differing companies.
If it was just 'someone opening an attachment', that would hardly be enough to encrypt half the NHS and Telefonica etc... not unless a system admin did it on a PC with write access to the central NHS systems, for example - and that still wouldn't explain the other infections.
-
Friday 12th May 2017 18:17 GMT Brewster's Angle Grinder
It appears to be billions of emails and thousands of people who've opened them with catastrophic results. So it's not an attack in the invasion-of-Iraq meaning of "attack". But it is an attack in the sense of a guy standing in a middle of street firing a machine gun randomly -- except the bullets on this gun can travel round the world.
-
-
-
-
Friday 12th May 2017 18:15 GMT Adam 52
Re: Time to move off Windows
For medical records, yes, pretty much. A notepad, a biro, a thick envelope and one of those big filing cabinets are all you need.
Computerisation adds nothing except the ability to sell records to Google.
X-rays and other imaging a bit different, but they don't need a massive system and importantly don't need to be part of the same system as patient details, history and notes.
-
-
This post has been deleted by its author
-
-
-
-
-
This post has been deleted by its author
-
Friday 12th May 2017 17:10 GMT Anonymous Coward
heads should roll
GCHQ must have been busy monitoring EVERYONE EVERYWHERE plus a 56k link from ISIS land and probably missed some bozo with excessive privileges browsing the internet and clicking on stuff at a hospital.
Cant wait for the brain dead government view about it #hashtags and all.
-
Friday 12th May 2017 17:12 GMT Anonymous Coward
From what I've heard this was using an exploit patched in the March release of Windows (ms17-010)
Being generous you might say the places affected have a 2 month test cycle and they release them the 1st Monday after Patch Wednesday.
Being cynical/realistic, I'd say they have a sporadic patching strategy and there will be some serious questions asked next week
-
Friday 12th May 2017 18:29 GMT Ken Hagan
It proves a point that many people here have been making since XP went out of support. *Every* patch from MS that fixes holes in a later version of Windows reveals a weakness that might exist in XP. MS have therefore been publishing exploits against XP for several years now. I believe the NHS's special deal to continue to receive patches expired quite recently. This is an entirely predictable result of NHS management's failure to have any kind of plan for moving off XP.
-
-
Friday 12th May 2017 17:24 GMT Charlie Clark
I for one have full confidence in the government's ability to protect me and my family because…
… well I can't actually think of any but I'm open to suggestions.
In the meantime let's watch Mother Theresa, who as Home Minister a year ago is surely largely responsible for a large shovel of this shit, and her incompetent colleagues try and bluster their way out of this one. And these people are supposed to be responsible for major international political, security and trade negotiations?
So, your Majesty, how exactly does reducing the number of EU farm workers help protect the NHS from attack? Does Brexit contain a secret plan to protect the UK from nefarious computer hacking by following the lead of the Taleban and deindustrialising as fast as possible? After all, once the peasants have to worry about things like starvation or dying from Polio or the measles they're not really going to be protesting about freedom.
-
Friday 12th May 2017 17:27 GMT Putonghua73
I was discussing ransomware with the Head of IT Operations at the Trust where I work yesterday. He said that our Trust was in a good place but much more funding was needed to get security where it needed to be to really feel comfortable.
The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support.
He informed me that another Trust had carried out a phishing / malware test, where 1 in 4 of the staff clicked on the link. This is the uphill struggle that Trust IT Depts are fighting against.
I heard from a colleague that our Trust was relatively unaffected as the IT Dept locked everything up tight as soon as they got wind of what was going on. Our ERP system went down as it is supported by another Trust that got completely taken offline. I did think of the IT Team as soon as news went round whilst I was offsite. I suspect they'll be pulling a weekender. I also suspect the Trust will suddenly cough up funding for enhanced security and support for user restrictions.
-
Friday 12th May 2017 17:43 GMT Duffaboy
It's all down to cutting costs on end user training
I work for many organisations in IT support and most of the tickets we look at are down to user error. I have only ever work for one company where when a new o/s or device was rolled out there was mandatory training afterwards.
