Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com)

Posted by msmash on from the ransomware-everywhere dept.

Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.

Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.

5 of 202 comments (clear)

  1. Major cyber attack? by ruir · · Score: 1, Insightful

    It smells more to major incompetence.

    1. Re:Major cyber attack? by citylivin · · Score: 5, Insightful

      "It smells more to major incompetence."

      Oh get off your high horse. We had a ransomware infect one user and then their network drives last fall. We stopped it within 20 minutes but still the damage was done with 40% of their network drive encrypted. The virus scanner (sophos) didnt catch it, email virus scanner missed it too. Was hand targeted for this one particular employee.

      She unfortunately had access to a drive she shouldnt have as well so the attack spread farther than it should have.
      We restored from backup and wiped the machine, but it was certainly inconvenient for a few hours for everyone in that department who lost access to their files.

      The point is that this can happen to anyone so dont get cocky. Every user has write access to SOME files on the network, that is unavoidable.

      I liked this video i saw at a cisco presentation a few weeks back. In theory a good IDS system with integrated agents on the machine and a "nex gen" firewall should halt an attack quickly. But thats a lot of money that many companies won't invest in till its too late.

      https://www.youtube.com/watch?...

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
  2. Wannacry 2.0 Ransomware by DigiShaman · · Score: 3, Insightful

    It's been posted online that this is a version of WannaCry v2.0 Ransomware. Apparently it's taking advantage of the SMB exploits that got released last week or so ago. It's probably doing an IP scan inside the LAN from an infected machine, and then attempting to exploit SMB at the other end. That machine gets infected, and so it spreads at an exponential rate. Short version, this is WW III starting level shit!! We'll know soon enough in the next 48 hours around the world

    --
    Life is not for the lazy.
  3. Someone is going to have a bad day.... by Computershack · · Score: 3, Insightful

    This is the kind of event likely to get GCHQ involved which could result in someone expecting Bitcoin goodness to have a very unwelcome knock on the door one day.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  4. Re:General VLAN... by thegarbz · · Score: 5, Insightful

    A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.

    It's not convenience. Often it is part of a critical operating philosophy. I will wager more lives have been saved by centralising records and administration like this than have been affected by any cyber attack. Ferrying data between isolated systems introduced a tremendous amount of delay and error over the years which has successfully been fatal in many cases.