Nothing to scoff at: Crisps and nuts biz KP Snacks smacked in ransomware hack attack Some of Britain's favourite pub munch could end up in short supply after KP Snacks, makers of nuts and crisps, suffered a ransomware attack. KP dry roasted peanuts A family pack perfectly normal single serving of KP dry roasted peanuts Kenyon Produce, to give the company its formal name, wrote to small shops around the UK …
Reports that a football pundit was seen trying to plug in a USB stick at the reception desk PC are completely untrue…
(Not that his own snack-making friends haven't had IT problems of their own fairly recently. The spice, and other savoury and salty tasty snack product supplies, must flow!)
This post has been deleted by its author
Peanuts are a pea not a nut.
People either have a specific Peanut allergy, or a non-specific nut allergy (cannot contain Peanuts by definition), or both!
It makes a lot of difference to be accurate and the media don't help in this matter, always conflating the two problems.
EpiPen at the ready!
STOP using Windooze for mission critical tasks!!!
I've been saying that for the last twenty years. Anything in a medical environment, factory, military where you want your system functional when you use it, should NOT be running Windows.
I've seen first hand medical equipment put out of action at critical times because a windows update killed the system. All updates on critical systems should only be done under the control of an engineer ( in the case of a medical device) and in a scheduled and controlled manner.
Preferably use Linux. Brownie points to GE who got that right.
Merely switching the OS isn't going to stop ransomware.
Linux may be harder to attack that Windows, but it is not invulnerable.
When setting up a corporate network, you need to build in security from the start.
You need to ask yourself which stations on the network need access to the internet, and why. Any stations that don't need internet access should not have it. By "stations", I mean any device that may be attached to the network, whether it's a computer, printer, a medical device or some sort of manufacturing machine. Things like printers should not be accessible on the Internet.
If something needs remote activation, or updating, you need to see if the manufacturers can offer a local Update or Licencing/Activation server.
You also need a decent security system, including firewall/antivirus/intrusion detection, and to ensure any systems are locked down as tightly as they can be without impacting corporate needs.
The downside for all this is that if you do have a specialist machine connected to the network, and it goes wrong, the manufacturer will need to actually send an engineer to diagnose the problem. They will not be able to do it remotely, unless you give that machine Internet access.
Any new software/hardware that goes on the network should be thoroughly tested before use, and any updates should also be thoroughly tested, but should be deployed when they pass the test. It *is* important to keep software up to date.
Finally, there is the User. Users need to be told how to spot scams, and need to know not to just click random links in emails, or open attachments from those they don't know.
The trouble is, all that costs money to do properly, and if done properly, all it achieves is the system working as it should. That is a difficult sell to the beancounters because they'd point out that the system is just doing what it was bought to do, and they'd question why they need to spend more on it..
There is a lot more I could say about this (people have written books on this stuff), but this post is already too long. The TLDR is that no software/hardware is invulnerable. You need a well designed network, with security built in and good security practices being carried out by staff as well..
"Finally, there is the User. Users need to be told how to spot scams, and need to know not to just click random links in emails, or open attachments from those they don't know."
Unfortunately, badly thought out "security" just trains uses to click "OK" to everything. We recently were forced onto O365. My laptop, now on the corporate domain, won't allow me to install my preferred LibreOffice. (preferred, because of my limited use of spreadsheets and documents so the cleaner interface is far better IMO). This means every time I open a local spreadsheet, I'm warned that "documents from the internet could be harmful" and have to click it into edit more from read-only mode. Every time. And can't change it. Ditto, when I'm finished with a particular spreadsheet and move it to the archive folder, I get warned again, and have to click OK to say, yes, I really want to copy this "dangerous file" from one local directory to another. Interestingly, if I get a spreadsheet by email and open it from outlook in edit mode from Onedrive, I don't see those warnings. If I was more cynical, I might suspect that MS are trying to discourage users from creating and storing local documents in favour of storing them where they can take a peek.
Reporting from the coal face, another issue is too much software is badly written and requires the user to have Admin permissions to run, or requires Admin to allow another user to run it, or to see the test equipment plugged into it.
Doing the recent Win10 rollout, way too much required hours on the phone to the supplier for them to remote in and flick some switch somewhere. For Every Single Bloody Machine.
No access, no support I'm afraid.
