Jump to content

Ransomware cyberattack

Sophelia

By Sophelia,
in General Chatter

Recommended Posts

Sophelia Council Member

Sophelia

Posted
Posted

I've been waiting for a thread to pop up on the board about this, but nothing, so I'm starting one.  Basically it looks like a ransomware attack was set up to attack computers using windows XP which didn't have the most recent patches, due to a vulnerability.  So it's affected random people and organisations across the world.  I think it hasn't affected the US as much (so far) which is where a lot of boarders are from.  But it's massive news in the UK because among the computer systems affected are many of those belonging to the National Health Service.  So their systems are incapacitated with a message saying all their data has been encrypted and asking for a (not yet enormous) payment in bitcoins to get it back.  Computer and phone systems have been turned off/incapacitated for some hours as IT services are trying to fix the problem.  Affected hospitals and surgeries have had to cancel all operations, appointments etc. and have A&E only, as they don't have access to any patient records.

Read about it here:

http://www.bbc.co.uk/news/health-39899646

http://www.bbc.co.uk/news/technology-39896393

https://www.theguardian.com/technology/2017/may/12/global-cyber-attack-ransomware-nsa-uk-nhs?CMP=twt_gu

 

Link to comment
Share on other sites
Robin Of House Hill Council Member

Robin Of House Hill

Posted
Posted

It is what happens when you use a network that is a security nightmare, using obsolete software, without scanning email attachments, used by personnel who are clueless about the technology they are using who have been inadequately trained.

Critical data, whether government, or business, needs to be on a totally separate, secure network with substantially different protocols than the internet.

Link to comment
Share on other sites
Inigima Council Member

Inigima

Posted
Posted

Yeah I hate to say it but this is basically an exercise in worst practices. Windows XP has been end-of-life for quite a long time now, and we accept a frankly insane level of incompetence with computers as normal. 

That's not to blame people for falling for these scams -- they have gotten increasingly sophisticated and convincing. But that only makes proper infosec procedures all the more critical. Critical infrastructure on Windows XP. The mind reels.

Link to comment
Share on other sites
Luzifer's right hand Council Member

Luzifer's right hand

Posted
Posted
22 minutes ago, Inigima said:

Yeah I hate to say it but this is basically an exercise in worst practices. Windows XP has been end-of-life for quite a long time now, and we accept a frankly insane level of incompetence with computers as normal. 

That's not to blame people for falling for these scams -- they have gotten increasingly sophisticated and convincing. But that only makes proper infosec procedures all the more critical. Critical infrastructure on Windows XP. The mind reels.

The funny thing is that most ATMs run on XP too... (I googled it after an ATM crashed while I was using it about a year ago and I saw the boot screen). 

Link to comment
Share on other sites
Larry of the Lawn Council Member

Larry of the Lawn

Posted
Posted
3 minutes ago, Commodore said:

as with most new technologies, criminals are the first to prove in a use case

In Airheads Brendan Fraser, Adam Sandler, and Steve Buscemi demand a football helmet filled with cottage cheese as part of the ransom when they hold the radio station hostage.  

Link to comment
Share on other sites
ants Council Member

ants

Posted
Posted
6 minutes ago, Commodore said:

as with most new technologies, criminals are the first to prove in a use case

Nobody laughed at its ability to be used by criminals. That was always one of the issues with it.  

This type of  attack has also been performed on US hospitals. One paid the ransom last year.

 

Link to comment
Share on other sites
Pebble thats Stubby Council Member

Pebble thats Stubby

Posted
Posted

I didn't realise it was an Windows XP attack.   

 

We still use XP in a few of our machines.    we have tried very hard to get totally rid of them, but with a few we just can't.  these have been locked down tight with Solidcore.  or running in embedded mode and on a separate NPN network with no outside access.   Basically the ones we have that the outside world could potentially see if you can get past the firewall, you can't write to the hard drive to anyway.   and where we need to write to the hard drive they are on a separate part of the network.

 

Also all of our data is backed up every night.  and the backups go back months so we can get stuff back even if we do loose it on the local PC's.   + the PC's are encrypted already.

 

however I am not surprised it happened to the NHS.  with all the cuts being made, updating IT is one of the last priorities.  Especially when the IT department is only seen as needed when things go wrong and invisible the rest of the time.    Also I'm better the general computer knowledge of the Non IT staff is probably not that good.  People don't know not to open strange e-mails and attachments It only takes one person.    

 

 

The last thing anyone should do in my opinion is to pay the ransom.  you have no idea what else they may do to your PC while removing the encryption.  that to me looks like a very dangerous thing.   I guess if you really really need the data and have no other way.  but then you need to re-stage the PC afterwards.  

but really no body should run a PC without some kind of back up strategy since Hard drives fail and then you can loose everything anyway.

Link to comment
Share on other sites
Morin Commoner

Morin

Posted
Posted

This attack works on all Windows Versions before Win10. It also spreads via a SMB vulnerability, so opening eMail attachments in not required to be infected.

There is a Windows Update from March (link) that fixes this vulnerability.

An interesting sidenote: this attack uses tools allegedly developed by the NSA, which were recently leaked (source).

Link to comment
Share on other sites
Werthead Council Member

Werthead

Posted
Posted
Quote

 

Critical infrastructure on Windows XP. The mind reels.

 

The NHS has been trying to update its IT infrastructure for years but the UK government has refused to pay for it, so the blame is squarely on them.

When I was working for them last year, one of the jobs I was doing was working in records. Tens of thousands of patient records weren't even on the computer system, they were stored in a massive warehouse behind the hospital. Runners had to come in and find the right record and whisk them off to the ward that needed them. In 2016. Absolutely mind-boggling.

Link to comment
Share on other sites
Ormond Council Member

Ormond

Posted
Posted
13 hours ago, Commodore said:

I remember everyone laughing at bitcoin in this forum a few years ago...

Commodore, the fact that these criminals are asking for their ransom in bitcoins has absolutely nothing to say about whether or not bitcoins are the currency of the future. All it shows is that these criminals, like most people who would have the skills to pull this off, are geeky enough to know what bitcoins are.

Link to comment
Share on other sites
maarsen Council Member

maarsen

Posted
Posted
1 hour ago, Loge said:

The vast majority of the computers affected are in Russia: https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

I wonder what makes Russian PCs so much more vulnerable. Pirated versions of the OS? 

Using older computers is what makes them vulnerable. Especially if you are still running XP. Last year our hospital got rid of the last of our old computers, running Windows XP. These were old enough to have floppy drives. Maybe they were sold to Russia.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...