back to article WannaCrypt outbreak contained as hunt for masterminds kicks in

A feared second wave of WannaCrypt ransomware attacks has failed to materialize, but 16 UK National Health Service Trusts are still grappling with last week's infection. WannaCrypt spread like wildfire last Friday, infecting computers and disrupting operations at 47 NHS Trusts, US firms including FedEx, Spain's Telefonica, …

  1. Magnus_Pym

    Pwnd

    The upshot of this that if you were vulnerable to wannacrypt last week then you've been owned by the NSA for years.

    1. Tom Paine

      Re: Pwnd

      The upshot of this that if you were vulnerable to wannacrypt last week then you've been owned by the NSA for years.

      What utter, utter, bollocks. If you don't know what you're talking about, might I gently suggest avoiding commenting?

  2. AmenFromMars

    Intel

    I wonder what will happen when someone manages to find an effective way of exploiting the Intel AMT vulnerability - that won't be quite so easy to patch.

    1. Mikel

      Re: Intel

      The cure for Intel AMT is dead simple on a desktop. Install a NIC and move the cable to it. AMT only works on the integrated onboard NIC. Taking control of your remote management options is essential.

      For good measure depopulate the onboard port or fill it with epoxy. Which you should have done on arrival.

      Fix works also for AMD platforms.

      Notebooks? That's a different story.

      1. Voland's right hand Silver badge

        Re: Intel

        The cure for Intel AMT is dead simple on a desktop. Install a NIC

        Fantastic unless you are dealing with a predefined bundle of software + hardware and the retard which built the software has linked it versus a machine ID library which uses the primary MAC as an ID.

        1. Mikel

          Re: Intel

          Fantastic unless you are dealing with a predefined bundle of software + hardware and the retard which built the software has linked it versus a machine ID library which uses the primary MAC as an ID.

          I think I found your problem.

      2. AmenFromMars

        Re: Intel

        I was thinking more large corporates with thousands of machines. Windows updates will have a tried and tested and largely automated patch process (because it happens so often). Not so much when trying to patch/update a processor/chipsets. Installing NICs isn't really an option. Even identifying vulnerable machines will be quite a challenge.

        1. Brewster's Angle Grinder Silver badge

          Re: Intel

          "Even identifying vulnerable machines will be quite a challenge."

          To be vulnerable a machine has to have been specifically set up by an administrator, and vulnerable machines can be found by a portscan.

          Patching or disabling look less work than gluing up the port and installing a new NIC.

        2. Tom Paine

          Re: Intel

          This is why "vulnerability management" is a thing. It's not rocket science, just slow, tedious, and moderately expensive.

          http://csrc.nist.gov/publications/nistpubs/800-40-Ver2/SP800-40v2.pdf

      3. Soruk

        Re: Intel

        > Notebooks? That's a different story.

        USB3 gigabit NIC. For older machines, a USB2 100Mbit NIC will suffice.

    2. Tom Paine

      Re: Intel

      It's the most trivial exploit imaginable, just send an empty password hash. Boom, you're ring -2.

  3. R Soles

    "The NHS's online arm said that Windows XP use within the health service had fallen to 4.7 per cent"

    Which sounds very good until you realise that, under some measures, the NHS is the 5th largest employer in the world with some 1.7 million workers.

    The large army of cooks, porters and cleaners wont need their own PC of course, but still that's a lot of computers running a more than 15 year old OS.

    http://www.telegraph.co.uk/news/uknews/9155130/NHS-is-fifth-biggest-employer-in-world.html

    1. katrinab Silver badge

      There are about 850,000 employees with email addesses. Some will work different shifts on the same computer. Then there are things like MRI scanners controlled by computers that might not have Outlook installed, depends how they transfer the images to doctors.

  4. Eddy Ito
    Facepalm

    "Some expensive hardware (such as MRI scanners) cannot be updated immediately, and in such instances organizations will take steps to mitigate any risk, such as by isolating the device from the main network,"

    Shouldn't that be "have already taken steps"? You know, like when they first knew they weren't getting any more security updates. Back in the days of floppies we called it sneakernet although write protection to ensure data only went one way was easier then. I imagine some similar protocol can still be done but it still relies on meatsacks getting it right.

