Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 4 5 [6]

Author Topic: NHS hit by ransomware!  (Read 4955 times)

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3235
Re: NHS hit by ransomware!
« Reply #75 on: May 16, 2017, 11:06:35 PM »

I'd like to sincerely aplgogise to the forums for my suggestion there was anything good about Apple.  In particular, I apologise for suggesting that Apple was safer from malware, compared to Microsoft.

I am of course entitied to my opinion that Apple products are rather good, and I have tried to quantify that opinion by measured technical discussions.  But I need to be more sensitive to the forum's preferences, and to toe the line.

I will therefor make no further comment in this thread.
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2274
Re: NHS hit by ransomware!
« Reply #76 on: May 17, 2017, 06:26:14 AM »

7LM, I'm sorry that you appear to be aggrieved by what I wrote, it was certainly not my intention and was also my own opinion, and I actually agreed they may well be more secure.
Logged

c6em

  • Reg Member
  • ***
  • Posts: 493
Re: NHS hit by ransomware!
« Reply #77 on: May 17, 2017, 08:39:30 AM »

Letter in Yesterday's Times from ex boss of GCHQ
Basically blames Microsoft along the lines of MS was told, had fix, knew that XP was being used by lots, it was a mega hole and they did nowt.

https://www.thetimes.co.uk/article/former-spy-chief-accuses-microsoft-over-hacking-35xkg7xzm

Looks like we might be moving in the direction of General aviation where a product is "supported" when it comes to critical airworthiness issues occurring forever, while not being supported for spares etc as its out of production - often by decades.  Those aircraft where the manufacturers have ceased to exist being called orphaned.
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 2707
Re: NHS hit by ransomware!
« Reply #78 on: May 17, 2017, 10:05:38 AM »

There is an awful lot of noise here about which system are secure or not or which systems are more/less likely to be hit. I think what everyone needs to remember is that if you are online you ARE exposed and may well get hit, yes some systems are better at protecting you from malicious installs than others but no one is immune. There are all sorts of things you can do to help but probably the most common reason for getting hit is either doing nothing about security or opening random files from someone you do not know or trust and that is what the hackers are relying on. I do feel that other systems like Linux and even Apple will become greater targets in future especially Apple tablet and phone type devices (as well as Android of course) as they are so common now. If only we could get Joe Public to take the idea of personal security and responsibility very seriously then we may start to reduce the impact.

On a slightly different tack I am worried about some of the media hype about all this, they seem to me to be promoting the idea that it is all someone else's responsibility/problem and are not making enough of the reasons why everyone should be careful.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG3925-B10B

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 38618
  • Penguins CAN fly
    • DSLstats
Re: NHS hit by ransomware!
« Reply #79 on: May 17, 2017, 11:15:21 AM »

I agree 100% with your last point, Stuart. We live in a world in which people always look for someone else to blame when things go wrong. Of course several organisations could (and should) have done more, but if there was better observation of basic security principles at user level, it would be much harder for malware to gain entry.
Logged
  Eric

Bowdon

  • Content Team
  • Kitizen
  • *
  • Posts: 1203
Re: NHS hit by ransomware!
« Reply #80 on: May 17, 2017, 11:21:40 AM »

I was suggesting Apple's too 7LM! :)

I've also been reading today about Windows 10 S https://www.microsoft.com/en-gb/windows/windows-10-s

Apparently its a very locked down microsoft only version of Windows 10, so everything has to be verified by microsoft to run. In effect its a white listed OS. I wonder if this is their answer to the recent problems as it'll be much more difficult for a virus program to actually run without it being approved.

http://www.techradar.com/news/windows-10-cloud-release-date-news-and-rumors

http://www.zdnet.com/article/is-windows-10-s-for-you-the-good-the-bad-and-the-target-users/
Logged
BT Infinity 2 - HG612 & Asus RT-N66U - ECI Cab

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4878
Re: NHS hit by ransomware!
« Reply #81 on: May 17, 2017, 11:37:30 AM »

its an improvement but the whitelisting should be under the control of the administrator not the OS vendor.

Also in regards to smart screen, I agree its a definite improvement over what they did in the past but its not a true whitelist filtering mechanism, its a cross between blacklisting and whitelisting, it wont outright block programs with a neutral reputation and doesnt block if the internet is down.

