Originally Posted by Mick (Post 35898549)

Some GP's said to be using just Pen and Paper.

Ransomeware appears to demand $300 Bitcoin payment to decrypt files.

Originally Posted by OLD BOY (Post 35898552)

They have back up, though, don't they? Mind you, if as I have heard they are still using Windows XP, this might have been totally avoidable had they updated their systems.

Originally Posted by Uncle Peter (Post 35898568)

So it appears this nasty bit of kit is using the leaked NSA vulnerability which attacks the SMB filesharing protocol behind part of the Windows network infrastructure. There have been warnings kicking about over this for weeks.

This was the focus of those critical Windows security updates in the middle of last month so it looks like someone (for one reason or another) is behind in their patching :doh:

Originally Posted by heero_yuy (Post 35898553)

The issue is not the OS but the idiots that click on links in e-mails. That's how the systems got infected. That WILL happen to any system running any version of Windows.

Originally Posted by Matth (Post 35898608)

Wondering if whitelist security / captive app list (eg. "child account") would have stopped this in it's tracks.

Sure, the old version of windows may be a hindrance, but when there is only a clearly defined set of apps that should be run, locking down permissions should greatly increase security

Originally Posted by RizzyKing (Post 35898596)

Anyone that blindly clicks links should be fired imo it's not as though this issue is new or not heard of and it's just not acceptable these days for anyone to do it. I can't remember where i read it but some security company sent out an email with the header of "i love you" with an attachment that apparently showed who loved them and clicking on the attachment sent a message to the security company that it had been opened 10k sent and over 6k reported back it's crazy how many people will do it. Blaming the OS is the easy way out and sounds good to those who don't know any better but if an idiot is at the desk at the right time no OS can protect when it's told not too.

Originally Posted by RizzyKing (Post 35898596)

Anyone that blindly clicks links should be fired imo it's not as though this issue is new or not heard of and it's just not acceptable these days.

Originally Posted by denphone (Post 35898621)

Even a idiot like me knows one should not do that.

Originally Posted by denphone (Post 35898621)

Even a idiot like me knows one should not do that.

Originally Posted by Maggy J (Post 35898648)

Apparently there 'should be' back ups..

Originally Posted by Mr K (Post 35898649)

'should be' are worrying words. If we had a central NHS system, this wouldn't be in doubt.

Originally Posted by heero_yuy (Post 35898650)

Central system: One DDOS attack and the whole NHS goes belly up. Brilliant! :rolleyes:

Originally Posted by Mr K (Post 35898656)

Do you not think it handy, that all your GP/hospital records, results, x-rays, should be available to any Dr. at the click of a button? The NHS is still dependent on faxs !. The IT industry seriously let the country down again on a big project and reaped the profits.

Originally Posted by pip08456 (Post 35898657)

One possible way to mitigate this type of attack would be for emails to be opened in a sandbox.

The cost for businesses to implement throughout their network could be prohibitive.

A back-up on the other hand costs a damn site less. Any Hospitals down today???

---------- Post added at 10:44 ---------- Previous post was at 10:33 ----------



What planet are you on?

I go to the doctor with say a knee complaint, he sends me the the hospital for an X-ray.

When I go back to him he clicks on a button and can see the X-ray result on screen and can make a decision on treatment.

This actually happened to me and enabled me to have a knee replacement within a year!

No FAX's!

Originally Posted by Mr K (Post 35898665)

The planet of having a wife who works in the NHS. Running out of fax toner brings the clinic to a halt.

Originally Posted by Osem (Post 35898681)

Put all our eggs in one NHS basket and fax issues in a clinic extrapolated to NHS issue. What a crock of...

:rofl:

Originally Posted by pip08456 (Post 35898609)

I doubt it as it operates via a type of backdoor. Once activated it looks for any other machine vulnerable on the network and infects them. That machine then does the same so the rate of infection is expotential, thats how it's been so successful in such a short time.

All because a 2 month old security patch wasn't installed by the relevant IT departments of the companies.

Originally Posted by pip08456 (Post 35898755)

Originally Posted by Sirius (Post 35898766)

If Microsoft was not so hell bent on moving everyone to there super dupper windows 10 :rolleyes: and instead kept on updating the security of previous OS's that people paid good money for then this might not of happened so easily. The fact that they have released this patch shows they can do it.

