how did it spread my monies on
Be interesting how this has spread. Lots of talk, mainly be numpties, on the radio about the NHS System as if it’s some massive system that everybody in the NHS is connected to. Whereas you’ve got trusts and individual GP surgeries and even dental practises being hit, barring in mind those are pretty much totally separate sites divorced from systems in hospitals etc, there’s no way SMBv1 traffic is going to by magic make its way around various sites on its own . My money is on an email that members of staff at each site have opened independently, or a common NHS website that has been compromised and that has sent the malware out when individuals have accessed that site.
Lots of XP boxes still in the NHS hence the vector of SMBv1 would make sense as that tends still to be used for backward compatibility and there will be lots of old bits of legacy rubbish floating around in the NHS. And as XP isn’t support it ain’t been patched!
Going to be a right old buggers muddle of a job to sort out glad I don’t work in any form of NHS IT. Anyone from an NHS site that's been shafted got a comment? (probably up to their nuts in sh1t so we'll understand if you don't!)