Nasties update.

It pays to read slashdot. It also pays to run an updated operating system.

It really pays to not touch the poop. I get at least a dozen suspicious emails at work. The university IT department, appropriately, consider microsoft word as a vector for malware. But even pdf attachments are suspect.

msm1267 quotes a report from Threatpost:
A ransomware attack running rampant through Europe today is spreading via an exploit leaked in the most recent Shadow Brokers dump. Researchers said the attackers behind today’s outbreak of WannaCry ransomware are using EternalBlue, an exploit made public by the mysterious group in possession of offensive hacking tools allegedly developed by the NSA. Most of the attacks are concentrated in Russia, but machines in 74 countries have been infected; researchers at Kaspersky Lab said they’ve recorded more than 45,000 infections so far on their sensors, and expect that number to climb. Sixteen National Health Service (NHS) organizations in the U.K., several large telecommunications companies and utilities in Spain, and other business throughout Europe have been infected. Critical services are being interrupted at hospitals across England, and in other locations, businesses are shutting down IT systems.
An anonymous Slashdot reader adds:
Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers. The ransomware’s name is Wana Decrypt0r, but is also referenced online under various names, such as WannaCry, WannaCrypt0r, WannaCrypt, or WCry. The ransomware is using the ETERNALBLUE exploit, which uses a vulnerability in the SMBv1 protocol to infect vulnerable computers left exposed online. Microsoft issued a patch for this vulnerability last March, but there are already 36,000 Wana Decrypt0r victims all over the globe, due to the fact they failed to install it. Until now, the ransomware has laid waste to many Spanish companies, healthcare organizations in the UK, Chinese universities, and Russian government agencies. According to security researchers, the scale of this ransomware outbreak is massive and never-before-seen.

It really helps if the systems that are needed are robust. Unfortunately, they are not: and this is one reason that most doctors still like pen and paper. It cannot be hacked.

UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks.

Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, aka WanaCrypt aka Wcry, nasty. Users are told to cough up $300 in Bitcoin to restore their documents.

Doctors have been reduced to using pen and paper, and closing A&E to non-critical patients, amid the tech blackout. Ambulances have been redirected to other hospitals, and operations canceled.

It is understood WannaCrypt, which is raiding companies and organizations across the planet today, is being spread by a worm that exploits unpatched vulnerabilities in Windows machines – particularly MS17-010, an SMB bug attacked by the leaked NSA tool, EternalBlue. The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system.

Whoever left the NHS running a legacy (and no longer supported) operating system is leaving systems vulnerable. This means that malware, particularly malware that has been stolen from various sigint groups, will affect critical structures. Such as prescribing systems, or imaging systems, or labs.

If you are using legacy hardware, switch to a lightweight linux. If you are using modern hardware, have a modern OS and robust support contracts.

Or switch back to using paper. It is harder to hack.

One thought on “Nasties update.

  1. Thank you, I will pass this along. A lot of users are employing legacy software. In 2007, the US Navy was using Windows ’95. I think it is well past time to take my Vista machines to Linux. Then, I am still worried about being a carrier for viruses.

Leave a Reply