NHS ATTACKED

[RSB]

http://www.bbc.co.uk/news/health-39899646

GPs are resorting to using pen and paper, according to the Blackpool Gazette newspapers, and phone and IT systems have been shut down. :mail:

Americans: Over Sexed, Over Payed and Over here, Wat Wat!

[doctoryorkie]

Just wait for the inevitable ramblings on here. B-)

Laptop T420 i5 8GB SSD 2x Spinners Optimus GFX
HTPC 5350 8GB SSD 2x Spinners Antec 300
Desktop 2700K 16GB Revo x2 GTX570SC Antec900
Server N54L 8GB SSD 6x Spinners HD6450

[RSB]

:good: I will have to keep an eye on the cpu temps :yahoo:

Americans: Over Sexed, Over Payed and Over here, Wat Wat!

[Dave Rice]

It’s been waiting to happen. A lot of their systems are still on XP. Under investment and lack of knowledge at the top of the Trusts and Dept of Health.

It’s ransomware so I hope their data backups are robust. All the PCs will probably need to be rebuilt. I expect this will take ages to recover from.

[doctoryorkie]

Just wait for the lefties to seize on this. “Not on my watch” will be the spin.

Laptop T420 i5 8GB SSD 2x Spinners Optimus GFX
HTPC 5350 8GB SSD 2x Spinners Antec 300
Desktop 2700K 16GB Revo x2 GTX570SC Antec900
Server N54L 8GB SSD 6x Spinners HD6450

[Ed P]

I obviously missed something – I thought that this was one of the first of Agile’s failures, and had been abandoned. link

It caused me to try and find what system the Hunt idiot has promulgated  in its place. All I could find is this:

“Operating with an ‘open-to-all’ approach and creating a collaborative workspace for all involved to find digital solutions for the NHS.With a rich asset and resource catalogue and a multitude of contributors, Code4Health is a fantastic sandpit environment for communities to get the most out of what can be achieved, all for the future benefit of the NHS.”

I would not be surprised to learn that this was not an ‘attack’ but rather that ‘cesspit’ might well have been substituted for sandpit, as the description reads like a disaster just waiting to happen.

[edit] It isn’t universal, my local systems are still OK.

[Dave Rice]

Just been talking with my ex RMG colleague who’s now in one of the local Trusts. As soon as they heard they “pulled the plug” to isolate themselves.

Looks like some big organisations on the Continent have been hit today too. Telefonica got mentioned.

[Richard]

RSB wrote:

I will have to keep an eye on the cpu temps

Don’t worry, give it a couple of paracetamol, bed rest and plenty of fluids and it will be fine… Err on second thoughts???

[Richard]

Dave Rice wrote:

Just been talking with my ex RMG colleague who’s now in one of the local Trusts. As soon as they heard they “pulled the plug” to isolate themselves. Looks like some big organisations on the Continent have been hit today too. Telefonica got mentioned.

Yes a few from the more thinking end the thought that there was probably a connection with suppliers and the spread of this trouble.The malware appears to be the same strain affecting many different organisations across Europe.

The ‘pull the plug’ reaction might not have been totally necessary but should limit the spread of damage. It will probably take a while to work through the estate to find out which machines have been affected,so get cleaned up and which have remained clean. I trust that someone has taken charge to ensure that access to the network and more particularly its connection(s) are tightly restricted until they are certain that only ‘clean’ machines can participate once more.

The post mortems could be interesting across a number of European locations next week.

I would expect that some bunch of lowlife will feel that they have hit their lucky day while they hope for a bonus. There is are reports that someone(?) might have paid up .

[The Duke]

I’m sure it will be OK.

[Ed P]

Ars reports that it was US Government’s NSA malware that was the root cause of the problem. As the vulnerability was patched by Microsoft back in March for Windows 7 and upwards, it looks like Dave pinpointed the NHS problems as being due to the service continuing to use obsolete XP machines and servers. Either that or gross incompetence by inexperienced  or untrained IT staff.

It also looks like May’s opponents have been handed a golden Election opportunity on a plate!

[Richard]

Ed P wrote:

Ars reports that it was US Government’s NSA malware that was the root cause of the problem. As the vulnerability was patched by Microsoft back in March for Windows 7 and upwards, it looks like Dave pinpointed the NHS problems as being due to the service continuing to use obsolete XP machines and servers. Either that or gross incompetence by inexperienced or untrained IT staff. It also looks like May’s opponents have been handed a golden Election opportunity on a plate!

The ARS reports contains some questionable data, was it East and North Hereford NHS Trust website as they said or East and North Hertfordshire NHS Trust website as the rest of the media and the site linked to says?

No doubt dopey Corbyn will along with is army of fools claim that with just a few more thousands of clerks with quill pens it would never happen, but for how long has the NHS digital service run services across the globe? Is FEDEX really run by the NHS, along with chunks of the USA, South America Russia across Europe and the far East? Are they all using cast-off NHS XP machines?

Perhaps it would be worth calming down the rhetoric and settling for what is the real case?

[Dave Rice]

Yes, just got back from Tescos and the NSA malware was mentioned. It looks like the NHS has been caught in a new campaign rather than targeted.

The staff I know of are all competent, the troops on the ground usually are, it’s the decision makers at the top that are the issue, especially the bean counters.