Here my friends is where the problem lies, end users clicking on links attachments deleting stuff they shouldn't.
-
Friday 12th May 2017 18:21 GMT Adam 52
"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media."
Oh dear, an IT manager dinosaur. You guys are in trouble. Securing the perimeter is a hopelessly outdated model.
If you make your systems unpleasant to use people will work around your restrictions.
Accept that your network will be compromised and design everything with that scenario in mind.
-
Friday 12th May 2017 18:25 GMT Danny 2
"The hardest conundrum to crack is to balance security with end user requirements i.e. blocking personal email (gmail, yahoo, etc) and blocking all removable media. He did want to implement both restrictions but had received lukewarm support."
I understand the pressure from users but security should trump usability every time. No serious financial institution allows employees work access to the internet or personal emails or removable media. Your boss should treat other peoples most intimate data they way they treat our money. Provide terminals with no soundcards or USB or CDs to access the internet, unconnected to the local network, for people to browse their out of work nonsense.
-
-
-
-
Friday 12th May 2017 19:06 GMT Anonymous Coward
Re: What it's only $300?
I got the solution, just send the cheque in the mail, NHS! You can pay me in crumpets or scones, if you prefer, I don't think I'll notice the difference. NO HYBRID BREAD PRODUCTS though. Thank you.
Here is the solution, which is mine, and I own it, and here it is. And it is mine, here it is, my solution. Which is mine:
Have one person pay the ransom, then save all those files to a clean USB stick, and you have all the files back, there you go. Bob's your uncle. Okay?! Super.
-
-
-
Friday 12th May 2017 17:58 GMT aqk
He sees it all the time....
Following is from a disgruntled friend about to retire: And thenhe's gonna provide Bitcoin services/knowledge to people who have never heard of bitcoin, but suddenly need it for some strange reason.. ;-)
===============================
Executives, and in this case Doctors (remember XXXXXs), are the reason IT backs down and drops their pants and leaves the door ajar for hackers. I see it all the time here at work. Screaming executives demand their f’n new toy or phone gets 100% access on our network NOW before their big meeting (or just before you get fired), or even board members cry to IT directors, who then order guys like me to “open er up”. We have no real power in IT.
The Russians KGB types now type all documents on typewriters, and lock them up in real vaults. In security circles in the USSR, nothing is on a computer.
So when Putin screams in your face, you open the vault, not the network firewall or switch ACLs. Then you’re poisoned or shot.
-
Friday 12th May 2017 18:05 GMT Anonymous Coward
It's only asking for $300. Some kid in his bedroom has downloaded a list of hacked emails and sent out his designer malware package. He's now sh1ting himself because what he's done is all over the news. I hope he enjoys the meagre returns knowing that people may have actually died because of cancelled operations.
-
Friday 12th May 2017 18:06 GMT Anonymous Coward
https://www.igt.hscic.gov.uk/
Requirement No: 14-311
Initiative: Information Security Assurance
Organisation Type: Acute Trust
Version: 14.0
Requirement Description:
Precautions are required to prevent and detect the introduction of malicious and unauthorised mobile code into an information asset’s computer components. Failure to defend against viruses and other malware could lead to significant damage to your organisation's business capabilities and serious impact on service user or patient care.
2: The approved and documented controls and procedures to mitigate against malware risks have been implemented.
-
Friday 12th May 2017 18:06 GMT LM34234
I blame Tony Blair's Labour government who thought it was a good idea to madate that all public sector end user PCs were given internet access. Arbitrary code execution and an network connection to billions of potentially hostile computers/actors. It a disaster waiting to happen. But the main priorty was ensuring civil servant can buy of eBay and amazon while at work.
