back to article UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, …

Page:

  1. WibbleMe

    Has some one been sending emails again?

    1. LDS Silver badge

      The Register:

      13:22 "'Jaff' argh snakes: 5m emails/hour ransomware floods inboxes"

      14:22 "NHS hit by 'cyber attack', at least one hospital shut down"

      Coincidence?

      1. Anonymous Coward
        Anonymous Coward

        Rang my local hospital at about 13:00. They told me their IT systems had been down for about the last two hours.

    2. Anonymous Coward
      Anonymous Coward

      I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you..

      This is Avery good reminder why windows is such a security cesspit, and unless you need to run Windows stuff, you are far more secure running a Chromebook with its signed read-only runtime.... It's pretty much unhackable

      1. Robert Baker

        "I suspect it also might be related to Windows preferring to execute emailed malware rather than than scan it. It nicely removes the user actually having to click anything, windows takes care of executing it for you."

        That isn't a Windows vulnerability per se, it's an incompetently-written-email-client vulnerability. This is one reason why Pegasus Mail deliberately doesn't execute any code in an email, unless of course explicitly asked by the user to do so.

    3. Anonymous Coward
      Anonymous Coward

      That's what comes of still running Windows XP!

      At least if they ever get to Windows 10, it's a continual incremental upgrade platform and the problem of needing to go through a major upgrade every few years goes away...

      1. Anonymous Coward
        Anonymous Coward

        >At least if they ever get to Windows 10, it's a continual excremental upgrade platform

        FTFY.

    4. Anonymous Coward
      Anonymous Coward

      It appears the source IP address is...

      It appears the source IP address is ...

      Conservative Central Office.

      Conservative Central Office are still trying to find the culprit, but they suspect:

      Theresa May / Amber Rudd.

      (Well if you can't win support for full access to encrypted communications, what better than to stage a ransomware attack on the NHS, to further your cause)

      1. Anonymous Coward
        Anonymous Coward

        Re: It appears the source IP address is...

        You, sir, are a first-class c**t. This situation is not any sort of funny, nor is it an excuse to make crass "jokes" like this.

        1. Gordon 10 Silver badge

          Re: It appears the source IP address is...

          Sweary AC. You're not from round these parts are you?

        2. Anonymous Coward
          Anonymous Coward

          Re: It appears the source IP address is...

          Who said it was meant as a joke? It was meant to put across a serious point. Due Diligence. Encryption is getting scapegoated here, when this really boils down to lack of resources, poor management - updating/securing systems, poor choices regards Software.

          There is a narrative here being fed to the press, who are lapping it up, printing it all as gospel (especially the Guardian's coverage), typically aimed at the technically illiterate, to cause change (I believe regards encryption laws),

          What better way to achieve your goals/press that point, than hype up a very emotive "encryption target", where the general public will have difficulty understanding the full picture of the encryption attack, instead, they will be swayed by the emotional aspect of its effects.

          It all plays very well for new laws regarding the use of encryption, which lessen, rather than stengthen their own security, without them realising. This is exactly the sort of techniques that will be used to force "change" (regarding encryption law) through.

          Yes, the effects are real, but like anything, systems will be back to normal in a week, the real effects on encryption laws/personal privacy (long term) could be the real attack vector in this.

          1. hoola

            Re: It appears the source IP address is...

            Lack of resource and funding is correct to a certain extend. One of the real issues is the equipment that has to use Windows XP because the supplier either no longer exists or it is too expensive to replace. Million pound scanners that are perfectly serviceable simply cannot be replaced because the OS of a control PC is unsupported. With many of these very high tech, high cost and low volume systems, there really is very little option.

            The armchair experts that only look after a few hundred PCs and a handful of servers simply do not understand the problems.

        3. Anonymous Coward
          Anonymous Coward

          Re: It appears the source IP address is...