Originally Posted by papa smurf (Post 35898767)

if we didn't have progress we would just grind to a halt ,this is the governments fault for not investing in the technology not microsoft's for developing it

Originally Posted by Osem (Post 35898769)

Maybe MS could just develop products which don't have so many serious vulnerabilities that require patching in the first place. ;)

Originally Posted by Damien (Post 35898771)

An XP machine connected to the internet is a recipe for disaster.

Originally Posted by heero_yuy (Post 35898776)

I beg to differ, my XP SP2 machine is permanently connected to the net, has never been patched since the OS was installed over 10 years ago and does not get infected. The issue is NOT the age of the OS but the stupidity/naivety of the staff using the computers.

This worm affects all versions of windows upto and including W10.

Originally Posted by Damien (Post 35898771)

XP is a very old operating system at this point and for major architectural changes they need to move on with new releases. XP was supported for 12 years and the British government had a contract for even further support which they, foolishly, cancelled in 2015. How long can Microsoft be expected to continue providing support for an operating system released in 2001? The world has moved on.

As papa smurf said the fault here lies with the Government and the NHS. You simply cannot justify using XP so long after it's release and long past it's generous support window ending. They had more than enough time to to update or commission new software that was dependent on XP. They had more than enough time to update the hardware. Microsoft have been aggressively warning about the end of support for over 5 years.

An XP machine connected to the internet is a recipe for disaster.

Originally Posted by arcimedes (Post 35898773)

Well you can always use Apple instead :D

Originally Posted by RizzyKing (Post 35898790)

I actually saw on a gaming forum someone admitting they were now opening any email so they could see what this does and it was ok because if anything happened to his laptop he would get his dad to sort it out. Suddenly made it clear to me how these things spread so quick.

Originally Posted by Osem (Post 35898785)

lol The NHS would be bankrupt if they did that. ;)

I've managed to stay trouble free since the days of Win 3.1 (touching wood :erm: ) so quite happy with with what MS have provided. Then again I don't go surfing dodgy sites and blindly clicking on every email I receive.

I know personal responsibility seems to be going out of fashion in some areas of our lives but maybe HMG should launch a new public information campaign. How about:

THINK before you CLICK!!

Originally Posted by Damien (Post 35898801)

Yup.. Although you can also get infected from visiting mainstream sites. There are cases where someone manages to place malicious code into those ad networks which in turn exploits a bug in the browser or OS to install itself and then game over man, game over.

Originally Posted by heero_yuy (Post 35898875)

That's why I use a script blocker. It's the most likely way for a malicious website to gain access to your machine. I also blacklist all those trackers that target advertising.

Originally Posted by MarkC1984 (Post 35898894)

One thing that strikes me as odd about the timing of this attack. It seems weird it has only happened in the run up to a General Election, where Labour are facing oblivion. Conspiracy theorists will have a field day with that one.

Originally Posted by Uncle Peter (Post 35898899)

Nah, Occam's razor usually applies. This was almost certainly some miscreant trying to make a name for themselves and possibly a few bob in the process without thinking about their actions. If whoever did this had anything between their ears they'd target a single organisation and not wage a speculative campaign against all comers. Imagine if a metal thief tried to steal a whole electricity pylon and the cables while the power is still on. Lots of people will notice and nothing will end very well.

Due to the nature of the exploit used it was only a matter of time and the warnings in security circles were kicking about for weeks.

Originally Posted by heero_yuy (Post 35898875)

That's why I use a script blocker. It's the most likely way for a malicious website to gain access to your machine. I also blacklist all those trackers that target advertising.

Originally Posted by Damien (Post 35898771)

As papa smurf said the fault here lies with the Government and the NHS. You simply cannot justify using XP so long after it's release and long past it's generous support window ending. They had more than enough time to to update or commission new software that was dependent on XP. They had more than enough time to update the hardware. Microsoft have been aggressively warning about the end of support for over 5 years.

Originally Posted by Uncle Peter (Post 35898945)

The NSA can take some of the damn rap for this for not being able to control their staff and their data.

If you're going to code vulnerabilities into an OS with stolen source code and/or people on the inside at Redmond then at least keep it under lock and key and give the key to someone who can be trusted to look after it.

