NHS Cyber Attack

[TitanTim]

Just hearing the news 16 NHS England computer systems have suffered a ransom cyber attack also affecting doctors surgeries and some dentists with files being encrypted, not good. I'm wandering how long before power stations will be targeted etc, fancyfull as it sounds but I feel a reality.

Tim.

 

[Scooba_Steve]

Cyber is the battlespace no one talks about. With any luck minimal loss if daily backups, the policy is not to pay as there is no guarantee if you do that it will be decrypted.

 

[TitanTim]

I'm guessing or would hope all records are saved to the cloud so would think all infected computers/servers can be wiped clean and records restored.

Tim.

 

[buzyg]

Mad bad part of the modern world. It's a crying shame companies like the NHS have to spend so much time and money defending against criminal acts like this. Totally indiscriminate don't care who they hurt. I hope the press focus their venom on the criminal act behind this and don't just take the easy NHS is crap at every thing stance.

 

[TitanTim]

I hope so too.

Some time ago my personal computer got infected with a ransom virus, I had a good moan at Norton as it bypassed their software. It was a right pain as it started off with a 10 minute grace displaying a ransom message which counted down by a minute each day and after 10 days it would lock your computer. Luckily after lots of googling I managed to find where the virus was hidden and managed to delete it. Effing nuisance.

Tim.

 

[lordgrover]

I'm guessing or would hope all records are saved to the cloud so would think all infected computers/servers can be wiped clean and records restored.

Tim.

Where the data are stored is not relevant, if the computer/user affected has access it'll get encrypted.

 

[TitanTim]

I'm guessing or would hope all records are saved to the cloud so would think all infected computers/servers can be wiped clean and records restored.

Tim.

Where the data are stored is not relevant, if the computer/user affected has access it'll get encrypted.

But if backed up to the cloud should be ok shouldn't it so long as the infected computers are dealt with?

Tim

 

[Mr Tidy]

I'm not sure if back-ups are the whole answer - from what I heard they are still using XP, which may go some way to explaining why they got hacked in the first place!

 

[ranski]

I'm guessing or would hope all records are saved to the cloud so would think all infected computers/servers can be wiped clean and records restored.

Tim.

Where the data are stored is not relevant, if the computer/user affected has access it'll get encrypted.

But if backed up to the cloud should be ok shouldn't it so long as the infected computers are dealt with?

Tim

You honestly think the NHS will have a 1/2 decent backup strategy? Either way thats only half of the issue at hand.

What is obvious is that the NHS client and server fleet appear to be woefully out of date in terms of security updates, as this loophole was closed by an MS patch back in March. Tech support will need to patch and cleanse 1000's of machines before giving the all clear. Even utilising an Enterprise class toolset this will takes weeks

 

[ranski]

I'm not sure if back-ups are the whole answer - from what I heard they are still using XP, which may go some way to explaining why they got hacked in the first place!

I think some NHS departments dropped out of MS software Assurance a few years back, meaning they arent entitled to the latest OS, nor patching

 

[Mr Tidy]

Mr Tidy wrote: ↑Fri May 12, 2017 7:20 pm
I'm not sure if back-ups are the whole answer - from what I heard they are still using XP, which may go some way to explaining why they got hacked in the first place!



I think some NHS departments dropped out of MS software Assurance a few years back, meaning they arent entitled to the latest OS, nor patching

Quite likely - that may explain quite a lot!

 

[TitanTim]

I'm still using Vista Home so hackers beware :lol:

Internet explorer stopped working on it ages ago so using Firefox but they are pulling the plug on Vista in Sept I can't stand Windows 10 so looks like Apple at some stage.

Tim.

 

[Vonlipvig]

I'm still using Vista Home so hackers beware :lol:

Internet explorer stopped working on it ages ago so using Firefox but they are pulling the plug on Vista in Sept I can't stand Windows 10 so looks like Apple at some stage.

Tim.

Windows 10 is actually quite nice once you get used to them moving things around. I quite liked Vista as well (in the minority there!). 7 is good if you can get a copy and still in support, avoid 8 like a misplaced M badge though

 

[Gazhyde]

but they are pulling the plug on Vista in Sept

Not sure where you got September from Tim, but Vista went End of Life on April 11, 2017... I'd upgrade ASAP if I were you :wink:

https://support.microsoft.com/en-us/help/22882/windows-vista-end-of-support

 

[TitanTim]

but they are pulling the plug on Vista in Sept

Not sure where you got September from Tim, but Vista went End of Life on April 11, 2017... I'd upgrade ASAP if I were you :wink:

https://support.microsoft.com/en-us/help/22882/windows-vista-end-of-support

Sorry Gaz my bad I meant Firefox, I received a message from them to say they are pulling any browser updates for Vista users from Sept.

Vista has been working fine with Firefox for some time although I get the odd plugin exceptions when playing videos.

We use windows 10 at work and I have it on a tablet but I just don't like it, not keen on windows generally.

Tim.

 

[Gazhyde]

I'd be more worried about the general lack of Vista security updates for the next 5 months. Having a secure(ish) browser is good, but running it on an OS that no longer gets security updates isn't. The NHS are currently finding out the perils of not keeping up to date with platforms the hard way.

I'll take my information security manager hat off now and go doze on the sofa

 

[TitanTim]

I might begrudgingly get Windows 10 and replace Vista with it

Tim.

 

[DPG]

Noticed that they were using XP last time I visited my local hospital.

Asking for trouble seen as Microshaft stopped supporting / patching the OS in 2014.

We (who I work for) had to pay £1m for support after 2014 until we got onto Win7 / 10.

 

[Maniac]

This wasn't an NHS attack though. It was instigated by millions of normal phishing emails to a huge generic email database, the ones asking for bank details or for you to open because they're your friends latest holiday snaps. From there once the user has blindly opened the time bomb it's open season.

 

[TitanTim]

If you think the Americans can sabotage a North Korean missile test with a cyber attack I'm just waiting for Kim Jong to launch ours against Trump :?

Tim.