NHS ATTACKED

Just wait for the lefties to seize on this. “Not on my watch” will be the spin.

Just been talking with my ex RMG colleague who’s now in one of the local Trusts. As soon as they heard they “pulled the plug” to isolate themselves.

Looks like some big organisations on the Continent have been hit today too. Telefonica got mentioned.

Dave Rice wrote:

Just been talking with my ex RMG colleague who’s now in one of the local Trusts. As soon as they heard they “pulled the plug” to isolate themselves. Looks like some big organisations on the Continent have been hit today too. Telefonica got mentioned.

Yes a few from the more thinking end the thought that there was probably a connection with suppliers and the spread of this trouble.The malware appears to be the same strain affecting many different organisations across Europe.

The ‘pull the plug’ reaction might not have been totally necessary but should limit the spread of damage. It will probably take a while to work through the estate to find out which machines have been affected,so get cleaned up and which have remained clean. I trust that someone has taken charge to ensure that access to the network and more particularly its connection(s) are tightly restricted until they are certain that only ‘clean’ machines can participate once more.

The post mortems could be interesting across a number of European locations next week.

I would expect that some bunch of lowlife will feel that they have hit their lucky day while they hope for a bonus. There is are reports that someone(?) might have paid up .

Ars reports that it was US Government’s NSA malware that was the root cause of the problem. As the vulnerability was patched by Microsoft back in March for Windows 7 and upwards, it looks like Dave pinpointed the NHS problems as being due to the service continuing to use obsolete XP machines and servers. Either that or gross incompetence by inexperienced  or untrained IT staff.

It also looks like May’s opponents have been handed a golden Election opportunity on a plate!

Yes, just got back from Tescos and the NSA malware was mentioned. It looks like the NHS has been caught in a new campaign rather than targeted.

The staff I know of are all competent, the troops on the ground usually are, it’s the decision makers at the top that are the issue, especially the bean counters.

Educating the staff does work. As many of you know my last permanent job was AV administrator in the defence industry and we could tell when it had taken place at sites as the calls went up reporting suspicious activity. There were also deliberate internal phishing campaigns that took you to a site saying “you’ve been had” and offering advice.

Expect an immediate injection of (not enough) money for staff awareness and some nebulous beefed up security promise. No heads will roll, of that you can be sure.

I have very recently been in touch with a relation who is currently on leave from his duties. He saw his colleagues earlier today and they confirmed that his work place and trust have not been hit but took action to block all internet access. As far as they knew the plans worked well and no damage was caused.

There is a greater issue, it is dead easy to blame the staff, the technology, etc. until the cows come home. The attack is global and some dick heads will pay/have paid, will they get their data back? The crooks will make some money and bit coin will get another notch in its bed post of shame. The only answer might appear be to disable links from e-mails until they were verified – except that another trick would be found to play to human factors, social engineering, etc.

The only certain fact is that it involves far more than the NHS which for our parochial reasons is hitting our headlines.

Do not wait up late for any FEDEX parcels over the next few days and a few other items may be about to crawl out of many bits of the wood work. At least DHL are still working OK and giving updates.

Yes, it’s getting thrown out of all proportion by the rolling news bods. Some of the “experts” they had on in the first hour were cringworthy and some clearly didn’t know it was ransomware but kept on about selling the data that had been stolen.

Another suggested switching to back up servers. What? Spinning up some new hardware is a piece of pi$$ now with virtualization. It’s the data stupid.

Unfortunately the XP issue is not a false claim. Just have a look at the screens you see when next visiting, I always do. I’ve seen a smattering of 7 machines but most are XP. The NSA vulnerability was patched and I would expect even the most slothful to have deployed it by now, except of course that XP machines were not included. Also from experience (patching the estate was one of my jobs) the success rate is not 100%, either because the patch fails or a PC is turned off and doesn’t catch up as fast as the phishing email gets delivered when it is.

Even when you are aware a major incident could be taking place it takes time to shut things down. There is no magic red button on a console somewhere ala James bond movie.

The last big outbreak I was involved in, indeed the only one I’ve known to bring an organisation to a stop, was Sasser back in 2004.

The patch had been issued but large scale patching tools weren’t in general use so patching was non existent. It took 3 days to clear that up and all that was required was to run the patch on each PC. All sites were isolated from each other until the network boys had blocked port 445 on the switches, but that was in the days of local server hardware so only email was really shutdown.

There was no data compromised in that one and the patch took 2 minutes to run. This one is going to be a doozy. The PCs will have to be rebuilt and I know how long it takes to do sites of 150+ PCs when we’ve done mass o/s upgrades and how many extra hands were needed. Then all the servers and data stores could be compromised too, will be where PCs had direct access through a mapped drive. Even if the data is clean it takes a long time to do a full restore of big data stores.

Might be keeping my eyes out for some short term contract work.