-
Friday 12th May 2017 18:10 GMT Anonymous Coward
how did it spread my monies on
Be interesting how this has spread. Lots of talk, mainly be numpties, on the radio about the NHS System as if it’s some massive system that everybody in the NHS is connected to. Whereas you’ve got trusts and individual GP surgeries and even dental practises being hit, barring in mind those are pretty much totally separate sites divorced from systems in hospitals etc, there’s no way SMBv1 traffic is going to by magic make its way around various sites on its own . My money is on an email that members of staff at each site have opened independently, or a common NHS website that has been compromised and that has sent the malware out when individuals have accessed that site.
Lots of XP boxes still in the NHS hence the vector of SMBv1 would make sense as that tends still to be used for backward compatibility and there will be lots of old bits of legacy rubbish floating around in the NHS. And as XP isn’t support it ain’t been patched!
Going to be a right old buggers muddle of a job to sort out glad I don’t work in any form of NHS IT. Anyone from an NHS site that's been shafted got a comment? (probably up to their nuts in sh1t so we'll understand if you don't!)
-
Friday 12th May 2017 18:25 GMT Rol
back to basics?
With limited functionality for users comes limited opportunity for hackers.
Why did the NHS fall over itself to accommodate every whim and fancy, of what is predominately an IT illiterate gaggle of muppets.
It was chaos, as midwives and managers GP's and gynaecologists, queued round the block to have their input on how the system should work, and look what we've got. An all singing all dancing system that has more potential points of attack than a Cruft's show in North Korea.
"What!!? You're entering my diagnosis onto the same PC you've just been reading your emails on? Are you absolutely without compassion or did you win your license to practice at a gurning contest?"
-
-
Friday 12th May 2017 20:16 GMT aqk
Re: $300 in Bitcoin is a NOT $300 US$
Sorry, but 300 dollars is 300 dollars. Australian, Canadian or USA.
I have currently half a bitcoin. I think it's now worth about $400. I haven't checked lately
You probably mean 300 BITCOINS, = Ƀ300, not $300. There is no ASCII character for the bitcoin symbol yet. Nor likely will be!
Ƀ is a proposed symbol (see http://www.bitcoinsymbol.org/ )
But that's OK.. you're an amateur, right?
-
-
Friday 12th May 2017 18:42 GMT Anonymous Coward
The decrypted contents is coming through from the first Windows hard drive, disk sectors show...
Linux.LInux.Linux.Linux.Linux.LInux.Linux.Linux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.Linux.Linux.Linux.Linux.LInux
Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux
Linux.LInux.Linux.Linux.Linux.LInux.Linux.Linux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.Linux.Linux.Linux.Linux.LInux
Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux
Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux
Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux
Linux.LInux.Linux.Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux
Linux.Linux.LInux.Linux.LInux.Linux.Linux.LInux.Linux.Linux.Linux.LInux
-
Friday 12th May 2017 19:10 GMT Anonymous Coward
Patching
I went to a meeting a couple of weeks ago and several Trusts said they were not regularly patching machines. Not wanting to be smug but at my Trust we patch machines two days after Microsoft release them. We also patch non MS products.
The NHS needs to get tougher with suppliers and mandate that they will not deal with any suppliers whose software does not run on modern versions of browsers or have road maps to upgrade to SQL 2016 or Server versions.
Feel sorry for all the Trusts IT staff affecting, but patching costs nothing.....
-
Friday 12th May 2017 19:15 GMT bitmap animal
Is it per workstation
I've not seen if this is encrypted once per workstation. It looks like the infection and ransom is running on an individual machine, if there are communal files with say 10,000 machines sharing access then I'm not sure how this would work.
Can the scumware recognise a file already 'locked' and so leaves that alone. If that is the case them theoretically each workstation could encrypt a different file with what I presume is a different key. It's no longer a case of pay your bitcoin and get your company back - assuming the file is recoverable as there was one strain recently which was a fraud and couldn't be recovered.
-
Friday 12th May 2017 20:53 GMT johnsteeves
Gotta move to Linux
Geez! It's like Windows gets more dangerous by the day.
