Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberattack Hits England's National Health Service With Ransom Demands (theguardian.com)

Posted by msmash on from the ransomware-everywhere dept.

Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon. Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. From a report: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. "This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. "Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available." NPR adds: The problem erupted around 12:30 p.m. local time, the IT worker says, with a number of email servers crashing. Other services soon went down -- and then, the unidentified NHS worker says, "A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen." The attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors, it appears. The report adds: Images that were posted online of the NHS pop-up look nearly identical to pop-up ransomware windows that hit Spain's Telefonica, a powerful attack that forced the large telecom to order employees to disconnect their computers from its network -- resorting to an intercom system to relay messages. Telefonica, Spain's largest ISP, has told its employees to shut down their computers.

Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.

18 of 202 comments (clear)

  1. General VLAN... by __aaclcg7560 · · Score: 4, Interesting

    Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.

    1. Re:General VLAN... by Major+Blud · · Score: 3, Interesting

      Sounds like the General VLAN got hit. Critical medical systems should be on a separate and restricted VLAN. I'm a bit surprised that VOIP phones weren't isolated from this.

      I don't know how things are in the U.K., but I spent a few years working in hospital IT in the U.S. The phones used in patient rooms had to be discarded after ever discharge because of fears of contamination, meaning that it was incredibly expensive to have a rotation of phones coming and going. This made it difficult to transition away from the old analog phone system that was in use.

      I didn't get involved with the telephony side of things, so I'm not sure if this entire process was logical or not. I'm not sure how difficult it is to disinfect a phone.

      --
      If you post as Anonymous Coward, don't expect a reply.
    2. Re:General VLAN... by Stoertebeker · · Score: 5, Funny

      Isn't that what telephone sanitizers are there for? Maybe we shouldn't have put them all on the first ark?

    3. Re:General VLAN... by cayenne8 · · Score: 4, Interesting
      In addition to the mistake of having so many systems of importance connected to the greater internet....

      I think it likely also points out the problems with homogeneous systems...centralized systems, and such mandated by the government.

      A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    4. Re:General VLAN... by Farmer+Tim · · Score: 3, Interesting

      I asked a similar question when my dad was in hospital being treated for an MRSA infection from a previous hospital stay. The answer is a typical telephone has speaker and mic holes, seams and moldings in the case, cutouts around the buttons (if it doesn't use membrane switches, though I haven't seen one like that for years)...lots of places for germs to hide where UV light can't get to them. Wiping down with alcohol isn't effective either.

      Plastic bags muffle sound, add handling noise and make dialling and using the phone in general more difficult. It's a reasonable assumption that a patient is in hospital because they're already impaired in some way (or may be impaired by sedatives, pain killers, etc), so if the phone is more difficult to use than normal it may defeat the purpose of having it there at all.

      And ultimately, they can buy basic handsets in bulk for ~$8 each, which works out cheaper than trying to keep them sterile. It also eliminates the risk of human error such as being incorrectly tagged and accidentally cycled back into use without being sterilized first, and that's a big enough problem with surgical instruments which can easily be autoclaved (many cheaper instruments like scalpels and scissors are also single use these days for the same reason).

      --
      Blank until /. makes another boneheaded UI decision.
    5. Re:General VLAN... by thegarbz · · Score: 5, Insightful

      A singular system with all information, while providing convenience in many ways, opens itself up to being completely shut down if anyone ever breaks through the always inevitable cracks.

      It's not convenience. Often it is part of a critical operating philosophy. I will wager more lives have been saved by centralising records and administration like this than have been affected by any cyber attack. Ferrying data between isolated systems introduced a tremendous amount of delay and error over the years which has successfully been fatal in many cases.

  2. Wannacry 2.0 Ransomware by DigiShaman · · Score: 3, Insightful

    It's been posted online that this is a version of WannaCry v2.0 Ransomware. Apparently it's taking advantage of the SMB exploits that got released last week or so ago. It's probably doing an IP scan inside the LAN from an infected machine, and then attempting to exploit SMB at the other end. That machine gets infected, and so it spreads at an exponential rate. Short version, this is WW III starting level shit!! We'll know soon enough in the next 48 hours around the world

    --
    Life is not for the lazy.
  3. Someone is going to have a bad day.... by Computershack · · Score: 3, Insightful

    This is the kind of event likely to get GCHQ involved which could result in someone expecting Bitcoin goodness to have a very unwelcome knock on the door one day.

    --
    I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
  4. Re:Windows? by Archtech · · Score: 4, Interesting

    When Tony Blair met Bill Gates in 2006 - after kissing Gates' feet and gushing for a few hours about his supreme wonderfulness - Blair signed up for the super huge mega deal, with all the Windows you can eat. (Small print: security is up to you, mumble mumble mumble...)

