Slashdot Mirror
Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com)
Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.
Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.
When Tony Blair met Bill Gates in 2006 - after kissing Gates' feet and gushing for a few hours about his supreme wonderfulness - Blair signed up for the super huge mega deal, with all the Windows you can eat. (Small print: security is up to you, mumble mumble mumble...)
"Mr Gates, the billionaire software pioneer, had just written a book about how IT could transform economies".
Yeah. Transform them from prosperity to miserable bankruptcy - along with lots of dead and dying patients. And transfer a large slice of their revenue to Bill Gates' bulging pockets.
Maybe the NHS should call Gates now and ask him to sort out their problems.
https://www.theguardian.com/bu...
I am sure that there are many other solipsists out there.
is it really that untraceable?
Are they using Windows computers for sensitive health information? ... morons...
Are they using Windows for mission critical applications?
Yes... they're using Windows XP.
The biggest worms, trojans, etc. all hit Windows? Rhetorical question, so no jesting or serious responses requested :) But this one looks to be fairly sizeable. Plenty of European telecoms, and other industries hit so far today. Even read reports of FedEx's Memphis hub instructing employees to power off those PC's.
Here's a map --> https://intel.malwaretech.com/.... The ironic thing is that these are far from true 0-day exploits. Patch was released for this in March. Regardless of your organization size, testing and rolling out patches shouldn't be that difficult. Given it's been a few months. This is speaking from a person who's been a cog in the wheel at larger US organizations as well as supported smaller places...
Indeed. I'd be in favor of single-payer, but Obamacare is an abomination. And I mean that word in the old-school sense of some spawn of things that really shouldn't go together.
But that's the U.S. government way. We don't have socialism; he have half-assed versions of regulation that really end up funnelling money into the pockets of rich people and corporations. We did it with Fannie Mae and Freddie Mac -- just enough regulation to claim they were pseudo-government entities, but enough freedom to completely blow up the housing market and be bailed out by taxpayers. We've witnessed it with Obamacare -- enough regulation to improve healthcare a bit, but with increased costs and a completely superfluous layer of private corporations whose sole benefit is to stand in the WAY of actual health care, make claims and overhead by health providers much more complex, and skim ~15% off the top. And now we're seeing it with student loans -- no, we don't want to actually provide higher education for everyone, but we'll create this weird loan structure that flows through young uninformed students with prices set by colleges that act more like corporations than educators every day... is it any wonder tuition is out of control?
That's the great American experiment: see how many ways we can screw over taxpayers by creating "regulation" systems that half-fix problems and provide perverse profit incentives for corporations.