Honestly, by now these hospitals should probably start thinking about moving to Linux. It's matured a lot in the past few years and become really easy to switch over from Windows. I've been using a Linux distro called Zorin for the past few months and the transition was completely painless, and it doesn't get these Windows viruses.
-
-
Saturday 13th May 2017 02:25 GMT AlbertH
Re: Gotta move to Linux
Don't tell them that. If they all start using Linux, the virus devs will move on to that.
That's pretty unlikely. The underlying permissions structure of Linux, BSD and Unix make most of the types of attacks impossible. A user could (theoretically) screw up their own files, but the damage would be very confined.
The Linux problems at the moment are:
It's perceived as "geeky" and difficult to use:
My whole family have used Linux only for he last ten years, and most of them haven't a clue about anything other than basic use of a computer.
There's too much choice and no definitive "version":
One of the bigger distributions could be chosen - probably something like Debian / Mate - as the "definitive" version.
There's no support:
There is if you go with a bigger vendor....
All the objections can be easily overcome.
-
Saturday 13th May 2017 13:42 GMT Anonymous Coward
Re: Gotta move to Linux
You can say that moving to Linux is the obvious choice, and longer-term it is. But in the short term there is new software acquisition, testing, identification of systems/equipment that are dependent on Windows or XP in particular, user interface development, retraining users, perhaps some new hardware because legacy hardware doesn't run the new software, etc.
(Tux--because he would never let us down!)
-
-
-
-
Friday 12th May 2017 21:05 GMT BagOfSpanners
Why did it take so long for someone to combine a worm with ransomware?
I'm surprised this hasn't happened before. Most of the ransomware I've read about seems content just to encrypt the local disks in the PC of the person unwise enough to open a dodgy email attachment. Is this the first time a virulent worm has been combined with ransomware?
When one of my colleagues' PC was obviously infected with ransomware, the off-shored out-sourced IT helpdesk insisted it remain connected to the network for several hours while they tried to remotely connect and diagnose the problem. Fortunately that ransomware didn't seem interested in spreading itself.
-
Friday 12th May 2017 22:56 GMT noddybollock
Re: Why did it take so long for someone to combine a worm with ransomware?
My thoughts exactly - never aired them so as not to encourage it,
but not in the least bit surprised.
Sigh!!
Just waiting for the 'guverment' kickback - encryption should be banned.
Also interesting the UK new's TV progs don't mention the use of NSA developed tool's that helped make this spread.
Surprised - NOT!
sprll mistakes - I'm pissed! - twats shut the pub early again the alan b'tards
-
-
Friday 12th May 2017 21:17 GMT Anonymous Coward
MS Ransomeware attack
>> The security hole has been patched for modern Windows versions, but not WindowsXP –
>> and the NHS is a massive user of the legacy operating system.
MS do produce security patches for XP (e.g. embedded) but choose only to make them available to e.g. NHS in rerturn for inreasingly exorbitant "support" charges; rather they try to "persuade" organisations like the NHS to cough up for newer versions of the OS (with new bugs) - and to spend huge amounts of money dealing with the consequent changes to other software components.
The moral position is highly questionable.
-
Friday 12th May 2017 22:26 GMT InNY
There's a f**k load of ignorance on this thread
Really, there is.
Why Windows? Thirty years ago Linux was not available... and what did every organization use in the rush to computerize in the mid to late 90's? Oh, that's right it was MS Windows!
Computerized records, why not use pen and paper? Are you willing to pay for the storage? Are you willing to pay for your records to be mailed/faxed each time you visit another department, let alone another county/country? Or do you like the convenience of phoning in for your prescription (no need to visit the doctor, no need to explain to the receptionist why you need that tablet, no need to fetch your prescription and then take it and wait at the pharmacy) and then fetching it with no other interaction from you?
Do you like your life saving care to come from people who have access to your medical records and can see you are allergic to anti-histamines or whatever - because it says so on the screen?
