NHS ATTACKED

[Ed P]

While I was seeking to improve my knowledge of the operation of MRI scanners I came across this job-spec for an MRI Technologist. By the cringe, these guys/gals really do have to know a bit about everything in order to do their jobs. I read their job spec and duly noted the need for a high stress tolerance – I think I would have underlined that bit!

Incidentally I did find out why any 15 year old MRI scanners may have a Windows problem. They used SGI work stations that are completely stuck (due to their hardware) with a Windows Server 2000 OS. It cannot be upgraded, and as the SGI workstation is integrated into the scanner the whole lot would have to be replaced. Later machines are OK and their OS could be upgraded assuming they are not caught by some of the artificial Microsoft CPU constraints.

[Bob Williams]

Ed your last has confirmed something that I long suspected about the 15 years of innapropriate, ineffective and actually harmful treatment that I received from the NHS in Nottinghamshire. I was subjected to several different scans: CT, MRI and Ultrasound, plus X-rays, even Nerve Conductance tests. Incidentally, it took a request from me to see my Notes, before I could find results of that last Test – no one would let me see waht the result was. I discovered that my left side limbs were subject to anomalies in the nerve paths.

The diagnosis of my oldphart Notts consultant was that old chestnut “slipped disc.” When I moved here to Lincs and a much smaller hospital, I reached a consultant in his last year before retirement who decided to go further than the last, which was “Sorry there is nothing we can do.” and inflict harmful Traction upon my spine. Sending me to another consultant, got me the latest scanner: a mobile affair, operated by an Australian company. This found something that was correctly interpreted by the new consultant as a shattered vertebra, the reason for paralysis and numbness in my left limbs. He performed an operation and I am still walking (sort of) 8 years later, whereas I was expected to be a quadriplegic by the start of 2006. The Aussie scanner was then state of the art. I have no idea which O/S ran the scanner, although in early 2005 it might have been XP, which was released in October 2001 I believe, so would have been well into its stride as an O/S.

It appears from what a local NHS admin employee tells me, that XP is till in great use amongst United Lincolnshire Hospitals Trust, which explains why ULHT hospitals and some GP surgeries are still suffering from delays. Not my surgery, I hasten to add: their systems are all Win 7.

When the Thought Police arrive at your door, think -
I'm out.

[The Duke]

The radio just said North Korea is now the prime suspect.

Coincidence? A suspicious mind could possibly think someone may be starting to write a narrative.

[Dave Rice]

The early theories were it wasn’t a nation state as it’s quite crude. If it is, China and Russia have been hit badly but in the last 24 hours Putin was saying lay off the Norks.

Let’s not forget where the original code for the exploit actually came from.

[Bob Williams]

North Korea is a handy catch-all target to excuse the stupidity of the NSA and our own Health Ministry.

His Dictatorial Tubbiness will probably accept blame, whether guilty or not. Makes his insane regime appear even more terrifying.

When the Thought Police arrive at your door, think -
I'm out.

[The Duke]

But it’s got Korean code in it Bob so it has to be them. Lol. It seems you have a suspicious mind too.

For me it’s always in the timing, I don’t believe in coincidences. Not when it comes to events like this. It screams ‘fails flag event’. The US love them.

[Ed P]

More likely a crude attempt to distract people from the NSA origin of this mess. Irresponsible US/UK hoarding of exploits is becoming a source of political and diplomatic embarrassment.

Just one exploit from that early tranche has caused a lot of public concern on the impacts of Ransomeware.  Reuters now report that Shadowbrokers the group who released the first tranche of NSA exploits are threatening to put a whole lot more for sale in June to the highest bidder. Microsoft is apparently preparing a response, and I wonder if the revelation of an Intel backdoor may have been them doing a bit of Corporate ‘deck-clearing’/CYA. – watch Steve Gibson’s report

The list of additional data that is up for sale is to say the least very interesting. (Reuters link)

“It also threatened to dump data from banks using the SWIFT international money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs, without providing further details. ”

Depending on the sensitivity of the missile and bank data this could perhaps point a finger towards a Western or Mafia-type ownership of Shadowbrokers.

[JayCeeDee]

Well, the cynic in me thinks that Acronis have used the attack as a marketing tool, or ( what they say ) Acronis is the only backup that stops ransomware attacks like WannaCry.