          Well sir, I for one are sniggering as I stopped using that virus vector-ware called MS Windows in 2008. The brill thing about Linux is YOU have control, and can cut out as many application packages as you wish, making your installed system smaller, simpler and therefore much easier to manage.

          You choose. I'm sniggering.

        4. Anonymous Coward
          Anonymous Coward

          Re: It appears the source IP address is...

          OH but it is ...it so is

          Because it highlights that the clowns that run IT in most major orgs are clueless - but think they are gods gift

          And now thay have just been bitten and bitten hard ...

      2. bombastic bob Silver badge
        Boffin

        Re: It appears the source IP address is...

        scanning port 445, which SHOULD be blocked at the firewall. but apparently is NOT.

        According to THIS web site, the worm in question scans for vulnerabilities on port 445. This is an old problem which most net-savvy people BLOCK for incoming packets of any type. Yes, you do NOT want "teh intarwebs" accessing your SMB ports. EVAR.

        So it looks like blocking those SMB ports (445, 139) from "teh intarwebs", and (potentially) blocking SMBv1 access on your network PERIOD, are 2 ways of mitigating this problem.

        some technical info here:

        https://www.hackbusters.com/news/stories/1532486-player-3-has-entered-the-game-say-hello-to-wannacry

      3. Rob D. Bronze badge
        Facepalm

        Re: It appears the source IP address is...

        Hmmm but no. This all undermines Rudd's position - the NSA had their zero-day back door and, ooops, the crims eventually got hold of it. OK so it's years after it was created and the vendor has officially patched it (at least for the supported OSes) but that doesn't appear to be stopping it now being used to wreak havoc on a reasonably global scale (caveats re early speculation apply).

        Please can we have more of that kind of hole deliberately built in to the fabric of our communications infrastructure because the security services and government will be very careful to never, ever, ever let it out in to the wild. Ever.

    5. Domquark

      If it has come in on an email, then it says a lot for Trend Micro's cloud-based email scanning service they provide for the NHS.......

    6. Anonymous Coward
      Anonymous Coward

      Oh, I do so hope the US gets hit really badly. Like Americans funding the IRA until 11/9 - what goes around comes around...

  2. censored

    Strong and stable network

    1. Anonymous Coward
      Anonymous Coward

      Who Gains ?

      1. 0laf Silver badge

        Probably a misunderstanding by the attackers. Ransomware is probably quite effective against US hospitals and they may have made an assumption that all hospitals will pay to resume service.

        Or it's just collateral damage from a massive email spam list which includes hospitals. That'll be why they are hitting all parts of government as well.

        1. Naselus

          It's international. UK, Spain, Italy, China, Russia, Vietnam, Kazakhstan and Taiwan so far reporting massive numbers of infections.

          1. Anonymous Coward
            Anonymous Coward

            Details from Spain's National Cryptology Centre on which computer systems are being affected:

            Microsoft Windows Vista SP2

            Windows Server 2008 SP2 and R2 SP1

            Windows 7

            Windows 8.1

            Windows RT 8.1

            Windows Server 2012 and R2

            Windows 10

            Windows Server 2016

            1. PTW
              Pint

              Eh?

              A down vote for posting details from Spain's National Cryptology Centre?

              Weirdo down voter Foxtrot Oscar & you can have an up vote [and beer] from me

              1. Pookietoo

                Re: Eh?

                Perhaps the thumbdown didn't agree that later systems are vulnerable? But those are the affected systems reported at www.ccn-cert.cni.es

                1. Robert Baker
                  Flame

                  Re: Eh?

                  "Perhaps the thumbdown didn't agree that later systems are vulnerable?"

                  Affected system != vulnerable system. The Spanish report covers those systems which were infected (and as I have said before, downvoting a fact doesn't make it false); it doesn't distinguish between those with unpatched vulnerabilities, and those with dumb users who click on dodgy links such as those "YOUR COMPUTER IS AT RISK!!!!!" ads we have all seen.