Do you want you medical care provider to provide you with care for the best possible cost and not to be spending your hard-earned tax money on paper, creating forms that don't get completed or filed properly (mainly because the doctor/nurse/filing clerk is so totally over-worked it's mind boggling how and why they actually keep going), just so that you can drop dead because the bit of paper listing your allergy to common-sense was at the back of file, folded up and not at the front open for all to see (as and when they find your records in the huge warehouse; then someone carefully takes each page out and places it in the fax machine; then once they have faxed your records to correct place - "oh dear very famous person, I really didn't mean for your records to go to the local gossip blogger - the numbers are so similar. Never mind dear, I'll try again")
I know which I prefer. The question you have to ask yourself, do I prefer cost-effective health care or the shambles and inefficiencies of the 1970's?
Do I want my health care to work?
Do I want my health care to ensure I live?
If the answer is yes, then stop banging on about Linux is better than Windows, because they are both the sodding same. Really they are.
Windows is an OS; Linux is the kernel of a system that makes up an OS. Both do what they do very efficiently and effectively. Do you really think the pure evil hackers of the world would stick to Windows if Linux or Mac or Uncle Bob's OS was more popular?
-
Friday 12th May 2017 23:28 GMT Rob D.
Mrs Wilkinson, welcome to your new job
> April 2017, NHS Digital Chair Noel Gordon said: "I am delighted that Sarah is joining NHS Digital at such a pivotal time for health and care as we work hard to empower the system through digital transformation."
I bet she wasn't expecting this kind of digital transformation.
-
Saturday 13th May 2017 00:08 GMT A_Melbourne
Well done Microsoft. Cooperating with US intelligence services comes at a price. The Russians, Chinese and so on are moving away from American operating systems and software.
When is the last time you saw a new Detroit-made car in Europe?
That is what happens to people who make shoddy products - let alone products designed with integrated faults.
-
Saturday 13th May 2017 01:58 GMT GrumpyOldBloke
But where is GCHQ? An attack on the realm and the spooks are nowhere to be seen. Where is the government rushing in with a key generation service? How bad does it have to get before this turkey sold as keeping us safe actually starts to fly.
It is easy to blame the Yanks but the glorious British empire is culpable as well. Now if only we had that magic encryption that is secure but with backdoors.
-
Saturday 13th May 2017 09:44 GMT Anonymous Coward
GCHQ will be churning out forest after forest of impenetrable procedures for hapless civil servants to follow regarding the storage of crypto material or somesuch...
They're short on practical advice or action and usually several years behind the curve e.g. witness numerous Govt Depts that until fairly recently were still lumbered with obsolete Blackberries disabled to virtual uselessness whilst everyone had a personal iPhone/Android devices.
-
-
Saturday 13th May 2017 20:37 GMT MJI
Cars
Why would we want to?
Without leaving the contintent we can have plenty of brilliant cars.
Why buy a US generic big saloon when you can drive a BMW, Mercedes or Jaguar?
Why buy a US 4x4 when the best are made in Solihull?
Sports cars, hello Italy
Then there are the grand tourers, hatches, estate cars, so many decent ones available.
No need to go to Yankland
-
-
Saturday 13th May 2017 00:42 GMT Anonymous Coward
"NHS-CIO: Remove all external access to the HSE's Network to protect the integrity of clinical IT"
* For how long? Just "over the weekend"... WTF??? Isn't anyone getting the message that the net is toxic... We need to start over with new net security models. What we have isn't working. Its turning semi-apocalyptic...
* Governments in particular need to stop connecting internal systems to the net in the hope of saving pennies but actually becoming net facing 'marks'... Everyone else needs to seriously consider unplugging too, especially organizations / scada industry etc etc...
* The Data Wars are already lost to scammers, cybercrims, hackers... But nothing will change while aging politicians pretend to run the show... And since no one even bothered to buy the Shadow Brokers/NSA tools to keep them off the market, expect nothing but more chaos!
-
Saturday 13th May 2017 08:08 GMT Bilious
Remove all external access?
