Systems Worldwide Crippled in Massive Ransomware Attack

[ArcadiaGP]

Systems Worldwide Crippled in Massive Ransomware Attack

Hospitals across England hit by large-scale cyber-attack

Looks like Microsoft has had a resolution in Windows Update for a couple months now

 

[T.Lex]

Been following this all day.

Probably a harbinger of things to come.

 

[nra4ever]

Pay up and learn the hard way. Linux!

 

[T.Lex]

Pay up and learn the hard way. Linux!

Welcome to 2017. KillDisk (and others) target Linux, too.

Now, obviously, their hit rate isn't as good as it is with Windoze, but it is still part of the risk matrix.

 

[Sylvain]

I had one of my computers blocked by one of those ransomware one time.
It asked for a Paypal payment (I don't remember how much) and locked the computer.
The same message appeared even after restarting the computer.
I guess this thing is more complex since I was able to delete the virus by restoring the system to an earlier date, and I'm no computer expert.

 

[snapping turtle]

Just remember to not click on links in email for the most part. Even from people you know.

Most phishing malware ware and ransoms ware are invited in to the system by the unknown it clicking on the unknown.

 

[dung]

I thought I had dodged the bullet with a system restore as well after mine was locked by the "fbi".

Some of my files ended up encrypted even though system restore appeared to work. Luckily I have multiple backups and just did an full restore.

 

[Hoosierkav]

The phishers are getting better and better, savvier and savvier, hitting regular folks and the IT-smart ones as well. They're beyond spoofing Amazon and Fed-Ex emails--they're doing Dropbox and other cloud storage spoofs--brilliantly done.

 

[T.Lex]

Saw one recently that was spearphishing to a guy who had a certain role in the organization. The email he got was the "top" of an extensive email chain that appeared to be someone referring the sender to this specific guy. Reading the email chain, it looked like the reference was trying for months to get the sender to contact the recipient about his role.

Just a few small things were enough to make the recipient suspicious. Otherwise, it was very clever.

And I almost got caught by the recent googledocs one. Came from someone I knew and was expecting information from. Wasn't expecting it in a gdocs though, so just decided to wait to talk to him about why he wanted to send it to me that way. By the time I got around to calling him, I'd seen the alert about the scam. Pretty wild.

 

[Spear Dane]

MS had a fix for this months ago. Every company that was hit by this has been outed as glaringly negligent in the IT dept.
One day it will be the grid. Or the FAA. Then we are going to have REAL problems.

 

[Jludo]

I think we're missing the bigger picture. The hackers used exploits/tools stolen from the NSA. This puts into perspective the encryption debate, any backdoor built into a product is absolutely at risk of being stolen/discovered and exploited by bad guys, even if 'only the govt' has the key.

Microsoft, which regularly credits researchers who discover holes in its products, curiously would not say who had tipped the company off to the issue. Many suspected that the United States government itself had told Microsoft, after the N.S.A. realized that its hacking method exploiting the vulnerability had been stolen.
Privacy activists said if that were the case, the government would be to blame for the fact that so many companies were left vulnerable to Friday’s attacks. It takes time for companies to roll out systemwide patches, and by notifying Microsoft of the hole only after the N.S.A.’s hacking tool was stolen, activists say the government would have left many hospitals, businesses and governments susceptible.

https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html?_r=0

 

[Phase2]

I think we're missing the bigger picture. The hackers used exploits/tools stolen from the NSA and then distributed by hackers.

Fixed for fairness. This worm is based on the EternalBlue exploit that Shadow Brokers distributed in April.

NSA-leaking Shadow Brokers just dumped its most damaging release yet

 

[BugI02]

MS had a fix for this months ago. Every company that was hit by this has been outed as glaringly negligent in the IT dept.
One day it will be the grid. Or the FAA. Then we are going to have REAL problems.

Agreed crashing the grid will suck. FAA (I think you mean ATC) may be more manageable. ADS-B (complicated, google it if you're not already familiar with it) will allow aircraft to react to aircraft in their immediate vicinity and stay safe without needing input from the ARTCC and most voice communication is still analog so no processing needed. It would be slow but aircraft could be gotten to ground safely, using tried and true procedures still used where radar coverage is poor or non-existent. The greatest danger would come during the confusion during the first few minutes of the attack

 

[T.Lex]

MS had a fix for this months ago. Every company that was hit by this has been outed as glaringly negligent in the IT dept.

It looks like it keyed on Windows XP and some legacy OS vulns. So, yes, using (basically) obsolete OS is a problem, but it is a top-down decision. The corporate leaders make the decision if/when to jump to a new OS and the costs associated with it.

Now, if using a modern OS and got hit with this, I'd tend to agree.

 

[ArcadiaGP]

Windows actually issued a patch for Windows XP a few days ago regarding this exploit.

 

[T.Lex]

Windows actually issued a patch for Windows XP a few days ago regarding this exploit.

Yes - after it hit.

The patch for the newer OSs came out in March, I believe.

 

[Jludo]

I'm surprised England doesn't have something similar to HIPAA. I know if you are a decent sized healthcare company in the US and you were using outdated systems you'd be paying some hefty fines for it by now.

 

[T.Lex]

I'm surprised England doesn't have something similar to HIPAA. I know if you are a decent sized healthcare company in the US and you were using outdated systems you'd be paying some hefty fines for it by now.

Their health care is basically an extension of the federal government.

Not sure how many federal agencies are using Windows XP, but I suspect it is non-zero.

 

[hoosierdoc]

I'm surprised England doesn't have something similar to HIPAA. I know if you are a decent sized healthcare company in the US and you were using outdated systems you'd be paying some hefty fines for it by now.

meh, government isn't going to fine itself

 

[jkaetz]

For the non-it folk, the systems themselves weren't damaged or modified, the data files (pictures, documents, videos, etc...) were all encrypted and then a ransom demanded to decrypt them. Unlike the movies the encryption cannot be broken within a reasonable time frame so the data is effectively lost unless you have backups or pay the ransom. This can easily happen to home systems too so anyone with a windows computer should make sure they've installed the update for this vulnerability. Due to its nature it will be around for years to come. This attack was very obvious and only after $$, it very easily could be modified to be much more covert and much more damaging since the exploit allows 100% control over the impacted system.

The update is available here for all current systems. XP holdouts can get the update here.