Originally Posted by Paul M (Post 35898944)

You cannot keep up to date with a patch that doesnt exist. MS only released them for XP today.

Originally Posted by Paul M (Post 35898942)

Aside from the fact it takes a long time to do such things, its also incredibly expensive and complex.
(do you know how many computers the NHS has ?, last estimate I heard was in the hundreds of thousands).

Just imagine the cost of liceces for all of them, plus many would not have the hardware to support newer windows versions, so that needs replacing as well, and then there is huge amount man power needed to change them over.

Its not some 5 minute job.

Originally Posted by Pierre (Post 35898949)

Originally Posted by Sirius (Post 35898947)

And Microsoft can carry some of the blame for having a OS full of holes. Blame can be pointed at anyone if the cap fits :)

Originally Posted by Damien (Post 35898951)

And there is no excuse for them not patching Windows 7 and 8.

Originally Posted by Damien (Post 35898951)

That is probably referring to Windows 7 and 8.

Originally Posted by Sirius (Post 35898941)

Can you do that with chrome ?

Originally Posted by pip08456 (Post 35898657)

One possible way to mitigate this type of attack would be for emails to be opened in a sandbox.

The cost for businesses to implement throughout their network could be prohibitive.

A back-up on the other hand costs a damn site less. Any Hospitals down today???

Originally Posted by Stuart (Post 35899069)

Problems caused by the fact that although the bank's customer facing hardware and software is relatively new, it's using backend servers that were installed in the 80s, or in some cases, the 70s.

Originally Posted by Stuart (Post 35899069)

Backups may or may not be helpful. If the trojan hit several weeks ago, and has been silently encrypting/decrypting the files, then any backups are likely to be encrypted. Especially if the machines running the backups are vulnerable.



The NHS, like any large organisation, has old and new hardware. When I worked for my old hospital (back in the early 90s), most of the administration was done on PCs of various vintages, but the patient records were only available on terminals that had been installed in the 70s. Terminals that I am told were in use until the early 2000s when the hospital was demolished and replaced with a state of the art new one. Now, we do have a system in place where things like X rays are available electronically, and our GP (at least) is registered with the NHS Epatient system, so we can book appointments and request repeat prescriptions through the web, iPhone or Android app.

It's not just public organisations that suffer it. Look at the problems experienced by customers of certain banks. Problems caused by the fact that although the bank's customer facing hardware and software is relatively new, it's using backend servers that were installed in the 80s, or in some cases, the 70s.

Originally Posted by heero_yuy (Post 35899155)

On the contrary it's the move away from mainframes running UNIX to networked PC's running Windows that has made our infrastructure so vulnerable.

Originally Posted by Mr K (Post 35899070)

Problem is IT is seen as a 'back office function', and what little money going the politicians and public have demanded to go to the front line (nurses/drs/medicines). The frontline isn't any good with out the services to support it . It all comes back to money, which ever way it tries to be spun. Blaming poor management won't wash, if that was wholly the reason, why can't the NHS attract/afford decent managers ?

Originally Posted by OLD BOY (Post 35899843)

Yes, but this really isn't good enough. The money needs to be apportioned appropriately between direct services and administration. The administration needs to be efficient and not just bolster the bureaucracy. The trouble is, everyone gets caught up in sound bites and no-one is tacking the actual problem. The direct services (nurses, doctors, etc) all rely on an efficient administration which will provide them with systems, policies and equipment they need and so squeezing administration is not necessarily going to improve the lot of the medical staff.

The administration needs to be properly focussed on the needs of the staff providing direct services instead of getting hung up on the kind of nonsense they come up with such as unnecessary reorganisations that make no real difference to the provision of services.

It is really quite worrying that a huge layer of bureaucracy (the Primary Care Trusts) have been abolished with no discernable impact on the provision of services.

Seriously, the NHS does not need an ever increasing amount of money, it needs a generous dose of efficiency in the way it is managed.

Originally Posted by pip08456 (Post 35905329)

Most likely idiots again opening attachments from sources they don't know.

Originally Posted by papa smurf (Post 35905369)

ok here top story hillsborough criminal charges

take that back its ken clark now


the home page is all over the place

Originally Posted by pip08456 (Post 35905329)

Most likely idiots again opening attachments from sources they don't know.