Scary ?
The only thing scary about it is that we give computers to people who apparently don't know how to use them 👀🙃
Comment has been collapsed.
Heard about that from Greek sites too. Hmmm, I wonder if this has anything to do with the recent increase of spam in my e-mail. I always get spam, but there was a recent increase. :P
Comment has been collapsed.
Sort of lol considering that fix has allegedly been released already two months ago.
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Nevertheless, apparently a quite nasty case in terms of that it can replicate itself in a network once on one of the computers therein (while using NSA EternalBlue exploit). But as said, patch was released already two months ago, so... somewhat weird, isn't it? I mean, I think I could do a better job in IT than what happened there, even if not having IT school as such on CV.
https://arstechnica.co.uk/security/2017/05/what-is-wanna-decryptor-wcry-ransomware-nsa-eternalblue/
Comment has been collapsed.
Yeah, surely a fair point that e.g. a chef can hardly cook a menu when all he gets is one pot. Nevertheless, in terms of there being also some IT management which isn't as if
https://www.youtube.com/watch?v=iDbyYGrswtg
nor as if a lobby for some friends from IT school, but quite professional, knowledgeable, being able to set priorities and being able to formulate words and sentences at an overall management meeting - such as e.g. about the whole issue of up-to-date OS and affiliated software (all that at least on paper), then I am not saying that IT department/s surely were not doing anything but to flirt with nurses, but in 2 months apparently no patch while within the IT department are even way more delicate matters, such still seems weird to me. Of course, if perhaps e.g. on Wikileaks emails appear in which the IT guys in NHS were making quite clear that NHS is putting its system at risk with outdated OS etc., or that e.g. even request for server mirrors were denied (with which to make patches more easy without need to take the whole system down for some time even if just a few minutes), then such would make a case of that as you say the (top) management ought to take full responsibility for it. But if the IT guys in NHS were basically not really doing anything but to replace some hardware now and then and perhaps also something about software if e.g. patient database wasn't outsourced to some company providing software for it, and that for probably not that little salary (or at least in my view anything double or more the minimum wage is a lot since I never had that much), that is something I could easily handle too.
Comment has been collapsed.
So sadly true, about IT in general and security in particular: having a better computer does give some visible improvement over having a terrible one, so management can have a notion that upgrading is kind of important at some point. But having a better security doesn't give any visible improvement as long as a disaster doesn't happen, so management usually only "cares" about it too late...
Comment has been collapsed.
use this page to watch the current infection rate worldwide after you click connect.
Comment has been collapsed.
This link for WannaCrypt only. https://intel.malwaretech.com/WannaCrypt.html
Comment has been collapsed.
who the fuck does this shit
its quite possible ppl actually die from this wtf
Comment has been collapsed.
Sad to admit, but yes, there will be already major backlogs on medical treatments.
Comment has been collapsed.
"Analysis by the Royal College of Surgeons found that over the past year an average of 193,406 people a month did not get surgery within 18 weeks of being referred."
Like one extra night or perhaps also day for reinstalling stuff doesn't seem to make much a difference in that regard. Well, at least a professionally set up IT system and department shouldn't really take longer than that even if some some departments have specific software needed.
That isn't to say that the issue isn't nasty (regardless of whether it really was as if an attack on NHS net as some claim or rather an issue of persons within the intranet downloading whatever the found on the internet), and if they didn't have a back-up then it sure complicates matters even more. But to present it as if everything about particularly NHS was top-notch until as if some enemy decided to launch a full-scale offensive against it, such presentation would seem somewhat far-fetched.
Comment has been collapsed.
Hospital here also uses WinXP last i checked, i even seen them get BSOD's...
Comment has been collapsed.
I did some work in an NHS office last year that was still running XP on most computers because some of their patient services still relied on custom software that was written in the nineties and the IT department couldn't get to run on a newer version of Windows. The other two computers were still running on Windows 98. The office did its daily backups on an old Iomega Zip Drive and then put its 100 MB Zip Disk in the office safe. This was an office that organised home visits by nurses to vulnerable patients who required critical care like insulin injections.
Comment has been collapsed.
I live in Cambridge(UK, not Mass,US), and let me tell you how bad our Government's IT projects / IT abilities are. I know this is just one example but......
About 2-3 years ago, our NHS hospital here in Cambridge implemented a brand new, all singin' and all dancin' IT system. Gone were paper records, gone were paper prescriptions and blood test or X-Ray requests. Everything was done electronically, everyone with tablet computers all connected centrally so that as soon as a test result was available the doctor that had ordered it got it on his or her tablet or PC.
This was the future, maaaan!
Anyway, it just so happened that I had an appointment there the day - I have Crohn's Disease and Addenbrooke's Hospital is a world leader for trials, treatments, research and such for CD - they turned on this new system in anger for the first time.
I walked into the Gastroenterology clinic and there were, I swear this is true, doctors, nurses, admin staff stood looking shell-shocked at best and openly crying at worst in the corridors and behind desks; I thought there'd been some huge terrorist attack somewhere in the 45 minutes it had taken me to walk there, but no.....twas the wondrous new IT system.
Basically, they had chosen to switch from the old systems and methods(paper, telephone calls between departments and even pagers etc) to the new saviour of the NHS at 9am on a Monday morning. They had switched every person and every department, every function and every data repository over all at once. As an IT professional I was astounded at the stupidity and the arrogance of it....and I'm pretty arrogant.
The system was woefully inadequate. I had an appointment for around 10am or so....and I got to see my consultant at well past 3pm. I actually went HOME again as one of the nurses I know(I've spent a lot of time as an inpatient) said she would ring me at home so I could walk back AGAIN.