Some even use NTP from Japan.
The big 6+ figure toys I play with in medical imaging are connected, they have to be.
In theory you could switch access on and off as required. In reality not so much.
I know there are NHS IT commentards and am happy to be corrected but would be surprised if I was.
I'm sure all of us would be happy to migrate to Linux, once we get over the major hurdles of there not being the software, skills or support to run it for everything in the world.
Once that lifetime's endeavor is complete, we'll need to move to some other OS, because the baddies will simply follow where the users are.
If we magically switch Windows for Linux, we'd barely improve the security landscape.
CardioView doesn't work on Linux.
INRStar doesn't work on Linux.
Sullivan Cuff doesn't work on Linux.
UroDiary doesn't work on Linux.
accuRx doesn't work on Linux.
CardioLink doesn't work on Linux.
Crescendo doesn't work on Linux.
DigiScript doesn't work on Linux.
EasyLog doesn't work on Linux.
EMIS doesn't work on Linux.
SystemOne doesn't work on Linux.
JayEx doesn't work on Linux.
MicroLife doesn't work on Linux.
ECGViewer doesn't work on Linux.
ScriptSwitch doesn't work on Linux.
SpaceLab doesn't work on Linux.
Spirometry doesn't work on Linux.
don't you know that all you need is wine and an obscure foss shim and you'll be just fine, everything runs perfectly on linux and you don't worry about spending loads of time to set anything up ever
/s in case it wasn't clear.
make mine a pinot >
I'm sure you are right!
How many work on a Mac? (real question)
But it is a self fulfilling prophecy - won't run, so no demand on other platforms.
There are some very smart GPs doing all sorts of IT development and platform agnostic or FOSS.
I've seen their work on another restricted forum.
There IS an appetite for this. Getting the medical megacorps to respond is harder.
WINE is constantly improving and can help but the real solution is multiplatform support.
Open standards can and do work in helping this - check out what happens with DICOM and the IHE connectathons. It pulled a whole industry into line.
I would argue that when the underlying O/S is so ephemeral in nature, writing robust applications for it is a challenge. MS fall foul of this as much as others, but for smaller developers it can be uneconomic to write software for it.
Dear Ransomware Cretin,
I have a small family gathering at my home tomorrow (Saturday).
My cousins who are the last of my family will be attending.
If I cannot obtain their favourite snack, KP Dry Roasted Peanuts (250g pack) then I will hunt you down and give your nuts the big kicking they deserve.
Yours, without malice aforethought
Mark T.
(Snacks at 3.00 PM - Carriages at Midnight - All welcome, BYOB.)
This has now become positively endemic, yet is is pretty much a solvable problem - for industry at least.
A few years back, before I retired I was seriously impressed when I went to fit a new drive to a timber merchants CnC sawmill. Physically fitting the drive was pretty much standard, but it then had to be configured.
With the drive itself was a telephone number which I had to ring. This got me to one of the manufactures tech bods, who asked for model and serial numbers of both the machine and the drive. He then asked me to enter the configuration page on the machine's control system and confirm that it had a specific ID. At this point I had to enter a password he gave me. Apparently, although the machine was on the network, it was completely deaf and dumb until these steps were taken.
To my surprise, on doing so a small window insert opened with a view of the guy. From then on he handled the setup asking me to confirm various actions were taking place. Finally, he sent a software update, and told me to shutdown the machine, and on restart it would be ready.
P.S. Heidelberg has a variation for their modern printing presses. These are continually sending telemetry to them, and they will then call the print shop to warn them that a part is worn and needs replacing, or if the machine has faulted, they give instructions on the probable cause and where the engineer should look! This again, is pretty hard to defeat, as it's 'send only'.
This can be very useful for all concerned. However, I have encountered questionable antics by printer suppliers to bolster their monthly revenue. The most obvious is the install team configuring the printer to always print in colour rather than using black, resulting in unnecessarily high charges for companies who predominantly require black copies.
Easy to change, sure, but many companies rely on third-parties to do the honourable thing and give them properly configured tools for their job.
Heidelberg presses are a bit different (and a LOT bigger) from a home printer - think newspaper presses instead of the printer/photocopier in the corner of the office. They are also more likely to be sold with a service contract, which takes the sting out of paying for maintenance work.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