Some actually do need to access web mail during working hours, and some do need to extract or enter files on removable media. Research and teaching does not always take place on the same network as the patient records, but both are legitimate and necessary - so data needs to be moved between networks. Material has to be made somewhere, whether at work, during travel or at home. Restrictions tend to making research and teaching overly cumbersome, so there needs to be a compromise between usability and security. This is complex and requires people from different professions working together. My experience is that both IT decision makers and institution leaders ignore it.
-
Saturday 13th May 2017 10:33 GMT Danny 2
Re: Remove all external access?
Some actually do need to access web mail during working hours, and some do need to extract or enter files on removable media
Fair enough, then your employer should provide you with an insulated console for you to browse porn. Or, and this is just a suggestion, why not get internet access in your own home and update your kitty porn videos on your own time.This is NHS medical testing systems that have been compromised, I totally expect deaths to come from this hack. There is no debate on the rights of the NHS worker to browse the internet at work.
-
-
Saturday 13th May 2017 11:33 GMT Anonymous Coward
"Remove all external access?"
What's so wrong with a lock-down of medical / hospital machines regardless of M$ Swiss cheese holes. In the age of cloud why can't a medical pc or app poll / send changes from / to the Cloud on port 80? Everything else remains dead and off-limits! Plus why can't this lock-down be proprietary too, so it isn't on some NSA zero-day hit-list that hackers acquire? Its a reasonable question to ask...
-
Tuesday 16th May 2017 10:05 GMT Wayland
Re: "Remove all external access?"
I believe this was a co-ordinated attack from the inside, an inside job. Look at who was not attacked as well as who was. I don't believe this worm tunneled in through the firewall, it was already on the LAN. If the LAN was segmented then the worm would need seeding on each segment. It would need seeding at each hospital.
If this worm came from the Internet then members of the public would have been hit. Although I have seen this sort of worm before, we're not seeing this one on home computers and small businesses.
-
-
-
-
-
Sunday 14th May 2017 04:41 GMT the Jim bloke
Re: Oh dear. XP
Also many Oz government offices, local councils whatever..
Not the sexy, high prestige, celebrity government offices, but the nuts and bolts departments that actually have work to do, and a budget that has to be split between maintaining their garbage truck, providing PPE and shovels to lean on for their workers, and stationery and office equipment - which is probably what they use instead of an IT budget.
-
Monday 15th May 2017 06:29 GMT Wzrd1
Re: Oh dear. XP
Oddly, Microsoft sent out a patch for XP.
Good idea, as this rubish code belongs in a rubbish tip, not a fucking operating system. And to be honest, this shit code likely has existed since the US DoD bought the NT4 source code.
Blaming the NSA for doing what defense organizations do is idiotic, as they didn't write the shit code, Microsoft did and gave all six major vulnerabilities a free pass, for decades!
Do research how long the SMB1 stack has existed.
Hint: SMB1 is nearly as old as our children, who are in their mid-30's. It's nearly 30 years old.
We have one thing that's over 30, other than our children, our wedding bands. Everything else was either lost, destroyed in a move or damaged beyond repair in moving or normal life.
Or do we also need to get netbui fixed as well?
Yeah, I'm *that* old and a bit older.
Hint, the Queen of England sat 9 years on her throne before I was born, but my earliest memory, beyond a diaper pin jab, when I wriggled and understood what mom was warning me of, was JFK being shot to death.
This is a case of one complaining of a Model T Ford not running worth a damn on modern gasoline and worse, the valves hammering themselves to death.
-
-
Saturday 13th May 2017 09:44 GMT Anonymous Coward
Govt depts and system patching
During my decade of experience in a Govt dept they were terrible at patching. I've heard that things have improved but during my time there it was normal for systems to be never patched at all or every few years if that. It wasn't lack of finances (they spunked money on all sorts of unnecessary sh1t) just senior management incompetence. I was hoping that the NHS would be better.
