Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com)

Posted by msmash on from the ransomware-everywhere dept.

Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.

Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.

34 of 202 comments (clear)

  1. General VLAN... by __aaclcg7560 · · Score: 4, Interesting

    Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.

    1. Re:General VLAN... by Major+Blud · · Score: 3, Interesting

      Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.

      I don't know how things are in the U.K., but I spent a few years working in hospital IT in the U.S. The phones used in patient rooms had to be discarded after ever discharge because of fears of contamination, meaning that it was incredibly expensive to have a rotation of phones coming and going. This made it difficult to transition away from the old analog phone system that was in use.

      I didn't get involved with the telephony side of things, so I'm not sure if this entire process was logical or not. I'm not sure how difficult it is to disinfect a phone.

      --
      If you post as Anonymous Coward, don't expect a reply.
    2. Re:General VLAN... by Stoertebeker · · Score: 5, Funny

      Isn't that what telephone sanitizers are there for? Maybe we shouldn't have put them all on the first ark?

    3. Re:General VLAN... by cayenne8 · · Score: 4, Interesting
      In addition to the mistake of having so many systems of importance connected to the greater internet....

      I think it likely also points out the problems with homogeneous systems...centralized systems, and such mandated by the government.

      A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    4. Re:General VLAN... by Farmer+Tim · · Score: 3, Interesting

      I asked a similar question when my dad was in hospital being treated for an MRSA infection from a previous hospital stay. The answer is a typical telephone has speaker and mic holes, seams and moldings in the case, cutouts around the buttons (if it doesn't use membrane switches, though I haven't seen one like that for years)...lots of places for germs to hide where UV light can't get to them. Wiping down with alcohol isn't effective either.

      Plastic bags muffle sound, add handling noise and make dialling and using the phone in general more difficult. It's a reasonable assumption that a patient is in hospital because they're already impaired in some way (or may be impaired by sedatives, pain killers, etc), so if the phone is more difficult to use than normal it may defeat the purpose of having it there at all.

      And ultimately, they can buy basic handsets in bulk for ~$8 each, which works out cheaper than trying to keep them sterile. It also eliminates the risk of human error such as being incorrectly tagged and accidentally cycled back into use without being sterilized first, and that's a big enough problem with surgical instruments which can easily be autoclaved (many cheaper instruments like scalpels and scissors are also single use these days for the same reason).

      --
      Blank until /. makes another boneheaded UI decision.
    5. Re:General VLAN... by Hognoxious · · Score: 2

      I think it likely also points out the problems with homogeneous systems...centralized systems, and such mandated by the government.

      I'm sure private sector companies all happily undertake the additional expense & complication of developing & running entirely separate systems for each branch/office.

      But remind me, who do you work for?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    6. Re:General VLAN... by thegarbz · · Score: 5, Insightful

      A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.

      It's not convenience. Often it is part of a critical operating philosophy. I will wager more lives have been saved by centralising records and administration like this than have been affected by any cyber attack. Ferrying data between isolated systems introduced a tremendous amount of delay and error over the years which has successfully been fatal in many cases.

    7. Re:General VLAN... by gweihir · · Score: 2

      Sounds like somebody got himself some steady business bu shady means. Decontaminating phones is not more difficult than doing it for beds, toilets, door-handles, etc. This procedure does not make any medical sense.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  2. "Ransomware demanded"??? by tlambert · · Score: 2, Funny

    "Ransomware demanded"???

    So wait. They've demanded that 16 hospitals to give them ransomware?

    Isn't the correct business model to give the hospitals the ransomware instead, and then demand ransom?

    Is this an altruistic cyberattack? The hospitals give them the ransomware, which they install, and then they give the hospitals money so that the hospitals will send the the unlock code, and they can then move onto the next hospital?

    I mean, as an approach to medical billing, it's kind of .. disruptive, but...

  3. "Ransomware Demanded" by Cajun+Hell · · Score: 2, Funny

    Don't give it to them! If you give them ransomware, they're just going to use it to start attacking people and demanding ransoms from their victims.

    --
    "Believe me!" -- Donald Trump
  4. terminals not answering back by pigsycyberbully · · Score: 2, Informative

    Not surprised Swiss cheese. NHS malware ransomware terminals not answering back. Ambulance system not reporting incoming patients. Using pen and paper to work out who is in and who is gone home. Unable to answer enquiries about patients. Everything else is working in slow motion not always working. Nationwide.

  5. If the admins were smart... by drew_92123 · · Score: 2

    If they were smart the desktops used to access patient are nothing more than "thin" clients with just an OS that can be PXE booted and re-imaged in short order... and the actual applications that matter would be running in VMs accessed from those clients... and the VMs would have have snapshots to roll back to in case something there gets screwed up...

    Then again, if they were smart, they never would have connected systems used for patient care to the internet in the first place... all internet access would have been done through VM jump boxes and would have been protected by a properly configured firewall that only allowed HTTPS sessions that originated from the VM and all other traffic to/from the VM would have been dropped... making it nearly impossible for a VM to become infected or for an infected VM to spread malware to other machines on the local network.

