Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3] 4 5 6

Author Topic: NHS hit by ransomware!  (Read 4240 times)

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4612
Re: NHS hit by ransomware!
« Reply #30 on: May 14, 2017, 03:41:20 AM »

If it spreads via SMB then I would a very likely way into a 'secure' corporate network with no public access would be...

Member of staff, takes laptop home, where it attaches to his WiFi.

Kids, or Kids' friends, then connect devices of unknown sanitation to same WiFi, malware on said device finds laptop, laptop gets infected.

Next day, laptop is back on corporate network, passes it on....
good point forgot about laptops
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

JGO

  • Reg Member
  • ***
  • Posts: 689
Re: NHS hit by ransomware!
« Reply #31 on: May 14, 2017, 08:04:09 AM »

I made a point elsewhere about the lack of an "Internet OFF" switch, seems a display of the wartime posters "The Enemy is listening " wouldn't be a bad idea either. (Much of Rommel's success was due a US army colonel who ignored security .)
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3182
Re: NHS hit by ransomware!
« Reply #32 on: May 14, 2017, 08:50:11 AM »

One problem nowadays is there's quite a strong social pressure to provide your WiFi password to any reasonably close friends or relatives who visit.   A reasonably safe answer might be to scan their devices for malware first, but people might be offended by that.   And in any case, if the friend were reasonably scurity-aware him/herself, he'd not want to trust my scanning software, especially if I wanted to plug in any flash drives etc.

I've addressed this problem myself by configuring a separate 'guest lan', where devices can access the internet but are isolated each other and isolated from my own machines.  Still there's been times where guests wanted access to the core network, say to access the media server show us some holiday photos, and then it gets awkward...
Logged

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 1145
Re: NHS hit by ransomware!
« Reply #33 on: May 14, 2017, 12:16:36 PM »

When microsoft talk about patching it, are they talking about windows defender? as Avast said its already updated against this ransomware months ago.

I've not heard of Cryptoprevent.. whats the address for it?

I don't understand why people even write these ransomware viruses, except I guess for money. I wonder if bitcoin become more trackable it would discourage people from doing this for money?
Logged
BT Infinity 2 - HG612 & Asus RT-N66U - ECI Cab

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2205
Re: NHS hit by ransomware!
« Reply #34 on: May 14, 2017, 12:40:42 PM »

That's the whole point Bowdon, money and lots of it, the link below talks of a billion dollar industry in 2016. Once upon a time virus's were written just to cause havoc, they soon realised there's lots of money to be made, and that changed the whole landscape.

http://www.cnbc.com/2016/12/13/ransomware-spiked-6000-in-2016-and-most-victims-paid-the-hackers-ibm-finds.html

Apparently some of the ransomware 'companies' for want of a better word have better customer services than a lot of IT companies because they realise that if people don't get their data it would ruin their business model.

https://www.engadget.com/2016/09/09/customer-service-matters-when-it-comes-to-ransomware/
« Last Edit: May 14, 2017, 12:43:35 PM by Ronski »
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3182
Re: NHS hit by ransomware!
« Reply #35 on: May 14, 2017, 01:00:28 PM »

Of course in addition to the NHS, various car makers, Spanish Telecoms, Fedex in the USA etc, that have all been affected this week, we'll probably never know how many organisation were hit but just kept quiet, either wrote off the data or paid the ransom?

It's not the sort of thing they'd boast about after all, but might well make economic sense and also avoid all the public criticism as is being heaped on the NHS.
Logged

c6em

  • Reg Member
  • ***
  • Posts: 490
Re: NHS hit by ransomware!
« Reply #36 on: May 14, 2017, 01:28:56 PM »

Here is a wish request on backup drives and isolation from any nasties jumping to them:

USB powered external drive
I'd like to leave it physically connected.
So I'd like MSWindows to be able to both "disconnect" it AND "reconnect" it via some sort of password protected system application.