I'm still public sector now but in my current employment it's "patch or die", thank goodness. This generates work but a lot less than not patching for years or until the latest Heartbleed/Shellshock or whathaveyou comes out.
-
Monday 15th May 2017 06:34 GMT Wzrd1
Re: Govt depts and system patching
Not only government. I work for a major corporation, derived from a Fortune 200 corporation.
This weekend, Saturday being my "Monday", I found major patching for this frigging vulnerability going on.
Back when I was IASO for a major US military installation, patches of the OS were delayed, at most, by 30 days.
Net result, due to equally anal retentive antivirus states, the 2008 cyberattack on the US DoD, which was centered on our area, failed.
Following best business practices also helped. A lot.
A tad of commonsense also helped.
-
-
Saturday 13th May 2017 14:50 GMT Dwarf
Budgets
I guess that if the NHS was better funded then they would have the budget to spend on keeping the IT that keeps their business working up-to-date.
Its a bit rich that Amber Rudd is quoted on the BBC as saying that "the NHS must learn from Friday's cyber-attack and upgrade its IT systems". Surely the fault lays at the door of the of government funding (or the lack of it). Critical public services must be correctly funded - irrespective of which government that happens to be on any given day as they are all as bad as each other in this regard.
I also believe that key supplier such as Microsoft should be forced to support applications for a longer period of time that reflects the complexity of making significant changes in large enterprises. This is a cost of doing business with such customers.
-
Sunday 14th May 2017 20:11 GMT SloppyJesse
Re: Budgets
"Its a bit rich that Amber Rudd is quoted on the BBC as saying that "the NHS must learn from Friday's cyber-attack and upgrade its IT systems". Surely the fault lays at the door of the of government funding (or the lack of it). "
Not just funding, but also policy when it comes to IT. They DID spend lots of money (12 billion plus?) but it was on white elephant national programme for IT rather than upgrading/securing out dated systems within hospitals.
-
Monday 15th May 2017 06:38 GMT Wzrd1
Re: Budgets
First, there's that entire WSUS thingie that's free.
Creating a test group, trivial.
Been there, done that, created the damned program.
Add in SCCM and assorted other package management software, well, seriously. This is a management complacency issue.
Now, long fangs are hooked upon many, many, many management asses, not only UK, but throughout the EU.
-
-
-
Monday 15th May 2017 06:44 GMT Wzrd1
Re: Ransomware..
We have precisely one Windows system in the house.
The POS from work. An HP EliteBook, with it's cracked NIC port, which isn't considered part of warranty and *why* HP won't be next year's vendor.
As for Microsoft, the only MS system in the house is the one from work. Although, I do keep one bootable under an obsolete version of Windows to patch assorted other systems that I'd rather throw into the trashcan.
-
-
Sunday 14th May 2017 13:32 GMT conscience
Let's hope that if/when the NHS does upgrade their IT systems then it's not with any MS operating system, primarily because there's nothing in Win10 to stop all this from happening again when some future forced update breaks key functionality and/or associated medical equipment needed to run hospitals. Not that the data slurping would allow many/most organisations and businesses to adopt Win10 in any case.
Neither should the NHS or other government departments/vital services consider purchasing any future vital equipment (e.g. NHS scanners) that relies on MS software in order to prevent a repeat of this dangerous situation.
Perhaps in future the NHS could set up a new hardware/software platform that is not subject to commercial pressures of forced obsolescence for profit. Their own Linux distro perhaps? Adding any new custom code they require needn't be expensive when shared out between all the NHS and potentially all UK government departments. All built atop some chip/architecture with multiple vendors to avoid any future problems that may arise. All vendors wanting to participate must agree to support whatever they contribute for a very long period of time e.g. several decades minimum. I don't think we can afford not to take control of our important IT, the likes of MS have proved they are not up to the task.
-
-
Sunday 14th May 2017 22:56 GMT Wayland
They do need their own Linux distro if only to put in the mechanism for supporting it should the original distro die. The NHS distro could be Debian with some NHS specific tuning. It might even contain WindowsXP virtual machines just to smooth over the transition for things that need rewriting for Linux.