  6. Windows? by mspohr · · Score: 2

    Are they using Windows computers for sensitive health information?
    Are they using Windows for mission critical applications? ... morons...

    --
    I don't read your sig. Why are you reading mine?
    1. Re:Windows? by Archtech · · Score: 4, Interesting

      When Tony Blair met Bill Gates in 2006 - after kissing Gates' feet and gushing for a few hours about his supreme wonderfulness - Blair signed up for the super huge mega deal, with all the Windows you can eat. (Small print: security is up to you, mumble mumble mumble...)

      "Mr Gates, the billionaire software pioneer, had just written a book about how IT could transform economies".

      Yeah. Transform them from prosperity to miserable bankruptcy - along with lots of dead and dying patients. And transfer a large slice of their revenue to Bill Gates' bulging pockets.

      Maybe the NHS should call Gates now and ask him to sort out their problems.

      https://www.theguardian.com/bu...

      --
      I am sure that there are many other solipsists out there.
    2. Re:Windows? by Anonymous Coward · · Score: 2, Interesting

      Are they using Windows computers for sensitive health information?
      Are they using Windows for mission critical applications? ... morons...

      Yes... they're using Windows XP.

    3. Re:Windows? by mspohr · · Score: 2

      OMG! Complete, absolute morons.
      The management should all be fired.

      --
      I don't read your sig. Why are you reading mine?
    4. Re:Windows? by ghoul · · Score: 2

      This is why countries should not trust US made software. It has backdoors installed for the NSA to sneak in. They would have been better off with Chinese software. It also would have backdoors but it would be cheaper.

      --
      **Life is too short to be serious**
  7. Wannacry 2.0 Ransomware by DigiShaman · · Score: 3, Insightful

    It's been posted online that this is a version of WannaCry v2.0 Ransomware. Apparently it's taking advantage of the SMB exploits that got released last week or so ago. It's probably doing an IP scan inside the LAN from an infected machine, and then attempting to exploit SMB at the other end. That machine gets infected, and so it spreads at an exponential rate. Short version, this is WW III starting level shit!! We'll know soon enough in the next 48 hours around the world

    --
    Life is not for the lazy.
  8. Someone is going to have a bad day.... by Computershack · · Score: 3, Insightful

    This is the kind of event likely to get GCHQ involved which could result in someone expecting Bitcoin goodness to have a very unwelcome knock on the door one day.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  9. Re:I've come across this virus by Anonymous Coward · · Score: 5, Funny

    "I've come across this virus. Nasty virus. Really, really bad virus. We're going to stop this virus, and we're going to make Mexico pay for it."

  10. The Value of Bitcoin???? by 3seas · · Score: 3, Interesting

    is it really that untraceable?

  11. Re:Can you see by fluffernutter · · Score: 3

    Not sure what single payer has to do with this, but it's not like the American healthcare system runs like a well-oiled machine by comparison. In fact, it is probably the most fragmented and disorganized health care system there is.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  12. And a big thank you very much to the NSA by Eunuchswear · · Score: 3

    Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.

    --
    Watch this Heartland Institute video
    1. Re:And a big thank you very much to the NSA by Sir+Holo · · Score: 2

      Thank you NSA for developing this exploit for the ransomware hackers to use.

      The US NSA are to blame for this global (dozens of countries) IT clusterfuck. I wonder how the leaders of all of those other countries are feeling about the US right now...

    2. Re:And a big thank you very much to the NSA by Eunuchswear · · Score: 2

      You, like the NSA, seem to have forgotten that part of the NSA's job is defence. That they knew of these vulnerabilities and didn't work with microsoft to fix them is a failure of that job..

      --
      Watch this Heartland Institute video
  13. GCHQ made a very unfortunate tweet at same time by Martin+S. · · Score: 3, Informative

    "It's a good job we're better at keeping Britain safe than writing limericks⦠#NationalLimerickDay"

    https://twitter.com/GCHQ/statu...

  14. Re:Major cyber attack? by citylivin · · Score: 5, Insightful

    "It smells more to major incompetence."

    Oh get off your high horse. We had a ransomware infect one user and then their network drives last fall. We stopped it within 20 minutes but still the damage was done with 40% of their network drive encrypted. The virus scanner (sophos) didnt catch it, email virus scanner missed it too. Was hand targeted for this one particular employee.

    She unfortunately had access to a drive she shouldnt have as well so the attack spread farther than it should have.
    We restored from backup and wiped the machine, but it was certainly inconvenient for a few hours for everyone in that department who lost access to their files.

    The point is that this can happen to anyone so dont get cocky. Every user has write access to SOME files on the network, that is unavoidable.

    I liked this video i saw at a cisco presentation a few weeks back. In theory a good IDS system with integrated agents on the machine and a "nex gen" firewall should halt an attack quickly. But thats a lot of money that many companies won't invest in till its too late.

    https://www.youtube.com/watch?...

