Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com) 64
Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
General VLAN... (Score:2)
Re: (Score:2)
I think it likely also points out the problems with homogeneous systems...centralized systems, and such mandated by the government.
A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.
Re: (Score:3)
Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.
I don't know how things are in the U.K., but I spent a few years working in hospital IT in the U.S. The phones used in patient rooms had to be discarded after ever discharge because of fears of contamination, meaning that it was incredibly expensive to have a rotation of phones coming and going. This made it difficult to transition away from the old analog phone system that was in use.
I didn't get involved with the telephony side of things, so I'm not sure if this entire process was logical or not. I'm n
Re: (Score:2)
The phones used in patient rooms had to be discarded after ever discharge because of fears of contamination, meaning that it was incredibly expensive to have a rotation of phones coming and going. This made it difficult to transition away from the old analog phone system that was in use.
Interesting. The few hospitals I've worked in for IT Support had VOIP phones that most workstations plugged into. We discarded old keyboards like the plague since studies have shown that they are dirtier than toilets and a hospital environment was probably a lot worse.
Re: (Score:2)
Yes you're correct, they had VOIP for IT and admin staff, it was only patient rooms that still had analog.
Re: (Score:2)
[...] it was only patient rooms that still had analog.
My employment contracts prohibited me from being in an occupied patient room, which had the mobile workstations that connected to the wireless network. Never paid attention to the phones inside the patient rooms. I don't know if they were analog or VOIP.
Re: (Score:2)
Umm, why not wrap in disposable plastic bags? Then, once in awhile place old phones in a cabinet lit with UV lighting for 24 hours?
Re: (Score:2)
You'd have to disassemble the handset so that the UV light could access the microphone and internals, on what could potentially be hundreds of phones in a day.
Re: (Score:1)
Isn't that what telephone sanitizers are there for? Maybe we shouldn't have put them all on the first ark?
Re: (Score:1)
If they had had actual competent professionals on staff, they wouldn't have gotten hit with a ransomware attack.
Re: (Score:1)
Re: (Score:2)
Write a blog post about it, bro.
No one wants to read about your butthurt. Go buy yourself some Lady Anti Monkey Butt Powder [amzn.to] to sooth over the pain.
Re: (Score:2)
Even smaller shops tend to have the VoIP stuff on a separate VLAN, just for QoS purposes, to ensure that a doctor calling in a prescription for Prozium or Joy will not get dropped.
It would be interesting to see how this attack happened. A misconfigured AD forest could have allowed for brute-forcing a DA/EA account. Especially if there is no protection against brute force [1]. A lack of physical security could have allowed someone to boot a DC and crack an admin account.
In any case, why wasn't AppLocker r
Re: (Score:2)
Doublepulsar allows remote code execution on windows servers. This allows the ransomware to encrypt entire servers without the need for brute forcing an admin account.
Re: (Score:2)
Doesn't matter. Can you go forward with a treatment if you're uncertain if the treatment is safe, if the patient is in dire need, and so forth? The patient needs anesthesia; are they going to die like Monty Oum if you use one anesthetic rather than another?
Everything in a hospital is critical.
"Ransomware demanded"??? (Score:2, Funny)
"Ransomware demanded"???
So wait. They've demanded that 16 hospitals to give them ransomware?
Isn't the correct business model to give the hospitals the ransomware instead, and then demand ransom?
Is this an altruistic cyberattack? The hospitals give them the ransomware, which they install, and then they give the hospitals money so that the hospitals will send the the unlock code, and they can then move onto the next hospital?
I mean, as an approach to medical billing, it's kind of
.. disruptive, but...
Re: (Score:1)
Re: (Score:1)
The headline still hasn't been fixed yet. So it must be. Msmash wouldn't just leave it there, right?
"Ransomware Demanded" (Score:2, Funny)
Don't give it to them! If you give them ransomware, they're just going to use it to start attacking people and demanding ransoms from their victims.
Re: (Score:2)
Don't give it to them! If you give them ransomware, they're just going to use it to start attacking people and demanding ransoms from their victims.
Hospitals already have their own ransomware. It's call the bill.
terminals not answering back (Score:1)
Not surprised Swiss cheese. NHS malware ransomware terminals not answering back. Ambulance system not reporting incoming patients. Using pen and paper to work out who is in and who is gone home. Unable to answer enquiries about patients. Everything else is working in slow motion not always working. Nationwide.
If the admins were smart... (Score:1)
If they were smart the desktops used to access patient are nothing more than "thin" clients with just an OS that can be PXE booted and re-imaged in short order... and the actual applications that matter would be running in VMs accessed from those clients... and the VMs would have have snapshots to roll back to in case something there gets screwed up...
Then again, if they were smart, they never would have connected systems used for patient care to the internet in the first place... all internet access would
Re: (Score:1)
They're not. The NHS IT infrastructure is a joke. US firms supply systems that never work properly, and yet they're given the next billion £ project without fail. There are millions of machines across the country, each GP office has their own dated PCs, and the networks are flaky at the best of times.
For all the piss-taking IT smug comments
/. will sling, the reality is all systems were shutting down today, phones too. People are being turned away from GP offices and A&E depts. Operations have bee
Re: (Score:2)
Major cyber attack? (Score:5, Insightful)
Busy weekend ahead (Score:2)
Even if this attack is halted soon, it does raise some very pointed questions about resilience in a lot of mission critical systems. CEO phones CIO: 'Are you confident this can't happen to us?' 'Um....'
There are times I'm grateful I'm retired!
Windows? (Score:2)
Are they using Windows computers for sensitive health information?
... morons...
Are they using Windows for mission critical applications?
Re: (Score:2)
When Tony Blair met Bill Gates in 2006 - after kissing Gates' feet and gushing for a few hours about his supreme wonderfulness - Blair signed up for the super huge mega deal, with all the Windows you can eat. (Small print: security is up to you, mumble mumble mumble...)
"Mr Gates, the billionaire software pioneer, had just written a book about how IT could transform economies".
Yeah. Transform them from prosperity to miserable bankruptcy - along with lots of dead and dying patients. And transfer a large slice
Re: (Score:2)
Exactly. Why is this not being addressed more? Using Windows for anything critical is just asking to be a victim like we see here.
Re: (Score:2)
Using Windows in a hospital should be enough to get you fired.
Connecting Windows to a network in a hospital should be enough to get you prosecuted.
Wannacry 2.0 Ransomware (Score:2)
It's been posted online that this is a version of WannaCry v2.0 Ransomware. Apparently it's taking advantage of the SMB exploits that got released last week or so ago. It's probably doing an IP scan inside the LAN from an infected machine, and then attempting to exploit SMB at the other end. That machine gets infected, and so it spreads at an exponential rate. Short version, this is WW III starting level shit!! We'll know soon enough in the next 48 hours around the world
I've come across this virus (Score:1)
Re: (Score:1)
"I've come across this virus. Nasty virus. Really, really bad virus. We're going to stop this virus, and we're going to make Mexico pay for it."
Someone is going to have a bad day.... (Score:3)
Re: (Score:2)
No, more likely a team of experts in the arts of ungentlemanly warfare will arrange for a series of unfortunate events.
Silly malware peoples (Score:2)
The Value of Bitcoin???? (Score:4, Interesting)
is it really that untraceable?
Re: (Score:2)
Re: (Score:2)
Forced health service holds US ransom (Score:1)
Except they don't release you after you pay the money.
Is it time (Score:2)
to start hanging the people that produce this crap?
Re: (Score:2)
And a big thank you very much to the NSA (Score:1)
Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.