NHS! Attacked

[User33236]

There is no whole NHS it is a series of independent organisations operating under the umbrella ofvthe NHS

It is almost like a franchise

Yep, I know that but in England it is much more fractured than in Scotland. Even then I know, again in Scotland and in my line of work, information is much more freely shared and there are plans afoot to take the sharing of information further.

This attack, though, goes beyond one 'franchise ' being pitched against another and that to be put aside for the greater good.

 

[screenman]

Two factors at present from what we have been told: -

1) Some Trusts/CCGs haven't applied patches to the servers leaving an opportunity for the ransomware to be able to deploy across a network
2) McAfee AV software caught it and the firewall stopped it whereas another AV software didn't catch it and it got into the system then propagated

A 3rd factor will be the speed at which IT services for those affected were able to isolate the system to prevent it spreading further.

This will need a long hard look at as it will not be the last time we see this attempted on the IT systems within the NHS and in fact, any organisation.

Why had they not applied the patches? was it as some say down to money or another reason.

 

[classic33]

Yep, I know that but in England it is much more fractured than in Scotland. Even then I know, again in Scotland and in my line of work, information is much more freely shared and there are plans afoot to take the sharing of information further.

This attack, though, goes beyond one 'franchise ' being pitched against another and that to be put aside for the greater good.

Which is probably why only one of those affected was mentioned. Bring in a central database for storage, again.

No mention of any other systems being hit. Which was the odd part.

 

[Shut Up Legs]

I love these

Keep them going with inept following of their instructions and after about ten minutes ask if the little Apple logo is relevant

They tend to hang up

Having a private phone number, I don't get any such calls. Which is almost a pity: I'd love to string them along, while they tell me to open Task Manager, Windows Explorer, etc. and I tell them I can't find them, until finally I mention that typing "uname -a" in a bash window gives the kernel version, and is that any use to them?

 

[User33236]

Having a private phone number, I don't get any such calls. Which is almost a pity: I'd love to string them along, while they tell me to open Task Manager, Windows Explorer, etc. and I tell them I can't find them, until finally I mention that typing "uname -a" in a bash window gives the kernel version, and is that any use to them?

Completely unrelated to his thread but along a similar theme as above I had a bloke call me at home a number of years ago trying to sell conservatories.

There being nothing much on TV that evening I played along expressing great interest in what he was selling, asked loooaaadds of questions. Finally, about 45 minutes later, I agreed he should come round for a idea on plans and costings. Just before we ended the call he asked did I have any final questions.

I said "yes,..... I presume it's not a problem that I live in a first floor flat?"

 

[DaveReading]

Having a private phone number, I don't get any such calls. Which is almost a pity: I'd love to string them along, while they tell me to open Task Manager, Windows Explorer, etc. and I tell them I can't find them, until finally I mention that typing "uname -a" in a bash window gives the kernel version, and is that any use to them?

A bit OT, but In my experience, the scammers aren't fazed by attempts to outsmart them, they just cut you off (maybe with a few choice words to you first) and then get on with their next call.

But, as you allude to, what does p*ss them off (if you have time to spare) is playing with them for an hour or more, thereby denting their revenue by preventing at least one individual from scamming anyone else during that time.

 

[Buck]

Why had they not applied the patches? was it as some say down to money or another reason.

Who knows? Complacency? Incompetence? Poor procedures? All of these malware rely on these factors and with their 'spam' approach they drop lucky and catch the vulnerable.

The trouble with a lot of NHS systems is that they are built on a particular Operating System and just don't get upgraded which increases their vulnerability to malware - legacy systems as they like to call them!

 

[Nigel-YZ1]

Why had they not applied the patches? was it as some say down to money or another reason.

There have been instances where updates have killed applications or even computers.
This has led to a culture of delaying updates until they can be tested on neutral machines first. In Windows 10 the totally automated updating can be delayed by a few weeks.

Unfortunately the capability to delay can lead to complacency or a fear of updating.

 

[ufkacbln]

Completely unrelated to his thread but along a similar theme as above I had a bloke call me at home a number of years ago trying to sell conservatories.

There being nothing much on TV that evening I played along expressing great interest in what he was selling, asked loooaaadds of questions. Finally, about 45 minutes later, I agreed he should come round for a idea on plans and costings. Just before we ended the call he asked did I have any final questions.

I said "yes,..... I presume it's not a problem that I live in a first floor flat?"

We did similar and ten offered to bring the Tent in for the work

After all that had been talking about plastic windows

 

[byegad]

Our GPs surgery wasn't affected, but my repeat prescription, requested electronically on Saturday, is delayed by a day as they did a very cautious boot up on Monday, delaying my Tuesday collection one whole day! No big deal I always order repeats with some time in hand.

I do hope they catch the perpetrators of this world-wide scam and give them a nice free trip halfway across the Pacific ocean before asking them to get out and make their own return arrangements. Being a mean minded vindictive SoaB. If left to me their exit from 30,000 feet over the Pacific would be gravity assisted without the benefit of a parachute.

 

[winjim]

Well my PC has just been remotely rebooted without warning for the fourth time today. Good job I wasn't doing anything important...

 

[psmiffy]

As a by-product - the level of spam (the spam that i allow - marketing from companies i buy things from et.al.) dropped away to almost zero over last weekend - a week later it still has not returned to pre-attack levels

 

[Chromatic]

Labour will ban all hacking ...

Nationalise hacking.
Legislate to the detriment of the hackers terms and conditions.
Hackers go on strike.

Problem solved, simples.

 

[Tin Pot]

Why had they not applied the patches? was it as some say down to money or another reason.

There are a number of reasons, not least - where to start?

A reasonably sized enterprise will have upwards of a million patches not deployed. The infrastructure or vulnerability manager has limited budget and resources, and usually no authority to patch. And gaining authorisation is in the world of political science.

 

[Tin Pot]

2) McAfee AV software caught it and the firewall stopped it whereas another AV software didn't catch it and it got into the system then propagated

This is unlikely to be true - McAfee released updates for VSE (e.g. AV) and HIPS/NIPS on Tuesday. It would have to have been the more advanced McAfee offerings in place to catch this last Friday.