    1. theOtherJT Silver badge

      Re: Shouldn't that be "have already taken steps"?

      That's what makes me personally so mad about all of this. 90% of this was completely avoidable if people had just been following good security procedure. Yes, there are always going to be zero day exploits, and there are always going to be idiots that click on links in emails - but since we KNOW that's always going to be the case, people should be putting measures into place with that in fucking mind!

      1. Anonymous Coward
        Anonymous Coward

        Re: Shouldn't that be "have already taken steps"?

        90% of this was completely avoidable if people had just been following good security procedure.

        Teaching god knows how many employees and implementing good security procedures is going to cost money.

        1. the Jim bloke

          Re: Shouldn't that be "have already taken steps"?

          As has just been demonstrated, NOT teaching them also costs money

          1. Tom Paine

            Re: Shouldn't that be "have already taken steps"?

            Add up the cost of delaying, IDK, say 10,000 ops a few days. let's say there's a 1% mortality increase: That's £100m (by UK standard actuarial stats, as I remember it -- may be more nowadays.) Then the cost of, say, two days of overtime by the outsourced SPs and inhouse IT, if there still are any. Assuming they get paid overtime -- and I don't know about anyone else, but in 21 years in IT and 11 employers, only one has paid IT or security droids overtime) -- but this is the public sector, and they still have unions, so let's make a wild guess and say... 1.5m staff... say... 25,000 IT staff total, only half of who will be junior enough to be dragged in at the weekend. Let's say they did 10h days over the weekend. 12,500 * 20h @ £40 = £10m.So, grand total: £110m.

            On the other hand, three years of Windows licenses ... bulk discounts.. say £50 each * 500,000 machines = £25m. Some fraction of those machines will be too old to run W8 or 10; let's say half need forklift upgrades, at £500 each (including boxdropper pay): 250,000 * £500 = £125m.

            So we're already at £150m without factoring in the cost of doing all the OTHER security things apart from "apply patches" (you'll recall there's a bit more to it than that, and if it's worth doing, it's worth doing properly, right?) and I'm certain if I thought about it there are many other costs I've neglected.

            Now imagine you're running a hospital trust, on a fixed budget allocated by external forces out of your control. People are lined up on trolleys in the corridors, it's a 6h wait to be seen in A&E for everyone except stroke, heart attack or major trauma cases. Meanwhile you have 300 elderly people clogging wards because you can't discharge them because there's no social care available. Oh and you're short of your budgeted complement of nurses to the tune of 12%, and you're facing annual budget cuts of around 5% for the next five years. How would you feel about the suggestion that they spend £150m+ on replacing computers that, to your eyes, appear to be working just fine, just as they have for the last decade?

            And that's more or less what happened: £1Bn was raided from the infrastructure and IT budget to pay for opex -- clinical staff, pharmaceuticals, keeping the lights on,

      2. Tom Paine

        Re: Shouldn't that be "have already taken steps"?

        They've taken a decision that a couple of days without email (or completely down) once a decade is less expensive that hiring the number of sec analysts and managers needed to implement comprehensive best practices (not to mention the disruption and capex overhead caused by, say, forcing 2fa for desktop access.) All I can tell you is that they're rich and I'm not, so who's the smart guy here?

    2. Voland's right hand Silver badge

      You know, like when they first knew they weren't getting any more security updates.

      Which is day one. On quite a few of these you are out of warranty and liability coverage on a 10M+ piece of equipment which can whack a patient with a potentially lethal dose of radiation if you touch the base OS outside the vendor specified params.

      What NHS (and many other large enterprises) do is putting such equipment on the general purpose network instead of isolating it and treating it as industrial and process control kit (the way it should be treated).