From an email I got from them this morning:-

 

Acronis                                                     EASILY DEFEAT RANSOMWARE                       The ONLY backup that stops ransomware attacks like WannaCry
When WannaCry was unleashed last Friday, the result was the largest ransomware attack in history. It crippled 200,000 computers in more than 150 countries, and continues to spread at an alarming rate. And while everyone is trying to defeat WannaCry, three new ransomware attacks have been detected.

The good news: Acronis can eliminate future ransomware threats against your computer. The better news: We’re offering a special upgrade to Acronis True Image 2017 New Generation, so you can get the world’s ONLY backup solution that actively protects you against ransomware for just £19.99!

In response to the historic WannaCry attack, this week you can get Acronis’ active ransomware protection for a special low price ( 1 year Subscription. )

 

Protect 1 Computer
Was £69.99 Now £19.99

Protect 3 Computers
Was  £99.99   Now  £39.99

Protect 5 Computers
Was  £109.99   Now  £59.99

 

Using heuristic analysis and machine learning, Acronis True Image 2017 New Generation with Active Protection will:

•    Identify the suspicious file activities common to all ransomware attacks
•    Immediately stop the attack and prevent encryption
•     Instantly restore any data that was encrypted

Don’t be fooled: Using quality anti-malware software is important, but ransomware is often coded to evade anti-virus and malware detection programs.

This time-limited special offer is valid until May 21st 2017 for purchases only through Acronis online checkout. It cannot be combined with any other discount or promotion.

 

What do you guys think?? From what I’ve read here and elsewhere, the only way to cover your ar*e is a regime not a product.

 

 

 

[Dave Rice]

I’m just changing the charity from Norton to Bitdefender Gravity Zone. All over the website.

“Bitdefender next-generation machine-learning and memory introspection technologies ensure that Enterprises worldwide have always been safe from the WannaCry ransomware mega-attack and the underlying EternalBlue zero-day exploit”

I’m sure it’s all true but you cannot rely on anything to stop zero day so you need to take steps to mitigate any attacks that get through. In the case of ransomware, if it can see it it’ll encrypt it. So you have to make sure it can’t see your backup device, or that device has decent versioning so you can roll back to an unencrypted version. But that versioning database has to be hidden away or it’ll get encrypted too.

That’s why I use Cloud Station. The only thing visible on the PC is the Cloud Station folder(s). The previous versions are all out of sight on the Synology NAS. I also have PCs imaging themselves to a NAS share which could get encrypted, but that share is backed up to an external drive on the NAS which again is out of sight. TBH I don’t worry too much about the PCs, they are easily rebuilt these days, it’s the data where the business value lies.

[Ed P]

I think a lot of A/V and backup companies will leap on the band-wagon. All that is except Sophos who have a LOT of NHS egg on their face! link

[Bob Williams]

The Duke wrote:

But it’s got Korean code in it Bob so it has to be them. Lol. It seems you have a suspicious mind too. For me it’s always in the timing, I don’t believe in coincidences. Not when it comes to events like this. It screams ‘fails flag event’. The US love them.

Looks like the NKorea connection is correct Steve, Kaspersky has found the link:

https://tinyurl.com/ln49bp2

I look at Kaspersky’s World Virus Activity Review every day now, always something interesting and/or informative. Kaspersky is much more than just an AV programme.

What made me suspect NSA & UK Health Ministry involvement in ‘proving‘ NK guilt, was the fact that Kim’s lunatic regime is such an easy, believable target. Reason for believing it is NK, is that I trust Kaspersky, but who can trust any politician? They are all prepared to shift blame and escape criticism, it’s in their DNA.

When the Thought Police arrive at your door, think -
I'm out.

[Richard]

Bob, there is a huge problem with assigning any origin to a package since it is often made from a range of contributions, some more validly obtained than others. The only real way to is to back track where the evidence shows an audit trail. So far as I have seen, no one has done this.