    --
    As a potential lottery winner, I totally support tax cuts for the wealthy
  15. Re:Forced health service holds US ransom by omnichad · · Score: 2

    This rule does make a profit for shareholders. It's not single-payer insurance, it's either being forced to buy something from a private company or a fine.

  16. Why is it? by gregarican · · Score: 3, Interesting

    The biggest worms, trojans, etc. all hit Windows? Rhetorical question, so no jesting or serious responses requested :) But this one looks to be fairly sizeable. Plenty of European telecoms, and other industries hit so far today. Even read reports of FedEx's Memphis hub instructing employees to power off those PC's.

    Here's a map --> https://intel.malwaretech.com/.... The ironic thing is that these are far from true 0-day exploits. Patch was released for this in March. Regardless of your organization size, testing and rolling out patches shouldn't be that difficult. Given it's been a few months. This is speaking from a person who's been a cog in the wheel at larger US organizations as well as supported smaller places...

    1. Re:Why is it? by Sir+Holo · · Score: 2

      Okay I guess I did ask for it when I mentioned the rhetorical question. The MS security patches being notorious for bricking expensive equipment reference. Any somewhat recent and significant examples?

      2008 or so. A pushed Windows update bricked ALL Oxford-brand EDS systems globally for a couple of days. A driver update for the interface card fixed it, but it took time. What is an EDS? It's an analytical tool that allows chemical analysis in electron microscopes. Every university has several. Every big company, especially in tech, has tens of them (or 100's if you're Intel). The EDS systems would not work, preventing not only day-to-day use of this basic analysis-lab capability, but also mission-critical needs to use it.

      I was in the satellite industry at the time, and can tell you that in this industry, delay of a rocket on-the-launchpad costs about $3–5 million per day. We didn't have an emergency to cover at the time, fortunately, but day-to-day work was impossible. Not only that, but our time was wasted trying to fix the problem. A lot of PhDs the world-over wasted probably 12 hours each trying to figure out why things had suddenly stopped working. Staff scientists' time costs about $150/hr (w/overhead). Multiply that by thousands, or tens of thousands, of PhDs wasting their time thanks to MS auto-pushing out an under-QC'd service pack/update/patch. I am still stunned that a class action lawsuit did not ensue.

  17. Re:IT Governance not Technical failure by ruir · · Score: 3, Funny

    Beautiful, have you ever considered a career in politics?

  18. Re:Forced health service holds US ransom by AthanasiusKircher · · Score: 3, Interesting

    Indeed. I'd be in favor of single-payer, but Obamacare is an abomination. And I mean that word in the old-school sense of some spawn of things that really shouldn't go together.

    But that's the U.S. government way. We don't have socialism; he have half-assed versions of regulation that really end up funnelling money into the pockets of rich people and corporations. We did it with Fannie Mae and Freddie Mac -- just enough regulation to claim they were pseudo-government entities, but enough freedom to completely blow up the housing market and be bailed out by taxpayers. We've witnessed it with Obamacare -- enough regulation to improve healthcare a bit, but with increased costs and a completely superfluous layer of private corporations whose sole benefit is to stand in the WAY of actual health care, make claims and overhead by health providers much more complex, and skim ~15% off the top. And now we're seeing it with student loans -- no, we don't want to actually provide higher education for everyone, but we'll create this weird loan structure that flows through young uninformed students with prices set by colleges that act more like corporations than educators every day... is it any wonder tuition is out of control?

    That's the great American experiment: see how many ways we can screw over taxpayers by creating "regulation" systems that half-fix problems and provide perverse profit incentives for corporations.

  19. Re:Major cyber attack? by mjwx · · Score: 2

    It smells more to major incompetence.

    More like general negligence, who outranks incompetence.

    I work in the UK, several of our customers are banks, they're all going apeshit with requests to find out if they're vulnerable to the same attack. We keep their shit patched so no, but it's making my evening a living hell.

    However I've also worked for several medical clients back in Oz. I'm not surprised this kind of thing can happen. You'd so often see a $1000 PC hooked up to a $350,000 medical scanner. That PC would be running a 5 year old OS because it ran a specific $30,000 piece of software that the scanner required to interpret the raw data. Its not that they didn't want to upgrade the OS or hardware, shit, that's the cheap part. It would be $50,000 to upgrade the firmware on the scanner and $10,000 for the upgrade to the software to get it to run on Windows 7 (at the time, we're talking 2012 here).

    Needless to say, we kept those machines isolated from the general network, preferably not connected at all.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.
  20. I am saddened to see my comment market "troll". by tlambert · · Score: 2

    I am saddened to see my comment market "troll".

    Other than a comment, there is no alternate channel with which to communicate errors in headlines or story summaries. The comment gets made, with humor, the headline gets fixed, and then the comment gets demoted.

    This wouldn't be bad, if there were some way to direct message the editor for the headline and story summary in question, with having to leave a public comment in order to communicate their error.

    At least my comment was made with good humor, rather than with name-calling.