    3. Anonymous Coward
      WTF?

      "Some expensive hardware (such as MRI scanners) cannot be updated immediately, and in such instances organizations will take steps to mitigate any risk, such as by isolating the device from the main network,"

      This sounds like misdirection. With 4.7% of NHS computers running XP, are they really suggesting that something approaching one computer in twenty has some fancy diagnostic equipment which is at least 8 years old attached to it? This must be a tiny proportion of the XP computers in the NHS. What about the rest?

  5. Pen-y-gors

    criminality?

    Hunt told reporters that the level of criminality associated with the outbreak was at the "lower end" of what the government had expected.

    What level of criminality do we call a decision not to bother with security updates for thousands of XP machines, to save a few million quid? How much has the last few days cost, Mr Ffrynt-Botham?

    1. Brewster's Angle Grinder Silver badge

      Re: criminality?

      But where would that money have come from? Fewer nurses? Fewer expensive drugs? Less capital expenditure? "Efficiency savings?" Because the department of Health wouldn't have got any more money. For that blame Osborne and the Daily Heil.

      1. Pen-y-gors

        Re: criminality?

        @Brewster's thingy

        But where would that money have come from?

        An interesting point. Surely the purpose of a 'Secretary of State for Health' is to work out how to provide the necessary funds to do the necessary tasks. If he can't do that then he's a bit of a waste of oxygen.

        Obviously there are different priorities, but it's not a matter of either/or. Would he suggest not-buying antibiotics to pay for more nurses? Or reducing ward hygiene (even more)? No. There comes a point when the solution is actually more money. Where does that come from? There are many options...

        1. Brewster's Angle Grinder Silver badge

          Re: criminality?

          "Would he suggest not-buying antibiotics to pay for more nurses?"

          I think he's been doing it the other way round: buying the drugs but increasing the workloads of nurses to the point where patients aren't getting fed or are developing bed sores.

          "Or reducing ward hygiene?"

          Yup, that seems to have been going on as well.

          And we haven't talked about patients on trolleys and the increases in waiting times. (That's probably where it would have ended up: increased waiting times.)

      2. Anonymous Coward
        Anonymous Coward

        Re: criminality?

        Where's the extra 350 million pounds each week for the NHS after Brexit?

    2. Tom Paine

      Re: criminality?

      How many people would have died had that money not been spent on their care instead?

      Suppose one of them was a relative.

  6. Anonymous Coward
    Anonymous Coward

    https://pbs.twimg.com/media/C_2FvhwXgAE_rEw.jpg

  7. John Smith 19 Gold badge
    WTF?

    5% of 1000 000 is 50 000 desktops.

    Worst case?

    BTW as others have noted many of those PC's already boot in Win7, then go to a VM running XP. Obviously this is not a very secure VM.

    Root cause remains WTF can those applications not be disentangled from a 17YO OS and it's browser and why can't a newer version be certified fit for purpose by the NHS?

    At the end of the day the healthcare system is a large set of large databases with a series of applications built on top of it with a series of browser GUI pages.

    Just like a 100 other f**king apps.

    So just exactly why is getting a health app to run on a current OS so f**king difficult?

    1. 100113.1537

      Re: 5% of 1000 000 is 50 000 desktops.

      I don't work in health, but in research and I expect the issues are the same.

      There are pieces of technical equipment which do a perfectly good job and do not need replacing, but which have legacy hardware systems and cannot be upgraded or run from a modern (Win7 plus, or MacOS10) PC. These are often very expensive pieces of equipment (my own personal favourite was a half-million dollar MALDI-TOF Mass Spec which was running on NT) that you just don't toss away when MS or Apple stop supporting the OS.

      I am sure that in some cases there is lack of proper upgrading, but you don't replace equipment worth hundreds of thousands of dollars (or pounds) on the same frequency that you replace PC or operating systems. Be as outraged as you like, but then calm down and look at the real situation - it is legacy hardware that is still running old versions of the OS and an upgrade is simply not available.

      1. tom dial Silver badge

        Re: 5% of 1000 000 is 50 000 desktops.

        "You don't replace equipment worth hundreds of thousands of dollars (or pounds) on the same frequency that you replace PC or operating systems." Quite correct.

