NHS cyber-attack: GPs and hospitals hit by ransomware

little_pob

VIP Member
VIP Member
Joined
Dec 10, 2004
Messages
8,769
Reaction score
2,480
Location
mmm....padded walls....so soft...
NHS services across England and some in Scotland have been hit by a large-scale cyber-attack.

Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.

NHS England has declared a major incident. The BBC understands up to 25 NHS organisations and some GP practices have been affected.

It comes amid reports of cyber-attacks affecting organisations worldwide.

Ambulances have been diverted and patients warned to avoid some A&E departments.

Continue reading on the BBC News website: NHS cyber-attack: GPs and hospitals hit by ransomware - BBC News

There is a modified version in the wild that does not use this kill switch. If nothing else, members running a Windows OS should ensure they are patched up. (See post 13)
 
You just know that some spotty kid with aspergers and a pc is going to be responsible for this :(
 
I think this is more of a complex attack.
No doubt the Russians will get the blame.
China usually get the blame.
But who ever falls out with the west is always the culprit.

LONDON — Hackers using a tool stolen from the United States government conducted extensive cyberattacks on Friday that hit dozens of countries around the world, severely disrupting Britain’s public health system and wreaking havoc on computers elsewhere, including Russia.

source.......
The New York Times
 
Some experts say that the NHS was more affected due to the fact they still use windows xp and lack of more secure I.T systems - it's a funding issue. I predict that we will all be paying for private healthcare in the next 4-5 years due to the (intentionally created) collapse of the NHS. No government wants the financial drain the NHS is for them and they want it gone. (if you have a tinfoil hat then wear it now lol)
 
It is the ransomware "wanna decryptor" that has hit everywhere.
Its not the fact about Windows XP still being on pc's as the pc's that I know of are Windows 7 patched to the latest MS updates.
The problem is that the NHS use N3 and this has been the cause of so many sites being affected.
The ransonware can be removed by using Hitman Pro.

To be honest its not if but when with ransomware as it only takes one user to open this up.

I know there are IT providers/departments that have been asking for funds to get software to help prevent this happening and the trusts have been stalling on this. Obviously this will get the funds that IT has been asking for.

Only know about some trusts but as soon as this appeared the whole network/servers where taken down and users advised to shut down there pc's while it was investigated.

The AV suppliers were/are working on definition updates.
This will then be picked up by the AV deployment servers and then pushed out to the endpoints.

I believe Telefonica got hit pretty hard.

Now is the time to buy shares in the AV companies lol
 
I've seen news articles saying patient records might have been encrypted (not mine, I didn't let them upload it) but are these not in databases on servers, as oppose to local machines? I thought most of the PCs were pretty much acting as thin clients and smartcard access is needed for anything important. How would the malware have gotten to the databases?

I see a few people in the online paper comments sections saying "just re-image", it takes about a day if I request a rebuild at work and then there is probably some more time for valid certificates and whatnot. It's not an easy thing to do on thousands of clients.
 
An "accidental hero" has halted the spread of the malware virus that caused chaos in the NHS and around the world simply by registering a website domain, according to reports.

A 22-year-old UK cybersecurity researcher known online as MalwareTech, together with researcher Darien Huss from security firm Proofpoint, are credited with finding the "kill switch".

The researchers spotted a long domain name made up of a series of apparently random letters in the malware code and purchased the site, not realising at the time that the move would stop the virus.



Purchase of the domain reportedly cost $10.69 (£8.30), marking a relatively cheap way to put an end to a virus thought to have hit companies and organisations in more than 70 countries.

"I saw it [the site] wasn’t registered and thought, 'I think I’ll have that,'" MalwareTech is reported by The Daily Beast as saying.

The virus, known as WannaCrypt or variations of that name and which utilises a tool developed by the NSA, appears to search the internet for a web address which stops the worm's transmission once activated.

When the site registration was detected by the virus it stopped its worldwide spread.

Connections to the domain have now been "sinkholed" to a server in California.
Last updated Sat 13 May 2017

Taken from ITV News
 
An "accidental hero" has halted the spread of the malware virus that caused chaos in the NHS and around the world simply by registering a website domain, according to reports.

A 22-year-old UK cybersecurity researcher known online as MalwareTech, together with researcher Darien Huss from security firm Proofpoint, are credited with finding the "kill switch".

The researchers spotted a long domain name made up of a series of apparently random letters in the malware code and purchased the site, not realising at the time that the move would stop the virus.



Purchase of the domain reportedly cost $10.69 (£8.30), marking a relatively cheap way to put an end to a virus thought to have hit companies and organisations in more than 70 countries.

"I saw it [the site] wasn’t registered and thought, 'I think I’ll have that,'" MalwareTech is reported by The Daily Beast as saying.

The virus, known as WannaCrypt or variations of that name and which utilises a tool developed by the NSA, appears to search the internet for a web address which stops the worm's transmission once activated.

When the site registration was detected by the virus it stopped its worldwide spread.

Connections to the domain have now been "sinkholed" to a server in California.
Last updated Sat 13 May 2017

Taken from ITV News
The next wave will require the infected to either buy the decryption key or an inflated price domain.
 
I was really worried about what might be disclosed about my health with the recent security breach concerning nhs records.

Because of this I have decided I will not be held to ransom, I have piles !! Are you happy hackers I have piles lol sorry couldn't not lol while I was writing.
 
If you have not yet been exploited, move quickly to close the hole: WannaCry leverages a hole, Microsoft fixed 2 months ago. If you have not installed Windows Security Update MS17-010, please take the time to install the proper patch for your version of Windows and do it quickly:

Code:
You don't have permission to view the code content. Log in or register now.
 
I see someone registered a domain which seems to stop it but some things sound a bit odd.

Does the malware on the individual desktops look for the address the lad registered? All those DNS requests through proxy servers weren't seen? Unless it uses far-end DNS over a tunnel but then the tunnel traffic should have been noticed.

The DNS (if it is using it) propagation is a lot quicker than usual.

Maybe the malware connects to static IP/s but I'm sure that would get noticed.

Anyone any ideas?
 
read that way above me mate no idea hitman pro prevents it also i believe

This exploit works by gaining access to a remote machine via the SMBv1 protocol.
 
Last edited:
I was really worried about what might be disclosed about my health with the recent security breach concerning nhs records.

Because of this I have decided I will not be held to ransom, I have piles !! Are you happy hackers I have piles lol sorry couldn't not lol while I was writing.

Don't panic mate, alimac has the answer...see below. :proud:

If you have not yet been exploited, move quickly to close the hole: WannaCry leverages a hole, Microsoft fixed 2 months ago. If you have not installed Windows Security Update MS17-010, please take the time to install the proper patch for your version of Windows and do it quickly:

Code:
You don't have permission to view the code content. Log in or register now.
 
Last edited:
I did chuckle when I read that. I would like to point out that I don't have piles. The hackers just muddled up my records and I didn't realise as I was pissed.
 
I did chuckle when I read that. I would like to point out that I don't have piles. The hackers just muddled up my records and I didn't realise as I was pissed.

Fecker we have already had a whip round for the preparation H
 
Back
Top