NHS computer systems hacked!?

Hi, Brothers PC just had something a bit weird happen, Windows defender came up with this warning twice 'Some potential threats could not be resolved!'. Any idea what that means? Its a fully patched Win 10 machine.
 
TheVoice said:
Hardly, you can't pin the blame on the IT staff if they're just having to work with what they've got.
Click to expand...

It is an IT problem of course you can blame the IT staff for it! Someone needs a kicking for something a stupid as this tbh... and that starts with the person in charge of IT and rolls downwards.
 
Of course IT staff, IT users, spending on IT and existing protocols can be blamed.

If I get ransomware on my PC today it will be my fault.

I won't sit back and just say, oh well it wasn't just me.
 
dowie said:
It is an IT problem of course you can blame the IT staff for it! Someone needs a kicking for something a stupid as this tbh... and that starts with the person in charge of IT and rolls downwards.
Click to expand...

If an organisation is having to run on a 15 year old OS with various other bits of legacy software in use, it's because there isn't enough investment in IT. It's not really a case of "Why didn't they apply a patch?" when the systems in place don't have a patch to apply in the first place.
 
There's talk on another forum that this might be the establishment shooting itself in the foot.

WannaCryptor is a ransomware tool, the chaos caused by this incident comes from the fact that it is able to jump from computer to computer using EternalBlue/MS17-010/SMB, a vulnerability developed by the NSA and released into the wild by Shadow Brokers.

It's patched but Of course an organisation such as the NHS cannot just click 'update now' without due diligence testing.

In March, Microsoft patched the SMB Server vulnerability (MS17-010) exploited by ETERNALBLUE, and it's clear that some people have been slow to apply the critical update, are unable to do so, or possibly just don't care.

The fix is available for Windows Vista SP2, Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2, Windows Server 2016, and Server Core. If you have an older vulnerable system, such as XP or Server 2003, you're out of luck.
 
I don't think patches are or version of os is the problem here.

Details from Spain's National Cryptology Centre on which computer systems are being affected:
  • Microsoft Windows Vista SP2
  • Windows Server 2008 SP2 and R2 SP1
  • Windows 7
  • Windows 8.1
  • Windows RT 8.1
  • Windows Server 2012 and R2
  • Windows 10
  • Windows Server 2016
Click to expand...

It's just a basic, don't activate random email malware.

Transactions on the bitcoin address in that picture, not made much there, but I guess there could be multiple addresses used. And you wouldn't expect many people to pay.
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
 
The ransomware is using an NSA exploit leaked by The Shadow Brokers, and has made tens of thousands of victims worldwide, including the Russian Interior Ministry, Chinese universities, Hungarian telcos, FedEx branches, and more.
Click to expand...

My heart is full.

:D
 
Dolph said:
Given that it uses an attack vector that requires either windows xp or massively negligent patching practices in later versions of Windows, the attacks on the nhs for being negligent still stand.
Click to expand...

Assuming the NHS infrastructure is up to date enough to receive the critical security patches released in March, (see my post above, and assuming it was that exploit) they will then have to test them, they are not in a position to just click 'update'.

I don't think any fingers can be pointed until we know for sure the nature of the exploit that was used.
 
Sasahara said:
I don't think patches are or version of os is the problem here.



It's just a basic, don't activate random email malware.

Transactions on the bitcoin address in that picture, not made much there, but I guess there could be multiple addresses used. And you wouldn't expect many people to pay.
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Click to expand...

The problem looks to be propagation via the eternal blue exploit, which means that once someone opens the mail on an unmatched pc, it can then spread to other unmatched systems on the network without user intervention.

As this was patched 2 months ago as a critical patch, it should have been prioritised and completed now.

The big problem with the nhs is that a lot of it is still on xp, which is 15 years old now and no longer being patched at all.
 
mattyfez said:
Assuming the NHS infrastructure is up to date enough to receive the critical security patches released in March, they will then have to test them, they are not in a position to just click 'update'.

I don't think any fingers can be pointed until we know for sure the nature of the exploit that was used.
Click to expand...

Of course, but 2 months is more than enough time, even in a large enterprise environment, to test a patch and deploy it.

The bigger problem is that a lot of the nhs is still running xp.

In december last year, the figure was 90%

http://www.theinquirer.net/inquirer...-trusts-are-still-running-windows-xp-machines
 
Dolph said:
The problem looks to be propagation via the eternal blue exploit, which means that once someone opens the mail on an unmatched pc, it can then spread to other unmatched systems on the network without user intervention.

As this was patched 2 months ago as a critical patch, it should have been prioritised and completed now.

The big problem with the nhs is that a lot of it is still on xp, which is 15 years old now and no longer being patched at all.
Click to expand...

Yeah I guess once someone had done the initial fail, it's then the down to the poor/ageing IT infutructore/policy that one incident could spread to a large part of the network. If that is indeed the case.
 
Dolph said:
Of course, but 2 months is more than enough time, even in a large enterprise environment, to test a patch and deploy it.

The bigger problem is that a lot of the nhs is still running xp.

In december last year, the figure was 90%

http://www.theinquirer.net/inquirer...-trusts-are-still-running-windows-xp-machines
Click to expand...

Problem is getting systems off old OSes, etc. isn't easy - I work for a large company and I think we finally got rid of the last ME system last year and XP just before that as the money was finally there to complete the procedure and replacement for bespoke software finally into place, etc. even with the best intentions the logistics can make migrating to newer platforms difficult.
 
If I was to put money on it, it would be some inept person with too many IT privelidges clicking a dodgy email on an obscelete system.

The holy Trinity of how not to do IT.

But I'm reserving judgement for the moment.
 
You must log in or register to reply here.
Back
Top Bottom