        You also do not put them on an intranet that touches the public Internet. Certainly not with an unsupported OS, and best never, as the cost if compromised may be a machine physically dangerous to users and others, and may be proportionate to the machine cost.

        1. Chris 3

          Re: 5% of 1000 000 is 50 000 desktops.

          Except of course - how are you going to get those images to the doctor's desk? USB stick? Mmmm. Two entirely separate PCs on each Doctor's desk on two separate networks?

          1. John Smith 19 Gold badge
            Unhappy

            "Except of course - how are you going to get those images to the doctor's desk? "

            My question was not how to do it. My question was why it had not been done already.

            In fact I strongly doubt the GP's system is the same as the hospitals systems.

          2. This post has been deleted by its author

      2. Norman Nescio

        Re: 5% of 1000 000 is 50 000 desktops.

        100113.1537 said:

        - "There are pieces of technical equipment which do a perfectly good job and do not need replacing, but which have legacy hardware systems and cannot be upgraded or run from a modern (Win7 plus, or MacOS10) PC. These are often very expensive pieces of equipment (my own personal favourite was a half-million dollar MALDI-TOF Mass Spec which was running on NT) that you just don't toss away when MS or Apple stop supporting the OS.

        I am sure that in some cases there is lack of proper upgrading, but you don't replace equipment worth hundreds of thousands of dollars (or pounds) on the same frequency that you replace PC or operating systems. Be as outraged as you like, but then calm down and look at the real situation - it is legacy hardware that is still running old versions of the OS and an upgrade is simply not available."

        tom dial said:

        - "You also do not put them on an intranet that touches the public Internet. Certainly not with an unsupported OS, and best never, as the cost if compromised may be a machine physically dangerous to users and others, and may be proportionate to the machine cost."

        +++

        Good practice is to isolate the old kit as much as possible, but that can be difficult operationally. If it is running XP, it doesn't do SMBv2*, and if your workflow involves moving information off a scanner (for example), then it is not unlikely that SMBv1 is being used to get files onto a shared fileserver. Moving stuff around by USB may not be feasible or practical**. Someone then has to set up an isolated VLAN, or physical LAN segment, install a firewall, and set up a ruleset correctly, and maintain it. Operational complexity is never good.

        All of this is standard stuff for an IT department, but easy to de-prioritise.

        *https://blogs.technet.microsoft.com/josebda/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/

        **you can put an up-to-date PC next to the XP one running the scanner/other equipment. You then have to hope the software is written to allow writing the necessary files out from the XP machine, then in on the 'standard' machine (or vice-versa) - so your fixed asset count has gone up, and your operational complexity has gone up, and both machines are vulnerable to having a non-approved USB device connected.

      3. John Smith 19 Gold badge
        Unhappy

        "but you don't replace equipment worth hundreds of thousands of dollars (or pounds) o"

        And no one is asking anyone to do so.

        In any case that can't be more than a few 100 PC's across 47 trusts.

        So what's the story of the rest of them?

    2. Doctor Syntax Silver badge

      Re: 5% of 1000 000 is 50 000 desktops.

      "So just exactly why is getting a health app to run on a current OS so f**king difficult?"

      Try reading this and maybe you'll understand at least one of the issues. https://m.forums.theregister.co.uk/user/84511/

      1. John Smith 19 Gold badge
        Unhappy

        "Ttry reading this and maybe you'll understand at least one of the issues. "

        As it happens I've a working knowledge of measurement systems and the problems of RF analogue design.

        Let me make a few points.

        "The send receive has to operate with a degree of thiming precision in the MHz range"

        Sounds tough.

        Oh wait we live in world where PC motherboards run at GHz frequencies. Now if they said the edges of those timing pulses had to be accurate to 1ns he's have some serious trouble. But he didn't.

        "Timing is therefore usually handled by a single quasi autonomous card that is programmed in a unique language to trigger sequences of events. I"

        IOW it's a Black Box that's handles all the precision timing. Still not a problem.

        "fed their activity lists usually by an old school RISC card that is not doing anything else a"

        Another Black Box. Again nothing to do with the network.

