NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
Windows patches alone won't protect against this kind of crypto-malware.
Just fire out lots of emails.
In my experience of previous cryptolockers (Odin, locky, zepto) we've only ever had to wipe paitent zero as it were, the device that the .exe first ran from. All others were not infected with the program itself, just needed the data recovering.
What files are encrypted? .docs, xlxs, pdf etc? It just data that should be easily recoverable from backups.
I doubt the program has shifted itself into other machines through a network file store and ran itself without being detected by an AV.
If it has then that's rather brilliant to be fair.
I don't think it has got out in the usual way, like via an email, i think it has been sat dormant, another user said the same earlier, there are other companies having the same issues, one's like Telefonica, it seems targeted because there are quite a few organisations affected.
If that is the case, and the NHS' 1.7 million employees are clicking away 24/7, why hasn't this occured years ago and on a frequent basis?
I've always assumed at home the only way to completely avoid a loss in the event of a crypto malware on the network is separated external backup - aka a hard disk with all the data on it in a box - stored at another location
maybe I'm just too cautious though
maybe I'm just too cautious though
I think that is what it is doing at the moment
Targeted imo.
Nope in this day and age it is a sound strategy - I keep the critical contents of my NAS box regularly snapshot to a couple of external USB drives in rotation that are stored separately so I always have an offline copy.
Could be time delayed - depends a bit what variant of the malware this is - some are crafted for different types of attack without specifically being targetted at a hospital like organisation and exploiting stuff like IoT devices is starting to become a thing though I've not seen much in the way of that in the wild yet.
If it is on the NHS backbone (N3), that is run by BT, Telefonica are infected, i wonder if BT has caught this virus on N3 NHS network.
Like you say it is delayed it seems.
e: http://www.bbc.co.uk/news/technology-39901382
Worldwide. That is some major attack:
Last edited:
Soldato
- Joined
- 21 Oct 2011
- Posts
- 22,381
- Location
- ST4
Will anybody be surprised when it transpires that the thing originated in Russia and the Russian authorities, when asked for help, just say "/meh"?
This, these ransomware viruses are a nightmare and have been around for a while. We've had a few odd cases of them at work but nothing that's ever become widespread.
Closest we came was when someone got some ransomware that started encrypting files on a network drive as well, luckily we caught it pretty early and stopped it.
I don't think so.
There's no way the NHS will pay the ransom and the high profile of it means it'll get thoroughly investigated - both in terms of who did it and how it happened in order to stop further infections.
Not only will the attacker get no money, they'll also be less likely to be able to infect other users who might have paid.