I probably came across as very anti microsoft in my earlier post, I acknowledge they cannot just change the OS in one night removing established features as that would alienate an aweful lot of users, they need to strike a balance, of course some things are just down to bad decisions by microsoft tho which they only have themselves to blame for.

Of course as well each establishment is responsible for their own deployments, so its also wrong for someone like the NHS to blame microsoft, it is true if they were patched they likely would have only very limited damage (original compromise via email), not the mass spread via SMB.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2274
Re: NHS hit by ransomware!
« Reply #82 on: May 29, 2017, 08:16:16 AM »

Found this,  which might be useful to some, but far too late for the majority.

Wanakiwi tool decrypts WannaCry files across all Windows versions, as long as you've not rebooted.

http://www.bit-tech.net/news/bits/2017/05/22/wanakiwi-decrypts-wannacry/1

Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 2707
Re: NHS hit by ransomware!
« Reply #83 on: May 29, 2017, 09:50:23 AM »

Found this,  which might be useful to some, but far too late for the majority.

Wanakiwi tool decrypts WannaCry files across all Windows versions, as long as you've not rebooted.

http://www.bit-tech.net/news/bits/2017/05/22/wanakiwi-decrypts-wannacry/1

Good find. It is interesting that this tool utilises another hole in M$ systems where the private key exists in memory until the next reboot. It has also been suggested that this other hole is there at the behest of some well known 3 letter acronym organisations - I could not possible comment  ;) ;)

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:ZyXEL VMG3925-B10B

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 2274
Re: NHS hit by ransomware!
« Reply #84 on: May 29, 2017, 10:27:27 AM »

It wouldn't surprise me in the slightest.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 30142
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: NHS hit by ransomware!
« Reply #85 on: May 29, 2017, 08:30:33 PM »

Good find.  However this bit "It can only operate if the system has been recently infected and not rebooted since, " could be problematic.

I should imagine the majority of users would shut down the PC as soon as they see they are infected. :(
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

phi2008

  • Reg Member
  • ***
  • Posts: 334
Re: NHS hit by ransomware!
« Reply #86 on: June 06, 2017, 02:59:00 PM »

I'm suprised that the nhs hospitals even had sophos doing their anti virus stuff.. i assumed it was windows defender.. but now i think about it, does xp even have a built in av ?

I think while its good to look in to the technical capabilities of windows versions I think its also important to keep things in context. I'm not aware of any other patched up OS getting hit. It only seems to be xp. Which suggests the issue was actually fixed and the group who did it knew that the institutions liked used xp.


The exploit didn't infect XP machines - the exploit scanner scanned them and decided not to infect(wrongly - code was taken from Metasploit). Everyone was raving about XP in the media - XP didn't get infected over the network, it would be OSs later than that that were spreading it.  :)
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3235
Re: NHS hit by ransomware!
« Reply #87 on: June 06, 2017, 07:38:14 PM »

The exploit didn't infect XP machines - the exploit scanner scanned them and decided not to infect(wrongly - code was taken from Metasploit). Everyone was raving about XP in the media - XP didn't get infected over the network, it would be OSs later than that that were spreading it.  :)

A quick search yields many media reports confirming what you say. :)

That does not surprise me.  Malware writers are far more likely to target recent or current OS versions, simply because that is where they'll find the greatest number of vulnerable systems.   The fact that the old systems are no longer updated is compensated by the fact there will always be plenty of nice juicy vulnerabilities, even if not 'new', in more modern OS.

It could even be argued (with some caution) that a valid defence is to always run old versions, where possible.   Note the smiley, this is meant tongue in cheek.   Mostly, or for debate in a separate thread at least.   :D


Logged

phi2008

  • Reg Member
  • ***
  • Posts: 334
Re: NHS hit by ransomware!
« Reply #88 on: June 06, 2017, 09:40:35 PM »

I think it was more of a scanner mistake than design, if you manually infected an XP machine it would infect other network PCs like any other - as I said they just copied some Metasploit code AFAIK.
Logged

petef

  • Member
  • **
  • Posts: 53
Re: NHS hit by ransomware!
« Reply #89 on: June 08, 2017, 02:22:10 PM »

Informed opinion is now that XP was neither infected nor used to spread the malware. At worst it would BSOD. The spread and damage was on later Windows that had not been patched.

https://www.theregister.co.uk/2017/05/31/windows_xp_probably_too_primitive_to_spread_wannacrypt/
Logged
Pages: 1 ... 4 5 [6]