        "The old school RISC card then sends the data by Ethernet to the PC (used to be SGI or SUN up tlll about 2000) which is where the issue actually is."

        SOP for most network systems is

        Build data buffer

        Pass start address and length to interface card.

        DMA squirts the data out over the link and interrupts if it receives something back or buffer runs out.

        Of course if someone has saved a few £ by doing the Ethernet interface in software you're in deep s**t. :-( AFAIK the main Ethernet chips are a few £. Of course being able to make sense of the data sheet (or rather the several 100 page book listing it's registers and what their settings mean) is another matter.

        Likewise if they wrote the handler code at the other end in an MS "Managed" IE interpreted language that's likely to have some timing issues. Or maybe they just wrote buggy code?

        BTW I'm not a PhD but when people start talking about multi channel scopes and logic analyzers I start thinking "Bad grounding, poor bypassing, poor partitioning (high level analogue, low level analogue, digital), runt pulses"

        But here's the kicker.

        So what? The only PC that should be talking to is a modern PC running an up to date OS IE without SMB V1.0 as a problem to begin with.

        Yes this stuff costs an arm and a leg.

        Yes the are a valuable investment with a working life in decades (actually the nearest thing I can think of them was a comment that some of the animation cameras used for the computer controlled animation task, I mean actual models, not CGI, dated from the 1920's and 1930's)

        So 47 trusts.What's that? 100 sites? MRI is one per site? CT is another, say a couple of ultrasound units?

        Wow that's possibly 400 PC's that need TLC.

        Now what about the rest of them?

        GUI to embedded HW <> regular desktop PC.

      2. John Smith 19 Gold badge

        "Try reading this and maybe you'll understand at least one of the issues. "

        TL:DR version of my reply. I did. That explains a few 100 machines across 47 trusts. Not the rest.

    3. DF118

      Re: 5% of 1000 000 is 50 000 desktops.

      So just exactly why is getting a health app to run on a current OS so f**king difficult?

      There are other reasons, but in my org the main reason is managed software providers being dicks, and bamboozling the beancounters and execs into forcing IT to "just do what you need to do to make it work".

      The IT managers are, as usual, little more than willing messengers.

      Take a bow, Atos.

      1. John Smith 19 Gold badge
        Unhappy

        "in my org the main reason is managed software providers being dicks,"

        Now that I can believe.

    4. Black Betty

      Probably can't update because of device drivers.

      These computers have to "talk" to the equipment they are attached to, and the odds are the interfaces for a lot of medical equipment is proprietary. So much so that I would not surprise me to see ISA interface cards still in use in places.

  8. steve 124

    The root of the problem is being ignored

    <sits up soapbox>

    Ok, I've said this before and I can't believe this is being ignored (especially in light of this latest attack). Why in the hell is bitcoin still in existence?

    The ONLY reason this kind of attack is being done is because there exists an anonymous way to transfer money (bitcoin). The only reason bitcoin exists is for conducting illegal transactions.

    If you take this secure conduit away from the mix, and what tech savvy hacker is going to be willing to launch an attack (which could possibly be tracked back to them) if there is no way to securely get money from your activity?

    Every other type of transaction can be traced (yes, even dollar bills). Tell me one single legitimate reason we need an untraceable money transfer service?

    I can't think of a single scenario.

    Want this stuff to stop? Kill bitcoin. Kill bitcoin. Kill bitcoin.

    I can't believe this is not even being discussed.

    ~Just by 2 BCs.

    1. fobobob

      Re: The root of the problem is being ignored

      Killing bitcoin would have no lasting effect; they'd just move on to another way of accepting payments (as some already have implemented)

      https://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-accepts-itunes-gift-cards-as-payment/

      There's no reason they couldn't request any other type of pre-paid card, either. Not even going to touch on the 'why' of bitcoin's existence, as you've pretty clearly closed up your mind to anything anyone could put forth.

