Ransomware Attack On 16 NHS Hospitals

Now spread to 74 Countries
Could the I.T. geeks on here explain to a layman WTF is going on?
 
Xiphos said:
Now spread to 74 Countries
Could the I.T. geeks on here explain to a layman WTF is going on?
Click to expand...

A virus has been let loose probably via the flash utorrent trojan which allows other stuff to be downloaded including this virus that searches your system and encrypts all common files and system critical files. The only way your getting the decryption key is by paying up. Utorrent is a very popular torrent client that has flash ads in the user interface, yesterday it had a very nasty virus embedded in one of those ads that will have infected many pc's. These infected systems can themselves be held to ransom or used in an attacking nature as a base for sending phishing emails, taking the pc owners email contacts and sending stuff to them pretending to be the pc owner etc.
 
Churchlawtonblue said:
From someone who drills holes for a living i have no idea what you are talking about but it sounds impressive.
Click to expand...
smb is a way to share drives/printers etc across networks, it often has vulnerabilities that are exploitable, and in this instance has been. It is the flash player of file sharing aka pretty insecure to anyone with a slight bit of determination.
 
TCIB said:
A virus has been let loose probably via the flash utorrent trojan which allows other stuff to be downloaded including this virus that searches your system and encrypts all common files and system critical files. The only way your getting the decryption key is by paying up. Utorrent is a very popular torrent client that has flash ads in the user interface, yesterday it had a very nasty virus embedded in one of those ads that will have infected many pc's. These infected systems can themselves be held to ransom or used in an attacking nature as a base for sending phishing emails, taking the pc owners email contacts and sending stuff to them pretending to be the pc owner etc.
Click to expand...
Sounds a bit more advanced than when I used to phish Habbo Hotel accounts as a fresh faced 14 year old.

Lol.
 
Blue Smarties said:
Sounds a bit more advanced than when I used to phish Habbo Hotel accounts as a fresh faced 14 year old.

Lol.
Click to expand...
I don't associate with underworld criminal scum like you :-D

Heads will indeed roll, a patch was put out on March 14th, for the NHS not to be patched is poor form, it is considered critical in IT terms i.e. should be kept bang up to date. That system must be a right old mess.
 
TCIB said:
I don't associate with underworld criminal scum like you :-D

Heads will indeed roll, a patch was put out on March 14th, for the NHS not to be patched is poor form, it is considered critical in IT terms i.e. should be kept bang up to date. That system must be a right old mess.
Click to expand...

Thats what i heard. Heads should roll if that is the case. Unforgiveable if this could have been prevented.
 
@BluePhil8 said:
Wish those responsible could face the death sentance.
Click to expand...
The chances are the people did not want it to spread so hard to such places, it will now have the FBI and many other well funded and capable agencies looking at it as we speak. Unless they have hidden the command and control server super super well they will get identified most likely. Thing is it could be some Russian gov hackers doing stuff on the side, then you will never find out, Russians will just say 'naughty, now back to work'.
 
I had an appointment at the hospital this morning and it went fine, got home to find Carlisle hospital had been hacked, lucky I had a 9am appointment.
 
TCIB said:
smb is a way to share drives/printers etc across networks, it often has vulnerabilities that are exploitable, and in this instance has been. It is the flash player of file sharing aka pretty insecure to anyone with a slight bit of determination.
Click to expand...

And why apple was/is right all along about flash software its to unpredictable and easily moulded corrupted or used as a carrier.
 
Whoever has done this are the scum of the earth. I hope they keel over & have to go to hospital, only to find that they can't be treated as they have fucked up all the NHS computers. Absolute fucking vermin messing with the NHS!
 
Just goes to show what happens when geeks and nerds find something that they are good at. Before the internet years they were mercilessly bullied for being swotty ginger virgins. Now they control the world.
 
TCIB said:
The chances are the people did not want it to spread so hard to such places, it will now have the FBI and many other well funded and capable agencies looking at it as we speak. Unless they have hidden the command and control server super super well they will get identified most likely. Thing is it could be some Russian gov hackers doing stuff on the side, then you will never find out, Russians will just say 'naughty, now back to work'.
Click to expand...

Yep, this is my thought on it too, there is no way they would have wanted to hit so many large places. They will get some serious heat from this.
 
grunge said:
Yep, this is my thought on it too, there is no way they would have wanted to hit so many large places. They will get some serious heat from this.
Click to expand...
My opinion is they got greedy with attack vectors and hit 2-3 vulnerabilities from a base of many slave (infected pc's) bots as a base to send spear phishing emails, very easy to do if you compromise generic basic windows systems, port scanning to send malicious packets etc etc. They went overkill on getting users infected and it is no mistake as it takes detailed scripting to focus on specific vulnerabilities/avenues of attack. The word 'greedy' comes to mind with no thought for the consequences.

The sad and funny thing is we can thank the NSA back room groups for this. On a semi side note they are the real power in the usa and have been for a while, the nsa = america, everyone bows to them, CIA included.
 
The email titles show us they are targetted at specific organisations. And apparently the attachments contain a genuine office zero-day (to get the SMB exploit going)

Unlikely to be kids or small timers.

I'm frazzled, good night.
 
bboy said:
The email titles show us they are targetted at specific organisations. And apparently the attachments contain a genuine office zero-day (to get the SMB exploit going)

Unlikely to be kids or small timers.

I'm frazzled, good night.
Click to expand...

Spear phishing it is then, ok they deserve pelters, unforgivable stuff that. Directly targeted the NHS is just bang out of order.
 
You must log in or register to reply here.
Unread Posts

Don't have an account? Register now and see fewer ads!

SIGN UP
Back
Top