NHSbuntu is currently being developed - I know linux isn't bulletproof but it should help.
NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
NHSbuntu is currently being developed - I know linux isn't bulletproof but it should help.
Quite likely those originally involved in it going into the wild are Russian, North Korean or other parts of Asia - good luck extraditing them
EDIT: Which is another issue with regard to paying the ransom - good chance the money is going to end up funding something dubious.
Finding those responsible for it being introduced to the wild, not necessarily the author, can be done - any ransom payments, etc. have to go somewhere and even with bitcoin, etc. in the mix they've had success before tracking those people down.
Track an anonymous bitcoin wallet down?
Not possible unless you can somehow link the wallet to real information.
I doubt people writing software like this are stupid enough to not set it all up properly.
Often it isn't the people writing the software that tend to be the ones involved in releasing it into the wild and those that do are often not skilled coders, etc. themselves.
EDIT: Also finance forensics, etc. is increasingly becoming a lot more capable of dealing with things like bitcoin - pull enough attention on yourself i.e. a big attack like this that could get the full attention of law enforcement and even one little slip up will likely get you caught.
Soldato
- Joined
- 31 May 2009
- Posts
- 21,457
This is why we have GCHQ, this is why we have armed forces, this is a threat to our nations security, it should be met with destruction of a building containing those responsible in any (non-nuke owning) nation with a bloody cruise missile.
Such things might be traceable, but all the man hour and money the country loses to call centre in Nigeria/India, and such things are not be traced or tracked or countermeasures put in place, they wouldn't allow such theft or action directly against a company/structure/department, so why allow it electronically.
Blast them apart. Its about time a nation took direct action. If you don't wish to bomb them, send in an SAS capture/kill team.
Send a lesson worldwide, you can hack us, but expect consequences.
Permabanned
- Joined
- 15 May 2006
- Posts
- 4,107
- Location
- London
Why are people angry at the hackers? If IT staff do not want to update software then its the IT staff that are responsible for the mess.
Plus they'll be off site backups. Well you'd hope so anyway.
Lol what?!
That's like saying 'Why are people angry at murderers. If you didn't want to be shot you should have traveled in an armoured car'.
I find it quite amusing because they've been told and warned so many times. Now look what has happened.
Why wont they listen or take advice.
Jeremy Corbyn will probably want to open a dialogue with them if he gets into power
Permabanned
- Joined
- 15 May 2006
- Posts
- 4,107
- Location
- London
Simple patching would have prevented attack, why are the systems not kept up to date? Laziness? we cant be bothered? it wont happen to us? what is their excuse for not keeping vital systems like these up to date?
Hardly, you can't pin the blame on the IT staff if they're just having to work with what they've got.
In any case, I imagine this happens far more often than is actually reported, considering the number of public sector organisations running on old software and systems. I know of a big one in Scotland that got hit with cryptolocker about 18 months ago, it was never made public.
I'm not sure that's the case. If the user whose machine is infected has authenticated access to the files, are they not encrypted regardless?
If I download a virus on my PC, I want the perpetrator hit by a cruise missile!
We don't know if it is just local PCs affected by a shared drive.
We don't know if it is just local PCs affected by a shared drive.
As bad as it is for the NHS this was just a matter of time. Working in the energy sector I see and hear so called "cyber security experts" on almost a daily basis. Many couldn't spell IT but know the buzzwords.
Their ignorance to control and SCADA systems is astounding. Some day they will be next.
Their ignorance to control and SCADA systems is astounding. Some day they will be next.
Protecting files and networks from viruses isn't new. Don't need security experts.
Just need appropriate patching of PCs with access to critical drives as well as up to date virus/malware detection.
As well as restricting heavily the ability to launch executables.
Permabanned
- Joined
- 15 May 2006
- Posts
- 4,107
- Location
- London
It seems some trust have better IT Teams than others who think patching is important.....
Permabanned
- Joined
- 15 May 2006
- Posts
- 4,107
- Location
- London
https://www.theregister.co.uk/2016/12/08/windows_xp_nhs_still/?mt=1494614070144
The NHS is still running Windows XP en masse, two and a half years after Microsoft stopped delivering bug fixes and security updates.
Nearly all of England NHS trusts – 90 per cent – continue to rely on PCs installed with Microsoft’s 15-year-old desktop operating system.
Just over half are still unsure as to when they will move to a replacement operating system.
Fourteen per cent reckoned they’d move to a new operating system by the end of this year, and 29 per cent reckoned the move would happen “some time” in 2017.
Windows XP is not receiving any security updates from Microsoft, meaning health service PCs are wide open to hackers and malware.
The data on the NHS' use of Windows XP comes courtesy of a Freedom of Information request from Citrix, which approached 63 NHS trusts and received responses from 42.
An FoI request from Citrix made in July 2014, three months after Microsoft’s deadline to move off Windows XP, had found 100 per cent of NHS trusts were dependent on the operating system.
The Reg first reported in early 2014 how vast sections of the UK public sector was set to miss Microsoft’s April 2014 kill date for XP.
The government had agreed a temporary framework support agreement with Microsoft which guaranteed delivery of special security patches for a year.
That agreement ended on April 14 2015 after it was decided not to go for a second year.
Individual government departments and agencies were free to sign their own extended support agreements with Microsoft. ®
The NHS is still running Windows XP en masse, two and a half years after Microsoft stopped delivering bug fixes and security updates.
Nearly all of England NHS trusts – 90 per cent – continue to rely on PCs installed with Microsoft’s 15-year-old desktop operating system.
Just over half are still unsure as to when they will move to a replacement operating system.
Fourteen per cent reckoned they’d move to a new operating system by the end of this year, and 29 per cent reckoned the move would happen “some time” in 2017.
Windows XP is not receiving any security updates from Microsoft, meaning health service PCs are wide open to hackers and malware.
The data on the NHS' use of Windows XP comes courtesy of a Freedom of Information request from Citrix, which approached 63 NHS trusts and received responses from 42.
An FoI request from Citrix made in July 2014, three months after Microsoft’s deadline to move off Windows XP, had found 100 per cent of NHS trusts were dependent on the operating system.
The Reg first reported in early 2014 how vast sections of the UK public sector was set to miss Microsoft’s April 2014 kill date for XP.
The government had agreed a temporary framework support agreement with Microsoft which guaranteed delivery of special security patches for a year.
That agreement ended on April 14 2015 after it was decided not to go for a second year.
Individual government departments and agencies were free to sign their own extended support agreements with Microsoft. ®