    2. fobobob

      Re: The root of the problem is being ignored

      Actually, I'll give you one; you called soapbox, after all. Bitcoin and other cryptocurrencies deprive the government/regulators/whoever of any significant level of control over who can and cannot make financial transactions. The analogy of 'digital cash' is not a very good one, but the benefits/detriments of cash and cryptocurrencies very often align.

      1. TheVogon

        Re: The root of the problem is being ignored

        "Bitcoin and other cryptocurrencies deprive the government/regulators/whoever of any significant level of control over who can and cannot make financial transactions."

        So you have found a way of stopping people handing large amounts of cash to each other?! Do tell us more...

        1. fobobob

          Re: The root of the problem is being ignored

          I suppose I should've given additional context there; the intended context was with respect to other digital transactions. Also, India may or may not have achieved such a thing with their recent demonetization of some specific bank notes; I do not have any insight into whether this was truly effective or not. Removing hands is another potential solution (/s)

    3. Richard 12 Silver badge

      Re: The root of the problem is being ignored

      Bitcoin isn't anonymous.

      Every transaction is in the universal ledger, which everybody has access to by design.

      The hard part is matching a given bitcoin payment address to an individual legal entity, which is very easy if they ever "cash out".

      It is probably quite hard if they spend the bitcoin as bitcoin, however the money trail remains and could be followed.

      1. TheVogon

        Re: The root of the problem is being ignored

        "The hard part is matching a given bitcoin payment address to an individual legal entity, which is very easy if they ever "cash out"."

        That's easy to avoid. There exist multiple services that "rinse" bitcoin transfers across many small transactions between multiple accounts specifically to enable fairly decent anonymity.

      2. John Smith 19 Gold badge
        Unhappy

        Re: The root of the problem is being ignored

        Indeed.

        PHB's in the health software companies that won't move their decades old software off a 17YO OS.

        PHB's in NHS trusts who don't see why this is car crash of a problem waiting to happen, or pushed to migrate the hospital management systems off XP

        PHB's in the Ministry of Health who didn't push for it either.

        PHB's in NHS central IT who didn't push to certify new versions on new OS's (despite a lot of those PC's actually running XP in a VM anyway.

        And of course the PHB in chief Mr Hunt.

        Will any of them earn any kind of penalty, or be called to account for their (in)actions?

        What do you think?

    4. TheVogon

      Re: The root of the problem is being ignored

      "Why in the hell is bitcoin still in existence?"

      Absolutely - we must ban it immediately. Along with the US Dollar - which is by far the criminal currency of choice - and can be carried round as bits of paper without any trace or audit trail!!!!

    5. Version 1.0 Silver badge

      Re: The root of the problem is being ignored

      Let's kill bitcoin, and every other currency, all ransoms must now be paid, in person, as a specified number of pigs, bushels of corn, wheat and carrots. Just for good measure, let ban gold and iron ingots too.

      There, problem sorted.

  9. Doctor Syntax Silver badge

    "UK Health Secretary Jeremy Hunt and Home Secretary Amber Rudd are attending a meeting of COBRA, the Cabinet's rarely convened crisis response committee."

    The blind leading the blind.

    1. Winkypop Silver badge

      You Sir, stole my post

      Well played.

  10. Anonymous Coward
    Anonymous Coward

    They'll be determined to find these dopes and they will be found, hope they like prison food and cold showers.

  11. Anonymous Coward
    Anonymous Coward

    "A feared second wave of WannaCrypt ransomware attacks has failed to materialise."

    And not one person that understands IT or how it works was surprised.

    1. Version 1.0 Silver badge

      failed to materialise? I don't think so.

      We got bombarded today with very realistic requests to open a docusign document. The thrashings will continue.

  12. eesiginfo

    Blockchain tracebility

    Excuse me for asking this question... but he who dares wins...

    I've been involved in computing since IBM DOS.

    However, blockchain has simply passed me by.

    No matter... I have gleaned an overview that all transactions are registered (rightly or wrongly).

    So I'm wondering (as an uneducated person in this field)... why it is that these payments can be counted... yet the ultimate recipients cannot be identified.

    Can anybody provide an answer?