-
-
-
Monday 15th May 2017 05:51 GMT Archie1954
Do you remember just who it was that started this whole cyber warfare? Think back several years to the joint US/Israeli stux worm attack against Iran. Yes the same nation whose NSA worm was negligently allowed to proliferate into the Worldwide Net started the whole cyberwar evil. The British healthcare system and all others harmed by these cyber attacks should sue the NSA for gross negligence or willful misfeasance.
-
Monday 15th May 2017 06:16 GMT Wzrd1
Irritating
For one, the NSA didn't write the garbage code that was SMB1. Microsoft did.
Said code repeatedly passed the excuse for code validation that Microsoft has.
That the NSA found six vulnerabilities and likely utilized them, well, they're military defense. Do you honestly expect any military organization to give away an advantage?
This is odd for me, as I have rarely defended the NSA!
I'll close with, *anyone* who permitted SMB1 protocol to exist on their network needs to be given the sack. Inefficient, network hogging worse that YouTube cat videos and pure rubbish coding has long turned that code to be a top list of first to disable on a baseline configuration. Right next to autorun, which even Microsoft figured out to disable by default. The only damned thing it's not vulnerable to is ping of death!
-
Monday 15th May 2017 06:31 GMT Mister Fluffy
2001
On a side-note, I was told, during an interview without coffee in 2001, that computers were the only way forward in General Practice.
Personally, I can maintain eye contact with a patient, and make far more detailed hand-written notes than is possible when sitting with a screen in front of me; I wear my watch on my right wrist in order to be able to note the time whilst writing, rather than on my left which demonstrates the time-keeping.
My concerns regarding the not infrequent network failures were pushed aside, back-up was something that might be occurring, and password sharing was common amongst staff.
Consultations recorded on computers, generally (and I've reviewed tens of thousands), cut corners, lack detail, and offer little protection to medico-legal challenge.
The grey suited spectre from the Department of Health was singularly unimpressed when I enquired about long-term work force planning given the numbers of ageing general practitioners, and the increasing number of part-time and female partners.
I left general practice shortly afterwards and undertook another, expensive, four year training programme.
Work was far more satisfying, but I still had 'managers' who were far less qualified than I was who insisted on telling me how to run my service to the point of bullying, harassment and false reporting.
The conflict within the NHS is a workforce that, typically, knows what they are doing (in a grossly underfunded service), and a management that is self-promoting, and does not listen to the concerns of their own staff.
Add in the duplicity of the government, and the conspicuous absence of the Secretary of State for Health, and you have a system teetering on the verge of collapse.
I might suggest private health insurance but you're going to get fleeced by the companies concerned.
-
Monday 15th May 2017 08:43 GMT Jobacon
Don't use WINDOZE!
The answer is: don't use Windows for vital services such as hospitals! Most IT departments hire people who know nothing else. The main problem is that the government always hires the wrong IT companies for its large projects, companies run by megarich businessmen who know nothing about IT rather than smaller companies run by mavens. That is why the NHS computer services have more holes in them than a Gruyère cheese. Remember the millions wasted by the NHS trying to computerise its entire system, only to discover that they were incapable of doing it? The NHS needs its own proprietary operating system that cannot be penetrated by cyberterrorists.
-
Monday 15th May 2017 13:00 GMT ancient-strider
TELL ME AGAIN - HOW DO I BACK UP?
NHS data losses can be expected. They are not willing to pay a decent rate for a decent Tech-team.
The skilled guys are tech consultants but not for the NHS. And how do two guys keep up with a whole hospital's needs with computing, electronic records, bar-code-only to locate patients hard copy records on miles of shelves....... etc.
As an ex-admin in the NHS, my wife has first hand experience of the constant fails and crashes, and panics if an operation was about to be cancelled because notes could not be located.
This crisis is nothing new - just different!