NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
As I posted earlier though, if you have a monthly rollup from a month past March 2017, you're protected. You also then won't see the individual KB update for the separate patch that fixes this issue because the rollup replaces it.
There is no key.
your protected against the over the network attack, but that the initial attack vector is probably going to be email, so for most home users (who have 1 PC) it (probably) makes no difference if they have the patch or not. - though it never hurts to have the latest patches (apart from when they break stuff)
? AFAIK it uses a variant of a standard PKE system - you send payment and the key created for your instance of the infection and it sends back a generated key based on your key that decrypts the files - in theory - sometimes you'll never get a key in return for the money but often you will as it is "good business" for the hackers to provide an actual service in exchange for the money or no one would ever pay.
I'm not sure entirely how it works - but you only need to encrypt even a relatively small part of most files to render them less than useful.
A list of patches, should anyone need it
Windows 10 and Windows Server 2016 update history
https://support.microsoft.com/en-nz/help/4000825/windows-10-windows-server-2016-update-history
Creators Update – 1703
KB4016871 (OS Build 15063.296 and 15063.297)
KB4016240 (OS Build 15063.250)
KB4015583 (OS Build 15063.138)
KB4016251 (OS Build 15063.13)
Anniversary – 1607 and Server 2016
KB4019472 (OS Build 14393.1198)
KB4015217 (OS Build 14393.1066 and 14393.1083)
KB4016635 (OS Build 14393.970)
KB4015438 (OS Build 14393.969)
KB4013429 (OS Build 14393.953)
November Update Threshold 2 – 1511
KB4019473 (OS Build 10586.916)
KB4015219 (OS Build 10586.873)
KB4016636 (OS Build 10586.842)
KB4013198 (OS Build 10586.839)
RTM – Threshold 1
KB4019474 (OS Build 10240.17394)
KB4015221 (OS Build 10240.17354)
KB4016637 (OS Build 10240.17320)
KB4012606 (OS Build 10240.17319)
Windows 8.1 and Sever 2012 R2 Update History
https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history
2017-05 Monthly Rollup - KB4019215
2017-05 Security-only update - KB4019213
2017-04 Monthly Rollup - KB4015550
2017-04 Security-only update - KB4015547
2017-03 Monthly Rollup - KB4012216
2017-03 Security-only update - KB4012213
Windows Server 2012 update history
https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history
2017-05 Monthly Rollup - KB4019216
2017-05 Security-only update - KB4019214
2017-04 Monthly Rollup - KB4015551
2017-04 Security-only update - KB4015548
2017-03 Monthly Rollup - KB4012217
2017-03 Security-only update - KB4012214
Windows 7 SP1 and Windows Server 2008 R2 SP1 update history
https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history
2017-05 Monthly Rollup - KB4019264
2017-05 Security-only update - KB4019263
2017-04 Security-only update - KB4015546
2017-04 Monthly Rollup - KB4015549
2017-03 Monthly Rollup - KB4012215
2017-03 Security-only Update - KB 4012212
Windows Vista, Server 2008, Windows XP and Server 2003
These are different as they are not rollups there is just a standalone patch.
https://support.microsoft.com/en-us/help/4012598/title
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Creators Update – 1703
KB4016871 (OS Build 15063.296 and 15063.297)
KB4016240 (OS Build 15063.250)
KB4015583 (OS Build 15063.138)
KB4016251 (OS Build 15063.13)
Anniversary – 1607 and Server 2016
KB4019472 (OS Build 14393.1198)
KB4015217 (OS Build 14393.1066 and 14393.1083)
KB4016635 (OS Build 14393.970)
KB4015438 (OS Build 14393.969)
KB4013429 (OS Build 14393.953)
November Update Threshold 2 – 1511
KB4019473 (OS Build 10586.916)
KB4015219 (OS Build 10586.873)
KB4016636 (OS Build 10586.842)
KB4013198 (OS Build 10586.839)
RTM – Threshold 1
KB4019474 (OS Build 10240.17394)
KB4015221 (OS Build 10240.17354)
KB4016637 (OS Build 10240.17320)
KB4012606 (OS Build 10240.17319)
Windows 8.1 and Sever 2012 R2 Update History
https://support.microsoft.com/en-us/help/4009470/windows-8-1-windows-server-2012-r2-update-history
2017-05 Monthly Rollup - KB4019215
2017-05 Security-only update - KB4019213
2017-04 Monthly Rollup - KB4015550
2017-04 Security-only update - KB4015547
2017-03 Monthly Rollup - KB4012216
2017-03 Security-only update - KB4012213
Windows Server 2012 update history
https://support.microsoft.com/en-us/help/4009471/windows-server-2012-update-history
2017-05 Monthly Rollup - KB4019216
2017-05 Security-only update - KB4019214
2017-04 Monthly Rollup - KB4015551
2017-04 Security-only update - KB4015548
2017-03 Monthly Rollup - KB4012217
2017-03 Security-only update - KB4012214
Windows 7 SP1 and Windows Server 2008 R2 SP1 update history
https://support.microsoft.com/en-us/help/4009469/windows-7-sp1-windows-server-2008-r2-sp1-update-history
2017-05 Monthly Rollup - KB4019264
2017-05 Security-only update - KB4019263
2017-04 Security-only update - KB4015546
2017-04 Monthly Rollup - KB4015549
2017-03 Monthly Rollup - KB4012215
2017-03 Security-only Update - KB 4012212
Windows Vista, Server 2008, Windows XP and Server 2003
These are different as they are not rollups there is just a standalone patch.
https://support.microsoft.com/en-us/help/4012598/title
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Don
As has already been said, if there wasn't then word would quickly spread, and the "hackers" would make no money from this.
The advice however is not to pay unless it's absolutely essential, due to the cash potentially funding further attacks
Windows 9x isn't effected by the flaw, just NT based systems.
Previously stuff like this has in some cases been linked back to North Korea and even groups like ISIS - bit of a moral dilemma if you think about it :s could be funding attacks of a slightly different nature.
Yes, you would be looking at a ransomware window in front of every other window\browser you have open demanding money to decrypt your now encrypted files, i think i am right in saying it encrypts your files before you see the message first, and in the meantime it will be trying to spread across your network to other devices.
Soldato
It doesnt advertise is quietly encrypting all you files in the background until its done. It also looks for certain file types to encrypt so not everything would get encrypted otherwise your OS wouldnt work
You forget the fun we had back in the day re-installing Windows 98se then all the drivers you need and then all the software you need, then you got back on the internet after 12 hours using a 56k modem, all that every 3 months, just think of the fun times they are going through
Last edited:
- Joined
- 30 Jul 2006
- Posts
- 12,129
In post #655, DJMK4 described receiving an email that referenced his name and home address. This certainly suggests very detailed targeting.
An interesting point - I wonder if that slightly older incident with people getting emails with their name and home address is related - maybe identified in some way as people more likely to be soft targets for this kind of infection - would also explain somewhat the less usual pattern of infections compared to other attacks of this nature.
Certainly an interesting one - lot of people are pointing fingers at things that superficially look likely like phishing but there is a lot that doesn't make sense when you contrast what is known with previous malware/ransomware. For instance even some established security people have glossed over or like the video above its only briefly commented on its ability to side load additional nasty stuff without looking at the implications and/or complications of that and instead focusing on the ransomware.