    "Mr Gates, the billionaire software pioneer, had just written a book about how IT could transform economies".

    Yeah. Transform them from prosperity to miserable bankruptcy - along with lots of dead and dying patients. And transfer a large slice of their revenue to Bill Gates' bulging pockets.

    Maybe the NHS should call Gates now and ask him to sort out their problems.

    https://www.theguardian.com/bu...

    --
    I am sure that there are many other solipsists out there.
  5. Re:I've come across this virus by Anonymous Coward · · Score: 5, Funny

    "I've come across this virus. Nasty virus. Really, really bad virus. We're going to stop this virus, and we're going to make Mexico pay for it."

  6. The Value of Bitcoin???? by 3seas · · Score: 3, Interesting

    is it really that untraceable?

  7. Re:Can you see by fluffernutter · · Score: 3

    Not sure what single payer has to do with this, but it's not like the American healthcare system runs like a well-oiled machine by comparison. In fact, it is probably the most fragmented and disorganized health care system there is.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  8. And a big thank you very much to the NSA by Eunuchswear · · Score: 3

    Several experts monitoring the situation have linked the infections to vulnerabilities released by a group known as The Shadow Brokers, which recently claimed to have dumped hacking tools stolen from the NSA.

    --
    Watch this Heartland Institute video
  9. GCHQ made a very unfortunate tweet at same time by Martin+S. · · Score: 3, Informative

    "It's a good job we're better at keeping Britain safe than writing limericks⦠#NationalLimerickDay"

    https://twitter.com/GCHQ/statu...

  10. Re:Major cyber attack? by citylivin · · Score: 5, Insightful

    "It smells more to major incompetence."

    Oh get off your high horse. We had a ransomware infect one user and then their network drives last fall. We stopped it within 20 minutes but still the damage was done with 40% of their network drive encrypted. The virus scanner (sophos) didnt catch it, email virus scanner missed it too. Was hand targeted for this one particular employee.

    She unfortunately had access to a drive she shouldnt have as well so the attack spread farther than it should have.
    We restored from backup and wiped the machine, but it was certainly inconvenient for a few hours for everyone in that department who lost access to their files.

    The point is that this can happen to anyone so dont get cocky. Every user has write access to SOME files on the network, that is unavoidable.

    I liked this video i saw at a cisco presentation a few weeks back. In theory a good IDS system with integrated agents on the machine and a "nex gen" firewall should halt an attack quickly. But thats a lot of money that many companies won't invest in till its too late.

    https://www.youtube.com/watch?...

    --
    As a potential lottery winner, I totally support tax cuts for the wealthy
  11. Why is it? by gregarican · · Score: 3, Interesting

    The biggest worms, trojans, etc. all hit Windows? Rhetorical question, so no jesting or serious responses requested :) But this one looks to be fairly sizeable. Plenty of European telecoms, and other industries hit so far today. Even read reports of FedEx's Memphis hub instructing employees to power off those PC's.

    Here's a map --> https://intel.malwaretech.com/.... The ironic thing is that these are far from true 0-day exploits. Patch was released for this in March. Regardless of your organization size, testing and rolling out patches shouldn't be that difficult. Given it's been a few months. This is speaking from a person who's been a cog in the wheel at larger US organizations as well as supported smaller places...

  12. Re:IT Governance not Technical failure by ruir · · Score: 3, Funny

    Beautiful, have you ever considered a career in politics?

  13. Re:Forced health service holds US ransom by AthanasiusKircher · · Score: 3, Interesting

    Indeed. I'd be in favor of single-payer, but Obamacare is an abomination. And I mean that word in the old-school sense of some spawn of things that really shouldn't go together.

    But that's the U.S. government way. We don't have socialism; he have half-assed versions of regulation that really end up funnelling money into the pockets of rich people and corporations. We did it with Fannie Mae and Freddie Mac -- just enough regulation to claim they were pseudo-government entities, but enough freedom to completely blow up the housing market and be bailed out by taxpayers. We've witnessed it with Obamacare -- enough regulation to improve healthcare a bit, but with increased costs and a completely superfluous layer of private corporations whose sole benefit is to stand in the WAY of actual health care, make claims and overhead by health providers much more complex, and skim ~15% off the top. And now we're seeing it with student loans -- no, we don't want to actually provide higher education for everyone, but we'll create this weird loan structure that flows through young uninformed students with prices set by colleges that act more like corporations than educators every day... is it any wonder tuition is out of control?

    That's the great American experiment: see how many ways we can screw over taxpayers by creating "regulation" systems that half-fix problems and provide perverse profit incentives for corporations.