Just like no one has really sorted out the ongoing issue of why so many foxes are let into the hen house in the first place. IP Goods come out of every door in every location so some like Snowden steal information, I have every confidence, but no proof that his colleges were doing whatever they felt like with the freedom they appeared to possess to act at will. Whatever  happened to proper vetting? Then there is the ‘Person Manning’, leave aside their obvious and traumatic personal issues; how come personal management and recruitment failed to realise there were personal issues lurking there? Now Disney have seen an attempt to blackmail them over lost goods rather in the mode of Sony. Am I the only one who sees a real evidence based pattern here? People are in roles doing things that were outside of their competency and managed by people who had their eyes somewhere else.

The above examples are simply a tiny representative few. In a way I do not care if it was Putin’s bent bears, FAT Boy Nork, the NSA or whomsoever who was really behind the release; I do care that the level of sloppy work gets to me.

There is growing evidence that the latest issue could equally well be the product of some bedroom ego maniac using cut and paste to build a model, or a scheme being used to cover something else while the world and dog plus flees on the dog tear their hair out over a successful distraction.

Perhaps it was all down to Fox trying to test the plot of a new film blockbuster with Murdock as …?

[Bob Williams]

I understand what you say Richard, and the link Kaspersky demonstrates may be tenuous and unproven yet, but did you read the whole thing?

” Similitude between #Wannacry and #Contopee from Lazarus Group – is DPRK behind Lazarus Group? ”

Kaspersky appears to believe it.

This beats any Conspiracy Theory that even Steve or I could imagine though:

” Perhaps it was all down to Fox trying to test the plot of a new film blockbuster with Murdock as …? ” – Love it! :yahoo:

JayCeeDee, the Acronis Ad may be the first of many attempting to scare people into buying a ‘solution’ that is really a one-time, one-cure effort. I predict the usual scramble by similar companies trying to sell snake-oil, plus a generous sprinkling of other ‘solutions’ from unknowns, disguising the propogation of more malware.

When the Thought Police arrive at your door, think -
I'm out.

[Dave Rice]

That’s funny Bob, because Norton claim to have done the same. Symantec has uncovered two possible links that loosely tie the WannaCry ransomware attack and the Lazarus group:

They were the first to discover Conoptee.

The idea that Lazarus are linked to North Korea comes from the Americans in the first place, there is no “proof” that I know of.

I see in a carefully worded denial the NSA say  the code “was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states.” AFAIK no-one had said the NSA created Wannacry but they did write the code that allowed it to spread.

Funny how it all involves the Americans in one way or another.

[Ed P]

There were a LOT of ‘schoolboy’ errors in the Wannacry worm, and its follow-up variants. Too many relatively simple ‘hurried’ errors were made (e.g. the hard coded URLs and unlinked payload) that cost the perpetrators a fortune, all of which makes me believe a relative amateur just lifted code rather than the actions of a nation State. (If you want to compare sophistication look at some of the known NORK attacks on the ROK link. Of course all this could be a double or triple bluff but I smell a cover-up by the West looking for a scapegoat. Some of the so-called ‘proof’ was just a list of file extensions that quite frankly proved nothing.

[Dave Rice]

Fake nooos ?

[The Duke]

I thought this video clip of the worm/ransom in action maybe of intrest to some here.

[Dave Rice]

Just watching Have I Got News for You and it’s amazing how much has already moved into myth i.e. it was targeted at the NHS by the norks and was stolen from the NSA.

What has come through unscathed is the Govts awful track record on IT projects. As was pointed out the £6 billion wasted on the CSC project could have paid for the XP upgrade.

[Ed P]

While I accept your point on wasted money Dave, I have some sympathy for the Administrators who looked at perfectly serviceable $1million MRI machines and shuddered at the thought of throwing them away just because they had an obsolete SGI workstation integrated into them.

It is a great shame that someone cannot produce a simple black-box that acts as a secure wired interface with insecure expensive hardware. In principle it should not be hard to interface with machines that only produce limited acceptable file types (dicom format I guess for an mri) and throw away everything else except perhaps text, then batch out sanitized files. Equally it should be easy to have such a machine only interface with the blackbox on a fixed oddball port and act as a very restricted firewall. Even a raspberry pi could do all that but getting it medically certified would be something else!

[Ed P]

Looks like some folks without backups may have been let off the hook with respect to paying the ransom. link

Pity really as people/companies like that deserve a hard lesson.

[Author]

Posts