Ransomware Attack On 16 NHS Hospitals

[bboy]

Just to clarify, I really am phrazzled, but just to clarify, what I've gathered*

Part 1: Emails given titles specific to large organisations, containing attachments containing an office Javascript zero-day.
Part 2: SMB exploit for propogation and faked authentication.
Part 3: WannaCry Encryptor.

Part 3 is off the shelf.


Part 2 is now public knowledge, but was patched by MS a few days before it was leaked. There are unpatched systems out there, and questions will be asked.

Part 1: If it wasn't a zero-day, it would be caught by local/organisational AV/security.


Conclusion:

Part 1 is the interesting bit. Zero-days are rare as hens teeth. Very, very expensive and potentially powerful. That, in combination with the apparently targetted nature of the emails.... unlikely to be regular groups.


*First guy I spoke to about this turned out to be an ex-Lulzsec Brit, LOL. He was sickened. Note I didn't hear about the Office Zero day from him, but he did say that Parts 2 and Three were being sold as a package, and showed me the tweet about the email titles.

 

[Damocles]

It's not going to be an Office 0day. There's not enough skill involved, it will just be your normal macros and auto generated titles built on top of the exploits that the NSA helpfully stashed away and didn't bother to inform about with a ransom client on top.

I'd be more concerned that this isn't a very sophisticated attack yet has brought major worldwide services to its knees.

Thanks NSA!

 

[TCIB]

NHS techs saying it was not aimed at them specifically but a generic vulnerability that got them so no spear phishing but just general port sniffing or something.

I wonder how many other vulnerabilities they made tools for all in all, it really looks bad on the NSA and rightly so.

 

[urban genie]

That fuckwit Amber Rudd (jeremy hint is MIA again) laying responsibility on local NHS and saying they should have updated systems, when a national system is running on outdated MS systems the whole network needs to be updated at national level, you couldn't have different systems in different areas it would be chaos if local trust had to update on a local not national timeframe.
Hunt cut funding on compute system investmemt a couple of years ago,

 

[inbetween]

It's not going to be an Office 0day. There's not enough skill involved, it will just be your normal macros and auto generated titles built on top of the exploits that the NSA helpfully stashed away and didn't bother to inform about with a ransom client on top.

I'd be more concerned that this isn't a very sophisticated attack yet has brought major worldwide services to its knees.

Thanks NSA!

Hang on, wasn't the NSA stuff illegally leaked?

If someone nicked a Eurofighter and bombed a city, I wouldn't blame BAE Systems for building it in the first place.

 

[Centurions]

Wish those responsible could face the death sentance.

Depending on which country they live in you could well get your wish, of course if it turns out to be a kid would you still wish this on them?

 

[Ifwecouldjust.......]

Email virus attachments disguised as genuine i heard. However this is a very real threat to peoples lives similar to a terrorist attack. It isnt just a bit of cyber crime. GCHQ and Mi6 should be hunting these people down and when found they should send in the troops and hit these barstards hard. Shouldnt take much to make an example of them.

...


Blamed on cuts on the BBC this morning.........Jeremy Hunt (sounds like) noticeable by his absence.......I'll bet half of those hacked haven't backed up their data

 

[inchy14]

...


Blamed on cuts on the BBC this morning.........Jeremy Hunt (sounds like) noticeable by his absence.......I'll bet half of those hacked haven't backed up their data

If staff haven't done the back ups surely they should be in serious shit? Not too difficult to do surely.

 

[Ifwecouldjust.......]

CSC used to do a lot of NHS support and had one contract to deliver a new patient record system. Cost billions for both the NHS and CSC and they delivered pretty much nothing. I think the bill for CSC from the government was around 1.5 billion.

Major shareholder in CSC is Blackrock ........who Gideon Osborne now works for 1 day a week for £675,000 a year......and Victory Capital Group who Theresa Mays husband works for ............Coinsidence?

 

[TCIB]

For xp machines, there is no patch sadly as it is simply unsupported now. The shocker is that the NHS still use it. I can't envision any legacy data that can't be pulled onto a more modern system if it sat on xp ok, i mean it could be but seriously that is just poor.

NHS bosses hand themselves fat pay rises whilst the digital infrastructure is screwed, they should be ashamed of themselves and all be sacked. Then sack the entire tech crew management and hire competent techs, get a dedicated team on to getting rid of old legacy systems 24/7. It is not rocket science! There is no way the NHS should be helpless against some attacks as the systems can't be patched. Scandal is a word used to often i find but this constitutes one i think. It just beggars belief such critical systems are held on xp at all. I am just surprised it took so long for someone to hit them this way.

I bet my bottom dollar the attackers had no idea such huge institutions and companies were vulnerable, it probably never crossed their mind. I bet they are shitting it now after thinking they would infect a few thousand home pc's and the odd company.