            2. Anonymous Coward
              Anonymous Coward

              Details from Spain's National Cryptology Centre on which computer systems are being affected:

              Microsoft Windows Vista SP2

              Windows Server 2008 SP2 and R2 SP1

              Windows 7

              Windows 8.1

              Windows RT 8.1

              Windows Server 2012 and R2

              Windows 10

              Windows Server 2016

              No specific target then...

            3. Anonymous Coward
              Anonymous Coward

              Linux...

              Can't see Linux on your list.

              1. Anonymous Coward
                Anonymous Coward

                Re: Linux...

                No Specific Target then...

                (It was meant as Sarcasm)

          2. Stork Bronze badge

            Portugal too

            - I heard on the news. Not sure how much, they mention NHS as worst hit.

      2. Anonymous Coward
        Anonymous Coward

        He who closes the tickets

        In the large, paperless hospital I currently work in, HP's performance is measured by the number of tickets they generate and close rather than any problems they actually solve. I'm sure their performance will be way up in the coming days.

      3. Anonymous Coward
        Anonymous Coward

        Expect them to engineer a scare story every day now until polling day.

    2. Anonymous Coward
      Anonymous Coward

      Tough on Health. Tough on the causes of Health.

  3. Sgtpanda

    Ransomware

    Looks like ransomware https://twitter.com/asystoly/status/863027172453351424 , let's wait and see how they spin this into a "complex zero-day state-sponsored attack"

    1. David 155

      Re: Ransomware

      Spin? What makes you think cyber warfare is not a possibility?

      1. wolfetone Silver badge

        Re: Ransomware

        "Spin? What makes you think cyber warfare is not a possibility?"

        Because in warfare you destroy the opponents assets. You don't lock them up and demand a ransom.

        1. Chemist

          Re: Ransomware

          "You don't lock them up and demand a ransom."

          You might not now but in medieval times it was the best way of becoming rich

          1. Alumoi

            Re: Ransomware

            You might not now but in medieval times it was the best way of becoming rich.

            It works pretty darn good for Microsoft, Adobe and their ilk. Have the paying beta testers... erm, customers locked into the Windows OS and demand increasing ammount for each forced update.

          2. wolfetone Silver badge

            Re: Ransomware

            "You might not now but in medieval times it was the best way of becoming rich"

            Look, I know after 7 years under a Tory lead bollocks job of a government it feels like we're in the medieval times. But we're not. Have faith, pip pip and make June the end of May.

            Thank you x

            1. Anonymous Coward
              Anonymous Coward

              Re: Ransomware

              Yes, hand everything back to Labour and see what happens when they waste money on the normal crap and then realise there's no more gold to sell off. Oh wait a minute, they could always copy Gordon Brown with his "once-in-a-lifetime, never to be repeated" annual raid on private pensions. Or maybe use Corporation Tax to pay for everything. Or maybe they really will pay their new Thought Police £30 a week like Dianne Abbot said, and use the remaining law enforcement budget to fund their pipe dreams.

              If Blair and Brown hadn't quite emptied the covers before they got voted out, they came very close. We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing.

              1. This post has been deleted by its author

              2. Anonymous Coward
                Anonymous Coward

                Re: Ransomware

                "We might not liker the Tories much, but at least they don't rob us blind, sell us down the river and then plead innocence when asked what the hell they thought they were doing."

                Tory lie #1 for the last 10 years : that Labour caused the 'great recession', spend all the money, bankrupted the country etc, and therefore are not 'strong and stable'. Only an utter fool would think that Tone and Gordy caused the financial crisis of 2008. They sure did some fucked up repugnant shit : an unnecessary war being just one. Many, many things caused the 2008 financial problems. To assume that this small island and it's leaders at the time had *anything* to do with it is folly.

              3. Anonymous Coward
                Anonymous Coward

                Re: Ransomware

                O, the political corner. Yipee!

