Cyber attack in UK, US, China, Russia, Spain, Italy, and others

Page 1 of 3 123 LastLast

  1. Posts : 3,081
    W10 Pro + W10 Preview

    Cyber attack in UK, US, China, Russia, Spain, Italy, and others

    The NHS has been under attack in UK..
    Attached Thumbnails Attached Thumbnails Cyber attack in UK, US, China, Russia, Spain, Italy, and others-nhs.jpg  
      My Computers

  2. Posts : 35,411
    Win 10 Pro (21H2) (2nd PC is 21H2)

    Great- so they put people's lives at risk for money. And don't they know the NHS already doesn't have enough money and has patients parked on trolleys in corridors at times as A&E is inundated with greater and greater demands as over-stressed staff try to cope with trying to find a bed?

    NHS hit by ransomware attack, hospitals across country shutting down • The Register
      My Computers

  3. Posts : 3,081
    W10 Pro + W10 Preview
    Thread Starter

    Something like this was always likely to happen.....the system used by the NHS is running on outdated XP software, although supposedly supported security wise for a fee by M$.

    These scum.....words....difficult to describe how depraved they must be.
      My Computers

  4. Posts : 35,411
    Win 10 Pro (21H2) (2nd PC is 21H2)

    Update: BBC is reporting that similar attacks are being reported in the UK, US, China, Russia, Spain, Italy, Vietnam, Taiwan today.

    New Ransomware 'Jaff' Spotted; Malware Groups Pushing 5M Emails Per Hour To Circulate It - Slashdot
    - and here's news of a new email.

    Can you craft a security system to reliably stop such a thing?

    True- apparently- but that's not the reason this happened.
    The thought is that some smaller organisation was attacked, and this has propagated to the NHS.
    Some other firms have also been affected (and Telefonica in Spain, by a different version of the virus)

    1. A mix of systems has been affected from GP practices to hospital systems - running on a range of equipment
    2. Apparently the tactic is normally not to seek large ransoms from large organisations- it's hard and more traceable to move large sums. (However Bitcoin is comparatively untraceable of course).
    3. It is not yet known how the attack is propagating. The thought is it might have been aimed at a smaller organisation, and some document/email etc found its way in to the NHS.
    4. Some trusts are affected, others not. It started in England, and later on affected some parts of Scotland.

    In a GP surgery- imagine, seeing patients with
    - no access to records
    - no medical history
    - no way to book appointments
    - no way to record treatment or medication issued except on paper

    They plan to ask patients to bring in their medication if any so they can see what they are taking

    Then there's all the appointments cancelled- that have to be rebooked- in hospitals throughout the country.

    The NHS has been hit by smaller attacks before- but limited parts only.

    How does this happen?
    In a large interconnected organisation with a multitude of systems, there is no one security system.
    An individual's actions in how they behave with respect to suspicious documents is key

    It can be extremely difficult and expensive, and time consuming, to rewrite and test custom systems running on old OS's.

    Nightmare. And the IT cost of recovering systems... the disruption to staff, patients, appointments, treatment... will continue for weeks I guess- months in respect of delayed treatment.

    So now they have the resources of the UK to contend with - not just one small firm.

    However, my experience is Scammers 99, Victims 1.
    Last edited by dalchina; 12 May 2017 at 13:38.
      My Computers

  5. Posts : 11,203
    Windows / Linux : Arch Linux

    Hi there

    currently around 74 countries at the moment. Probably the biggest victim is the British NHS system -- well if they use cheap off shoring companies, rely on low paid staff from 3rd world countries --in spite of how hard working and dedicated they usually are and STILL RUN XP on most of the client computers -- well they've only themselves to blame.

    Without getting too political --I once visited one of these hospitals --Organised Chaos was perhaps a polite way of explaining how they worked -- might be a system the British want --it's up to them --but quite frankly I'd rather pay slightly higher taxes / insurance and go for better qualified staff and higher grade equipment -- YMMV though as there are all sorts of health systems around the planet --some work and others don't. It's up to the electorate in the relevant countries to decide what to do here though.

      My Computer

  6. Posts : 6,963
    windows 10

    A statment issued is that no patient records have been effected one would assume they are in a sql type data base
      My Computer

  7. Posts : 1,983
    Windows 10 x86 14383 Insider Pro and Core 10240

    Patient records are stored in EMIS and SystmOne from TPP with proprietary front ends. The main NHS system linking together GP and Patients for financial and geographic purposes is called EXETER, and accessed via SQL server and Access front ends. If ever the police got access to this data they could probably solve a lot of historical crime, since it covers all registered patients' movements, domestic associations and addresses, since 1944.

