Security News NHS hit by large-scale Ransom Cyber Attack

[JohnBRogers]

This is surely the biggest attack of this kind so far.
There are so many people that can be blamed for this situation. Government(s), negligence of people, rotten hackers!!!
Someone from the government should definitely be charged for budget cuts, bad security infrastructure, and any possible deaths or mischiefs caused by the attack.

After a situation like this, I'm definitely considering getting better AV solution for my system, especially if some is dedicated to ransomware. I saw a few security companies boasting about resolving the issue using their products and I'm a bit sick of this marketing strategy.
Does anyone here know any good software which is efficient in recognizing/removing ransomware or similar threats?
I saw one software coming from a striving (still not mainstream) security vendor, it's called Ransomware Defender, the company - ShieldApps from the US as I remember. Any first-hand information about the company/product?

 

[Winter Soldier]

This is surely the biggest attack of this kind so far.
There are so many people that can be blamed for this situation. Government(s), negligence of people, rotten hackers!!!
Someone from the government should definitely be charged for budget cuts, bad security infrastructure, and any possible deaths or mischiefs caused by the attack.

This attack uses a technique that exists in a tool developed by the NSA, called EternalBlue/DoublePulsar, which was stolen, along with others, from a criminal organization called ShadowBrokers that has published everything online, available to anyone. EternalBlue/DoublePulsar was analyzed and then recreated by cyber criminals for this attack.

So the NSA is also guilty because it kept to itself the knowledge of the flaws exploited by these criminals instead of sharing them with Microsoft and allow it to correct the vulnerabilities.
In summary, the NSA has discovered a danger on thousands of companies and vital systems of the United States and has informed no one, keeping an operational advantage just for itself: it was announced at Microsoft only after that it noticed that Shadowbrokers had stolen its techniques.

 

[Myriad]

And how did the organization avoid keeping a basic and crucial Security Training Induction (hands-on training aside)?
It's not necessary only for the IT giants but for all institutes who're responsible for producing or delivering some important product or service.
Outdated systems and low budgets on security management get costly for sure, but the basic knowledge of the evolving security risks and common ways of avoiding or mitigating them are very important for the regular users, like the ones who clicked on the ransom-inviting-baits.

The past few days has started me thinking back over years of training and supervising staff on IT systems ,
in various countries .

I noticed that the way people used computers in their jobs was often very different to what they did away from work ,
I saw it when I spent time at co-workers homes ; they were much more conscious of what they clicked on ,

The "employee mindset" was very much " click on anything until you get where you want be , quickly " ,
and it was assumed that The Company , Corporate IT , the Dept head etc. had it all covered .

And why wouldn't employees assume that ?
Those people get the big bucks , right ?

I've seen this "dual mindset" in action again and again .....

 

[cruelsister]

No one cares as it's not their system. And Department Heads don't care because they can blame the vendors; and Corporate does not care as they can blame the Dept Heads..

 

[Parsh]

The past few days has started me thinking back over years of training and supervising staff on IT systems ,
in various countries .

I noticed that the way people used computers in their jobs was often very different to what they did away from work ,
I saw it when I spent time at co-workers homes ; they were much more conscious of what they clicked on ,

The "employee mindset" was very much " click on anything until you get where you want be , quickly " ,
and it was assumed that The Company , Corporate IT , the Dept head etc. had it all covered .

And why wouldn't employees assume that ?
Those people get the big bucks , right ?

I've seen this "dual mindset" in action again and again .....

I see! That covers the post-education mindset leading to a very undesirable vulnerability an institute can have.
Also when an employee experiences that many of his/her actions on the allocated system are restricted by policies, he/she then may become more carefree about his future actions in a way, believing that any dangerous actions will be automatically blocked. I have experienced this. They think they're covered, just as you said. It's easy to avoid or shift blames then.

That's one aspect. There are those who don't have such knowledge and be carefree and those foolhardy ones who have the knowledge but lose their senses when it's most called for.

 

[ElectricSheep]

This attack uses a technique that exists in a tool developed by the NSA, called EternalBlue/DoublePulsar, which was stolen, along with others, from a criminal organization called ShadowBrokers

How was this tool leaked in the first place?

So the NSA is also guilty because it kept to itself the knowledge of the flaws exploited by these criminals instead of sharing them with Microsoft and allow it to correct the vulnerabilities.