                Well, they could build lots more houses to both force down house prices and rents. They could even get local councils to build lots of council houses to help out. This could be easily funded using the same magic money tree they use to fund university education.

                More houses mean cheaper houses, mean cheaper rents, mean more money to use in the real economy, means more economic activity, means more jobs, means more people are better off, means a better life for everyone.

                Of course it won't happen because those who are doing quite nicely now, thank you very much, while sitting on their arses doing nothing other than raking in the rents, will do everything they can to stop it.

            2. Anonymous Coward
              Anonymous Coward

              Re: Ransomware @ wolfetone

              "Look, I know after 7 years under a Tory lead bollocks job of a government it feels like we're in the medieval times. But we're not. Have faith, pip pip and make June the end of May."

              Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc.

              I'm on the right wing, and I despise May as a meddling, incompetent lightweight without any strategic vision. I certainly won't be voting for her. But equally, I won't be voting for the the mad, sociliast-fundamentalist, academic, blundering Corbyn.

              1. wolfetone Silver badge

                Re: Ransomware @ wolfetone

                "Err, what sort of performance would you expect if the Tories lose? Corbyn wants to drag us back to the 1970s, so can you imagine the sort of big-state approach he'll be having on IT? I can remember eating by candlelight because the government was at odds with the employees of the state-owned electricity industry. "Party lines" installed by the sluggish, expensive, incompetent GPO. A state owned motor industry that signed its own death warrant through endless strikes and poor quality. Etc etc."

                In short: a much better life than what I've got under the Tories.

                Your arguments regarding Corbyn are completely wrong and misplaced. The idea of privatising the rails, energy etc was so that the infrastructures and rolling stock could be upgraded and improved. Instead the only thing to improve on the rails is the increase in ticket prices and over crowding. Likewise with energy, increases of energy bills yet no movement or improvement on the whole.

                All the money paid to privatised companies wouldn't leave the UK then, it'd stay in the country. The Rail/Energy would become not-for-profit, meaning any profits were put back in to the industries. What's the problem in that?

                Furthermore, with your inaccuracies in your question lead me to believe you've never read anything other than The Daily Fail et al about him and his policies. Bet you still think he ran a photographer over, don't you?

            3. Anonymous Coward
              Anonymous Coward

              Re: Ransomware

              "Look, I know after 7 years under a Tory lead"

              You know the conservatives massively increased spending on the NHS in real terms over what the last Labour government spent right? Have you seem the alternatives?! Anything is better than the socialists and Corbyn.

          3. JLV Silver badge

            >You might not now but in medieval times it was the best way of becoming rich.

            Four score dozen ecus, or your sorry ass will be encrypted in my oubliettes.

            I oscillate myself between wanting to see:

            a) the lowlives targeting hospitals getting frisky with an iron maiden.

            b) strapping whoever is ultimately responsible* for XP still being used (or at least networked) naked on a horse, daubed with honey and released near a huge swarm of deer flies.

            * yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks.

            1. Simon Bramfitt
              Thumb Up

              Re: >You might not now but in medieval times it was the best way of becoming rich.

              I'd be more than happy to vote for all of the above

            2. Doctor Syntax Silver badge

              Re: >You might not now but in medieval times it was the best way of becoming rich.

              "yeah, I know it's not necessarily the sysadmins' fault, but somewhere, some people, either incompetent IT or managers, decided it was acceptable to connect an OS that is now 2 yrs out of even extended security support to wider networks."

              You may have to look a little further back than that. Maybe at some business that was writing current applications but has now been bought and re-bought by some bigger business and somewhere along the chain the application development has been discontinued, maybe the source lost and runs on nothing newer than XP.

              There's no silver bullet.

          4. Robert Baker

            Re: Ransomware

            "You don't lock them up and demand a ransom."

            You might not now but in medieval times it was the best way of becoming rich

            Ever wondered why the phrase "worth a king's ransom" came into being? That's because it originally wasn't just a metaphor.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019