    Not SQL server, or any relational database format, but MUMPS (M) based systems, which basically store a hell of a lot of unstructured and redundant data in a rapidly accessible, text-based, tree-based format - because Medics have always wanted to store everything (I mean everything!) in their own idiosyncratic way - and do not understand the benefits of storing data once and joining it together using keys and indices, accessed via queries and views.

    Backups are generally well maintained is places I have worked in. The NHS blame culture will see IT staff sacked, and not the mavericks that opened the door to this exploit - certain users who think that they know best and don't respond to training or instructions and open cracks in the systems wherever they can.
    Last edited by Fafhrd; 13 May 2017 at 00:24.
      My Computers

  8. Posts : 35,411
    Win 10 Pro (21H2) (2nd PC is 21H2)

    @Fafhrd - In that context, how useful would have been

    a. a white listing program (only 'approved' programs are allowed to be run- suitable for systems such as the NHS runs day to day that always run the same programs

    b. Cryptoprevent
    CryptoPrevent Malware Prevention Foolish IT

    c. RansomFree by Cybereason
    Ransomware Protection - RansomFree by Cybereason

    (I have these last two installed)
      My Computers

  9. Posts : 11,203
    Windows / Linux : Arch Linux

    Hi there.
    @dalchina - a lot of that stuff won't run on the outdated front end XP workstation systems the NHS uses. !!!!

    End users need to get data wherever it's stored and then update the DB again -- if the update is corrupt how will the system know -- The various Data Protection Acts will ensure that the update is handled without any "3rd party inspection" and so long as it comes from an authorised user that's the only check. If the data happens to be already scrambled by malware on the users workstation before the data is transmitted to the DB then -- Bang there goes the data base --doesn't matter how "Secure" the backend Servers are !!!!

    Anybody with computer science 101 could do this type of abhorrent activity --- that's always a risk and fundamental weakness in Client / Server type systems.

    Hopefully they all have ENOUGH BACKUP - and BACKUP that's OFFLINE / away from the infected (or even "infectable" - as it's still an ongoing problem) servers.

    This type of stuff shows that for essentially "Mission Critical" applications you HAVE TO SPEND MONEY -- It is utterly inconceivable to me that a country (UK) with the 5th / 6th largest economy on the planet would be running something as important as a Health system "On the Cheap" using outdated I.T and an OS (XP I gather on a lot of primary / front end Work stations) which was obsolete YEARS ago - especially as Ms gave more than adequate warning .

    I wonder how many of the overpaid CEO's / managers of these places will be FIRED (Sacked I believe in UK English) even though THESE were the people who authorised putting these systems in place. I'll bet it will be some locally based I.T staff and contractors - much lower down the food chain who will have to bear the brunt -- and as a lot of this stuff is off shored - I wonder if ANY of those companies will actually LOSE THEIR CONTRACTS.

    Wait for "The Blame Game" to start any time soon -- First instalment should be far more interesting than any weekend TV program --but we shouldn't forget the many patients who will be inconvenienced seriously by this type of activity - maybe for weeks.

    As far as the British NHS is concerned - I believe it has the Largest number of people employed in an organisation on the planet (Over 1 Million I think) with possibly the exception of the Indian Railways and the Chinese People's Liberation Army (or whatever it's called now). A lot of these people are employed at the lower end of the scale - so it's 100% impossible to be totally secure -- one person slotting in a USB stick to an innocent workstation could cause havoc - or even a Doctor opening up an innocent looking email.

    If ever there was a case for NOT USING A CENTRALIZED I.T SYSTEM this was it. - Actually in this case the CLOUD probably would have been a better bet - although hideously more expensive to organise and it's probably far too late to start from scratch again.

    Last edited by jimbo45; 13 May 2017 at 01:44.
      My Computer

  10. Posts : 35,411
    Win 10 Pro (21H2) (2nd PC is 21H2)

    Sadly the UK government has a terrible track record on failed IT projects. It spends over £10bn a year on IT - I think I heard £16bn mentioned on the radio. So they tried-- at least for some part of the extensive NHS systems- but failed.

    There WAS a major attempt to overhaul part of the NHS's IT- but it failed after a massive overspend.

    2011 NHS Connecting for Health Electronic care records United Kingdom Central government Beset by delays and ballooning costs, and the software part of it was never finished. The government was also criticised for not demonstrating value for money. Although the contracts were drafted to ensure that the contractors would be forced to bear a significant portion of the cost of the project going wrong if it did go wrong, in reality this did not always happen. The NPfIT was described by Members of Parliament as one of the "worst and most expensive contracting fiascos" ever.[3] £12bn (£2.3bn) Outsourced Discontinued, but some parts continued
    List of failed and overbudget custom software projects - Wikipedia
      My Computers


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:54.
Find Us

Windows 10 Forums