Security News NHS hit by large-scale Ransom Cyber Attack

[Ink]

Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients.

The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England said it was aware of the problem and would release more details soon.

Source: gigi.h on Twitter

 

[Arequire]

Wasn't in work today so I'm unaware if my hospital or department has been hit by this. I did receive this email sent to all hospital staff from my IT department (had to remove parts to protect the location and names of some of our staff):

Wouldn't doubt this is confirmation of the infection vector.

 

[Winter Soldier]

If some crimes proliferate, it is because profitable without being overly risky.
But when the person's life might be in danger, then the game becomes more serious!

 

[TheMalwareMaster]

I came here after I heard about the attack on the Italian news. They defined it as the largest international hacker attack, but I'm not sure if it really is

 

[brod56]

Wanna ransomware is also attacking several companies here in Portugal today.
Looks pretty big.

 

[Winter Soldier]

Wanna ransomware is also attacking several companies here in Portugal today.
Looks pretty big.

It seems the affected countries: Spain, UK, Usa, China, Italy, Portugal, Vietnam, Russia and Ukraine.

 

[Weebarra]

I wonder how they will deal with it. Do they risk losing peoples valuable medical history or do they pay up ? I don't know enough to know if they can get the files back some other way but i doubt the government would pay because in my opinion it is akin to a terror attack and we don't pay ransoms to terrorists or kidnappers (allegedly)

Several hospitals, GP and Dental surgeries have been hit in my immediate area and people have been asked not to attend A & E departments unless it is a genuine emergency. I hope that all the drunkards and eejits who turn up at A & E at the weekends actually take heed and let them deal with those who most need help.

 

[Cortex]

I work in a UK Hospice (Charity) & they shut the server down just after after1:30pm & it was unclear what had happened, when I left a while ago they were trying to restore the system from backups, hope they are successful. Those people who distribute such malware are parasites & scum, absolute. The Hospice has to raise over £3,000,000 a year in donations just to keep open & we really could do without this.

 

[legendcampos]

The attack arrived in my country (Brazil), many computers were locked!

 

[Ink]

Big targets

National Health Service (NHS) England, and Telefonica, one of the largest telecom providers in the world, have each given out statements indicating that their systems have been brought to a grinding halt by a ransomware that Malwarebytes detects as Ransom.WanaCrypt0r. The ransomware has also been observed hitting companies in Spain, Russia, Ukraine, and Taiwan.

Method

The ransomware is spread using a known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits that we reported on our blog in April. Our research shows the encryption is done with RSA-2048 encryption. That means that decryption will be next to impossible, unless the coders have made a mistake that we haven’t found yet.

Read more at WanaCrypt0r ransomware hits it big just before the weekend | Malwarebytes

 

[SecretKeeper]

The attack has hit my county. A little worried to when it'll be fixed since my partner has to go to in hospital for treatment on Monday... >.<

 

[Solarquest]

Apparently many companies are still using old and unpatched (missing MS17-010) windows versions ....and bad AV.

Wana Decryptor / WanaCrypt0r Technical Nose Dive

 

[Arequire]

Apparently many companies are still using old and unpatched (missing MS17-010) windows versions ....and bad AV.

Yup. You can thank the British government for decimating NHS funding; forcing Trusts to cut IT budgets and fire knowledgeable IT staff who could have upgraded those systems still stuck on XP or applied those updates to W7 systems if it didn't cost too much for the downtime. It's okay though because my department only has four different managers who all take home 6 figure paychecks each year and that's apparently money well spent.

 

[ElectricSheep]

Absolutely DISGUSTING that they're targetting hospitals! LIVES are at stake!

 

[Arrabida Rock]

i don't know what these guys want from Portugal !!!
Maybe a summer's ticket for holidays without paiyng ???

 

[Viking]

Absolutely DISGUSTING that they're targetting hospitals! LIVES are at stake!

I would love to catch the SCUMS responsible, inflict them with a cocktail of nasty drugs so they are in so much pain and the drugs also causes their organs to shut down. Put them on a operating table and tell them "if you want us to save your life, you must first pay us ransomware". And if they do ,fine. Then start the whole procedure again...

 

[Azure]

Absolutely DISGUSTING that they're targetting hospitals! LIVES are at stake!

It is disgusting. I agree. They aren't simply getting files/computers hostage, but in a way, people's lives as well are being taken hostage.

 

[cruelsister]

The real issue here is that SO many organizations are so locked in to the traditional method of malware Protection (Whatever AV) that they refuse to understand that NONE OF THESE will protect against a true zero day ransomware strain (until it's too late). There are many types of security products (like FireEye) that could have protected the infected organizations from this ransomware, but the "Braintrust" management of many IT departments just don't want to spend extra money on such protection (may impact their bonuses).

And this is the true mechanism of this ransomware- exploiting Fools who should have known better.

 

[ElectricSheep]

The real issue here is that SO many organizations are so locked in to the traditional method of malware Protection (Whatever AV) that they refuse to understand that NONE OF THESE will protect against a true zero day ransomware strain (until it's too late). There are many types of security products (like FireEye) that could have protected the infected organizations from this ransomware, but the "Braintrust" management of many IT departments just don't want to spend extra money on such protection (may impact their bonuses).

And this is the true mechanism of this ransomware- exploiting Fools who should have known better.

Sad but true

 

[Atlas147]

Received an alert from my workplace as well, reminding us to be extra vigilant at times like these.