WHY, oh why upon whys did they NOT do anything about it???? They knew what it's capabilities were, they knew what it could do - the whole bloody World knows what it can do now. Just why did they not do ANYTHING about it when it was stolen and they knew the dangers that it would pose if it fell into the wrong hands which it did?

In summary, the NSA has discovered a danger on thousands of companies and vital systems of the United States and has informed no one, keeping an operational advantage just for itself.

Is the United States the only country in the World?

 

[Winter Soldier]

How was this tool leaked in the first place?

WHY, oh why upon whys did they NOT do anything about it???? They knew what it's capabilities were, they knew what it could do - the whole bloody World knows what it can do now. Just why did they not do ANYTHING about it when it was stolen and they knew the dangers that it would pose if it fell into the wrong hands which it did?

Is the United States the only country in the World?

From what I read, ShadowBrokers first tried to sell the loot by auctioning but then it decided to make public the thing.
Basically the NSA has made dangerous cyber weapons and has not been able to keep them safe: it is as if it manufactured a bacteriological weapon (which is already a bad idea because it kills anyone, not only the enemy) and then, besides, it had left the reach of all.
The USA is not the only country in the world but probably the first one where the NSA hit.

 

[ElectricSheep]

From what I read, ShadowBrokers first tried to sell the loot by auctioning but then it decided to make public the thing.
Basically the NSA has made dangerous cyber weapons and has not been able to keep them safe: it is as if it manufactured a bacteriological weapon (which is already a bad idea because it kills anyone, not only the enemy) and then, besides, it had left the reach of all.
The USA is not the only country in the world but probably the first one where the NSA hit.

So basically the NSA is largely to blame if it can't keep it's own dangerous toys safe and away from the public - something they developed probably for spying has now been turned into a dangerous weapon and unleashed

EDIT:- This map looks very similar to the map on infections globally this weekend...Over 36,000 Computers Infected with NSA's DoublePulsar Malware

 

[Myriad]

How was this tool leaked in the first place?
WHY, oh why upon whys did they NOT do anything about it???? They knew what it's capabilities were, they knew what it could do - the whole bloody World knows what it can do now. Just why did they not do ANYTHING about it when it was stolen and they knew the dangers that it would pose if it fell into the wrong hands which it did?

Now that is a highly pertinent question !

There's been so much said about the nature of the attack ; who is vulnerable , what can be done for added protection etc.
and whole load of door shutting , after the horse bolted
and yes , to all of the commercial entities ( AV providers etc , security pro's at M$ and elsewhere ) .... that means you !

Word in some circles is that the TLAs did not have the in-house technical skills and smarts to make the tools that they desired ,
and keep in mind that they get paid very little money compared to the best coders working in the private sector , especially in data-harvesting .

So they hired-in the best talent that they could find ( IT gun-slingers , black-hat hackers .... whoever ... ) and some of those folk
may have been " previously accommodated " in one of the "Fed Pen" group of hotels , and been hungry for a sweet immunity deal .

All pure speculation of course , we will never see the full story .
But I bet a dollar to a donut that some of "those people" managed to take a working copy away with them

I personally think that is how it ended up " out there " , I don't go with the whole Snowden and Assange as " The Bogeymen " sketch .

There's a couple of recent points that I keep in mind on these issues : -

1] That iPhone connected with the couple behind the San Bernardino terrorist attack DID get cracked , eventually ....
.... TLAs said they couldn't do it , Apple said that they wouldn't / couldn't , and all of the available evidence points to "outside" work .
FBI Worked With Israel's Cellebrite to Crack iPhone

2] Snowden was also a contractor , not an employee

 

[Ink]

Is the United States the only country in the World?

Yes.

 

[tryfon]

Some computers at our school hit, definitely becoming a problem...

 

[Winter Soldier]

Some computers at our school hit, definitely becoming a problem...

You don't have a backup plan?

 

[tryfon]

You don't have a backup plan?

I'm just a student, but no, our computers are not regularly backed up

 

[Winter Soldier]

I'm just a student, but no, our computers are not regularly backed up

@tryfon
Unfortunately, I can't help you but here are a few useful tips (thanks @Jack).

Remove Wana Decrypt0r 2.0 ransomware (.WNCRY Files Encrypted)