That way under normal circumstances my backup drive is isolated from the computer but when I want to do the backup I then reconnect the USB drive and away we go, then I would disconnect after the backup is done.
Currently while I can electronically disconnect the drive via the 'safe hardware removal' icon, to re-connect I have to physically remove the drive's USB plug from the computer and then put it back again.
Logged

Dray

  • Kitizen
  • ****
  • Posts: 2046
Logged

c6em

  • Reg Member
  • ***
  • Posts: 490
Re: NHS hit by ransomware!
« Reply #38 on: May 14, 2017, 02:03:53 PM »

Ah - well, well - most interesting - thank you indeed for the links. I will investigate

As an aside I've just had a circular from my local police neighborhood watch
All good advice

For all your systems and devices:
1 Keep systems and applications patched
2 Have AV software which is also kept updated
3 Create backups on to media which is then disconnected from the computer post backup
4 (More applicable to android tablets etc) Only download from the google/apple stores and do not root/jailbreak.
Logged

petef

  • Member
  • **
  • Posts: 49
Re: NHS hit by ransomware!
« Reply #39 on: May 14, 2017, 03:30:09 PM »

When microsoft talk about patching it, are they talking about windows defender? as Avast said its already updated against this ransomware months ago.

Currently supported MS OSs had a security patch available in March to close off the EternalBlue vulnerability.

Defender (and the other MS AVs) detects and protects against WannaCrypt since a couple of days ago.

They have just released a version of the patch for use with Windows XP, 8, etc.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

So all AVs should now protect against this specific attack. Microsoft have issued patches which must be applied to protect against future attacks exploiting the same security hole.

I have yet to read any security reports about the vector used for this attack. EternalBlue is how it spreads but it must start somewhere on each infected network.

[edit] I see that kitz provided this answer already in reply #18.
« Last Edit: May 14, 2017, 03:53:57 PM by petef »
Logged

tonyappuk

  • Reg Member
  • ***
  • Posts: 586
Re: NHS hit by ransomware!
« Reply #40 on: May 14, 2017, 04:30:40 PM »

Not being sufficiently computer literate myself, can anyone here say if cryptoprevent would have protected against this recent NHS event? I have a burning desire to avoid MS's continual need to update whether it be the whole OS or just patches. It makes me more and more inclined to go with Linux. Unfortunately the time I was attacked by cryptoware it was on Linux although that was a java based version. Life is very difficult these days!!
Tony
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4612
Re: NHS hit by ransomware!
« Reply #41 on: May 14, 2017, 05:31:05 PM »

That microsoft article actually gives some more insight, seems the hardening would have mitigated this attack.

The hardening I carry out disables v1 SMB protocol, and this errata suggests only v1 not v2 is/was vulnerable.

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

petef

  • Member
  • **
  • Posts: 49
Re: NHS hit by ransomware!
« Reply #42 on: May 15, 2017, 11:50:37 AM »

Telefónica have confirmed that the original vector was a dropper linked in an email that was not detected by many engines of antimalware.

The scheme of attack was:
- Phase of infection: Mass spam to e-mail addresses with a dropper download link (the one that download the payload) or exploitation of vulnerable service exposed to the Internet or connection of infected equipment to the local network.
- When downloading the dropper is infected with the ransomware machine.
- From the infected machine the LAN is scanned for computers vulnerable to MS17-10 to infect that computer as well and continue infection. As announced by the CCN-CERT immediately.


The above is a Google translation of this Spanish article.

http://www.elladodelmal.com/2017/05/el-ataque-del-ransomware-wannacry.html
Logged

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 1145
Re: NHS hit by ransomware!
« Reply #43 on: May 15, 2017, 02:45:10 PM »

So it did come through spam emails.

I have to wonder if this isnt a set up to modify or even ban bitcoin. If bitcoin wasn't anonymous in tracking then the money incentive for these attacks would disappear.

Also this seems to have caused havoc because microsoft, on bended knee, wanted to snitch on its users and allowed the nsa to compromise its own product. I wonder if this episode will act as a wake-up call to our government that this is the risk of them wanting to spy on everyone.
Logged
BT Infinity 2 - HG612 & Asus RT-N66U - ECI Cab

petef

  • Member
  • **
  • Posts: 49
Re: NHS hit by ransomware!
« Reply #44 on: May 15, 2017, 03:27:16 PM »

@Bowdon that is not Microsoft's message. They have been quite vociferous that NSA should have disclosed the exploit to MS rather than hoard it for their own good/evil [delete as appropriate] intentions.

https://www.theregister.co.uk/2017/05/14/microsoft_to_spooks_wannacrypt_was_inevitable_quit_hoarding/
Logged
Pages: 1 2 [3] 4 5 6