    1. To Mars in Man Bras!

      Re: Blockchain tracebility

      As long as the transactions stay within the blockchain then it's reasonably anonymous. The ledger will just show that those ransom payments have been made to certain anonymous addresses.

      The problem will arise when the miscreants try to convert their ill-gotten gains to either fiat currency or use them to buy other goodies. Half the security services in the world, as well as countless other people are going to be tracking exactly where each of those ransom payments goes from now on and will pounce as soon as anyone reveals the slightest connection to them.

      If the hackers have two braincells to rub together, they'll not go near those coins, as they're the digital equivalent of radioactive waste now.

      1. eesiginfo

        Re: Blockchain tracebility

        Ah... thank you for that response.

        Strange that none of the mainstream media has explained this.

        I guess that they were just too embarrassed to ask :)

    2. TheVogon

      Re: Blockchain tracebility

      "Can anybody provide an answer?"

      See https://news.bitcoin.com/tumbling-bitcoins-guide-rinse-cycle/

  13. aquaman

    Why do the terms manufactured crisis and distraction pop into my mind? The fact I even have to wonder says a lot about the current state of affairs.

    1. Version 1.0 Silver badge

      There's a silver lining

      Manufactured crisis? In the US today nobody's talking about Trump ... it's actually been quite a pleasant day for a change.

      1. Anonymous Coward
        Anonymous Coward

        Re: There's a silver lining

        Expect him to throw his toys out of the pram again once he realises he's not the center of attention.

        probably deploying the 82nd airborne* against anyone using TOR, or declaring war on the Norks, depending on how much he is ignoring his advisers today.

        * or whoever... drawing on my fiction reading for sources.

  14. Anonymous Coward
    Anonymous Coward

    Who wasn't hit?

    That might be a big hint.

    At the risk of being accused of being a conspiracy theorist - perhaps the "leak" of the trove was part of the plausible deniability for state actors, who kicked of the attack when independent parties didn't.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who wasn't hit?

      One notes that Russia was hardest hit.

  15. Anonymous Coward
    Anonymous Coward

    All that damage for a measily $55,000?

    The only others willing to do such vast collateral damage, for relativity little gains is the tory party.

  16. Clive Harris
    Unhappy

    Real people are getting hurt

    Let's not forget that real, innocent, people are getting hurt by this. My sister was in hospital when this broke out, recovering from surgery. Last Saturday, the hospital had to send her home early, in a wheelchair, when their IT. systems completely collapsed.

  17. Anonymous Coward
    Anonymous Coward

    It's not that bad guys

    The number of 'cute', 'hot' women that are emailing me has risen sharply.

    What's the problem?

  18. Conall O

    any payload eh?

    makes me want to make a variant that installs the Microsoft patch.

  19. JimmyPage
    Big Brother

    GCHQ/NSA and decryption keys ...

    Unless the people behind this hack were better than the average criminal (and I can't see any evidence of that so far) then it's more than likely they botched generating the encryption keys. Certainly enough that the massive computing power (plus special algorithms) packed by the boffins at GCHQ/NSA should be able to provide a good stab at delivering the decryption keys.

    Which (in this commentards humble opinion) is *exactly* the sort of thing they should be doing. Certainly before hoovering up all our web searches.

    I know they are understandably cagey about their capabilities, but is it too much to hope that in between tweets and election gaffes, the US and UK have in place a mechanism to release decryption keys without it being obvious ? Bearing in mind there's still a mystery over how the Crysis keys were leaked online.

    1. John Brown (no body) Silver badge

      Re: GCHQ/NSA and decryption keys ...

      "Certainly enough that the massive computing power (plus special algorithms) packed by the boffins at GCHQ/NSA should be able to provide a good stab at delivering the decryption keys."

      If this was a TV show, teams would have already tracked down the source and arrested them, got the keys from them and released a friendly virus (written in a few minutes on a top secret quantum computer, natch) to replace the nasty one while leaving a trail of freshly protected PCs in it's wake and the world would safe again, at least until next weeks gripping episode.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like