Educating the staff does work. As many of you know my last permanent job was AV administrator in the defence industry and we could tell when it had taken place at sites as the calls went up reporting suspicious activity. There were also deliberate internal phishing campaigns that took you to a site saying “you’ve been had” and offering advice.

Expect an immediate injection of (not enough) money for staff awareness and some nebulous beefed up security promise. No heads will roll, of that you can be sure.

[Ed P]

Richard rather than just throwing up a smoke-screen, maybe you should be investigating just what IS the real cause of the problem and what should be done,

Failing that, I guess that you could just bury your head in Hunt’s glorious ‘sandpit’. Which I’m afraid translates to yet another Government IT disaster in the making or  “We have not got a clue what we should be doing as we have no leadership, strategy or sense of direction, but whatever we do it had better be cheap”.

[Richard]

I have very recently been in touch with a relation who is currently on leave from his duties. He saw his colleagues earlier today and they confirmed that his work place and trust have not been hit but took action to block all internet access. As far as they knew the plans worked well and no damage was caused.

There is a greater issue, it is dead easy to blame the staff, the technology, etc. until the cows come home. The attack is global and some dick heads will pay/have paid, will they get their data back? The crooks will make some money and bit coin will get another notch in its bed post of shame. The only answer might appear be to disable links from e-mails until they were verified – except that another trick would be found to play to human factors, social engineering, etc.

The only certain fact is that it involves far more than the NHS which for our parochial reasons is hitting our headlines.

Do not wait up late for any FEDEX parcels over the next few days and a few other items may be about to crawl out of many bits of the wood work. At least DHL are still working OK and giving updates.

[Richard]

I have thrown up no smoke screen, but rather dislike your harping on about those you clearly show a visceral hatred towards. The attack is GLOBAL and affects huge numbers of other points beyond the NHS, FEDEX, many in the USA, South America, Europe, Russia, the Middle East and the Far East. There is no smoke screen from me but there is a putrid stench of miss-information about what you are pushing.

My local trust urgently disabled their internet at the first whiff of trouble elsewhere and according to staff working there have avoided trouble, fact; no  smoke or mirrors. Nor any false claims about XP this, that and the other. See Dave’s far less emotive posting; human factors are a real issue, perhaps even the only issue: they almost always are at the root of problems.

I suggested some should calm down, I feel that is still a valid suggestion. Speculation sells news and  phalse news sells even more, it never helps anyone except those guilty of hyperbole.

[Dave Rice]

Yes, it’s getting thrown out of all proportion by the rolling news bods. Some of the “experts” they had on in the first hour were cringworthy and some clearly didn’t know it was ransomware but kept on about selling the data that had been stolen.

Another suggested switching to back up servers. What? Spinning up some new hardware is a piece of pi$$ now with virtualization. It’s the data stupid.

Unfortunately the XP issue is not a false claim. Just have a look at the screens you see when next visiting, I always do. I’ve seen a smattering of 7 machines but most are XP. The NSA vulnerability was patched and I would expect even the most slothful to have deployed it by now, except of course that XP machines were not included. Also from experience (patching the estate was one of my jobs) the success rate is not 100%, either because the patch fails or a PC is turned off and doesn’t catch up as fast as the phishing email gets delivered when it is.

Even when you are aware a major incident could be taking place it takes time to shut things down. There is no magic red button on a console somewhere ala James bond movie.

[Ed P]

As revealed in the latest Ars post, based on results from independent analysis from a couple of AV companies. The ransomeware is spread by a worm using the NSA exploit to infect vulnerable obsolete or unpatched machines. Once activated it continues to spread and hits any obsolete machines connected to the web.

” … wcry copies a weapons-grade exploit codenamed EternalBlue that the NSA used for years to remotely commandeer computers running Microsoft Windows. EternalBlue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012,”

Like it or lump it, the problem results from a widespread criminal attack coupled with a lack of investment in new PC equipment.

[Dave Rice]

The last big outbreak I was involved in, indeed the only one I’ve known to bring an organisation to a stop, was Sasser back in 2004.

The patch had been issued but large scale patching tools weren’t in general use so patching was non existent. It took 3 days to clear that up and all that was required was to run the patch on each PC. All sites were isolated from each other until the network boys had blocked port 445 on the switches, but that was in the days of local server hardware so only email was really shutdown.

There was no data compromised in that one and the patch took 2 minutes to run. This one is going to be a doozy. The PCs will have to be rebuilt and I know how long it takes to do sites of 150+ PCs when we’ve done mass o/s upgrades and how many extra hands were needed. Then all the servers and data stores could be compromised too, will be where PCs had direct access through a mapped drive. Even if the data is clean it takes a long time to do a full restore of big data stores.

Might be keeping my eyes out for some short term contract work.

[PlaneMan]

Like Dave I also scan the PC’s when I’m at the hospital.

I had to go to the UHW, commonly known as The Heath, for an emergency blood test on Tuesday.

I passed dozens of rigs blatantly running XP and when I eventually found the phlebotomist (not where they were meant to be) the rig there was of the Pentium era, yes, the original Pentium, I didn’t get a very good look at the screen, a 19″ odd CRT but it looked like Win 98 to me.

Hopefully NHS in Wales has had a ‘get out of jail’ card and used it wisely!

[Author]

Posts