I sat in my consultant's office and after 15 minutes of trying to simply access my main patient record, he gave up and asked me to remind him of all the salient points he needed(latest test results, treatments etc), which he then proceeded to write on an A4 pad. He could not issue prescriptions, order blood tests; all he could do was have a chat with me - again, I know him well - and promise to call me at home "when things got sorted".
Needless to say, things did not easily "get sorted" and Addenbrooke's Hospital, a hospital thought to be truly world class in many areas, a hospital that is if memory serves the largest teaching hospital in Europe, was put into what our government calls "special measures". Basically that means it is wholly failing in some pretty dire ways, mostly caused by the £200m initial cost of the new systems and then the fallout from the huge mess it got them into and on top of that the huge cost to put the system right and catch up in every respect, medical and administrative.
So I am not in the least surprised that a large chunk of the NHS has been caught with its digital knickers around its ankles.....
Comment has been collapsed.
Seems like someone managed to find a kill switch, sadly that won't help with already hit computers...
Comment has been collapsed.
It's also temporary - it depended on a certain domain name being registered that the malware is hard-coded to check.
So for whoever's spreading this shit, it's a matter of changing one point in his code, recompiling and starting again.
Comment has been collapsed.
Yup, and we know there will be another run of it, unless people start to update.
Comment has been collapsed.
Thanks.
I found the patch for xp from this https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Comment has been collapsed.
engadget.com: Microsoft patches Windows XP to fight 'WannaCrypt' attacks
Or just go here and download the version you need for your OS.
Comment has been collapsed.
Thanks so much :)
I got the file, and already do some preventive action
Comment has been collapsed.
As a home user, I'm sort of worried for my files (docs, photos, videos, game projects...save games... you know) because of the cryptographer viruses for years now. Having important things backed up and latest updates for the OS is nice, but you know... it can always happen, even without your fault (like this "new" exploit that basically makes builtin antivirus to infect your system and spread the virus to the local network without you even opening an infected file).
That said, I'm really surprised at how many big companies use windows for important tasks. I can understand for UI terminals, but for servers, network infrastructure, and all the other things? I mean... ffs... who decided to use windows instead of *BSD in that field?
Comment has been collapsed.
This one was pretty nasty since all it needed was for the SMB service to be active, so you were vulnerable if you set up a local network on a not-up-to-date windows environment without a robust firewall policy. No intervention needed from the user, just having an old pc with XP reemployed as a NAS and open to the internet was probably enough to get cryptoed, at least this is what I understood.
Comment has been collapsed.
I can understand for UI terminals, but for servers, network infrastructure, and all the other things?
Most if not all of the infected machines were "user terminals" with Windows 7/8 or lower. The vulnerability was solved by Microsoft in march but before Windows 10 the monthly updates were generally disabled by sysadmins and they only patch the systems after testing each patch with every custom software they usually run in enterprise environments.
If you already installed march's update you are safe from this SMBv1 vulnerability in Windows.
Comment has been collapsed.
Probably because those patient records were stored in each workstation and they don't have a proper backup/sync policy. I suppose each case is different, it depends on each sysadmin's decisions. A good sysadmin would probably sync the local files from each Windows workstation with a linux server.
Comment has been collapsed.
The question is why big companies/organizations still use horribly outdated OS'es. Not just Windows.
Tthe first cryptoware targetting Linux was seen in the wild in 2015, proving people will go after anything if they feel the attack surface is large enough. Not to mention, Linux also had an issue (CVE-2016-5696) found last year that allows breaking into secured TCP connections and such. If you think you're safe because you use an Unix vairant, think again.
The exploit this recent cryptoware thing uses on Windows was patched by Microsoft just over 2 months ago already, on the Windows versions that are not considered past end-of-life. (That's Windows 7 & WIndows 10 for workstations, and WIndows 2008R2 and later.)
Basically, anyone getting hit by this is paying the price for using an OS that's more than a decade old, and is officially no longer supported - and neatly proves that doing so is a sesious risk.
Comment has been collapsed.
Sometimes companies...or hospitals... are using specialized 3rd party software that would have problems or stop working completely after an extensive upgrade... and there's no money in the budget to pay for "sanitation". That's why many biz/org users are still on the XP, sadly.
Comment has been collapsed.
I know why it happens. Some bean counter considering this an "acceptable risk" to not approve budget. And yes specialized software is expensive to maintain or migrate. Doesn't make me shake my head any less when the shit inevitably hits the fan again, and recovering costs even more (or is impossible.)
There's also companies that go out of business because they're too cheap to replace backup tapes on time (or to check if backups are actually made correctly). They think not allocating a few thousand dollars (on the high end) every 2-3 years is justified because a small but real chance losing a few months' worth of critical data is "an acceptable risk".
Comment has been collapsed.
Comment has been collapsed.
8 Comments - Last post 17 minutes ago by szacsoka
0 Comments - Created 32 minutes ago by pb1
16,403 Comments - Last post 33 minutes ago by MLD
47,139 Comments - Last post 38 minutes ago by kbronct
31 Comments - Last post 58 minutes ago by NoctuaVentus
20 Comments - Last post 1 hour ago by OneManArmyStar
1,952 Comments - Last post 2 hours ago by Ashtart
901 Comments - Last post 59 seconds ago by Lugum
50 Comments - Last post 1 minute ago by BHTrellis188
755 Comments - Last post 5 minutes ago by alexfirehouse
269 Comments - Last post 7 minutes ago by Dinoshu
39 Comments - Last post 47 minutes ago by ChrisKutcher
6,950 Comments - Last post 58 minutes ago by stabilo102
2,097 Comments - Last post 1 hour ago by Pebbletool
Comment has been collapsed.