British NHS network is under cyber attack.
http://bgr.com/2017/05/12/nhs-hack-r...e-cyberattack/
British NHS network is under cyber attack.
http://bgr.com/2017/05/12/nhs-hack-r...e-cyberattack/
Scary shit. Reports are it came in as a typical Word macro ransomware, and is spreading via unpatched MS17-10.
We just got an email at work that there is a very active and aggressive ransomware attack being spread world wide. I hate this BS, it's freaky stuff.
It is still active. It is not just UK it is wide spread than UK.
It's May, if they didn't patch MS17-10 by this point, their IT head need to be fired.Originally posted by The_Penguin
Scary shit. Reports are it came in as a typical Word macro ransomware, and is spreading via unpatched MS17-10.
The idiots though the NHS has money...? LOLZ.
Kinda reminds me of this scene.
Thats like going to your local out of work bro dog and asking for some cash..
Had a local EPC engineer send me a request to review some files. Sounds like there is somethings floating around locally as well.Originally posted by The_Penguin
Scary shit. Reports are it came in as a typical Word macro ransomware, and is spreading via unpatched MS17-10.
Damn US hackers. You can tell its a US hacker for sure by the damage done to Britain and the Russians.
That, and its always about money.
Add: Bitcoin only payment. Very colonial. I mean, when you take over a tropical island by economic force, the first thing you do is require that they pay in something like US dollars over which they have no control over, where they may have been using shells or lumps of metal for centuries.
http://uk.reuters.com/article/uk-bri...-idUKKBN1882NV
Stolen from NSA server. Seems to be a legitimate backdoor given to the USA.
Last edited by ZenOps; 05-13-2017 at 06:39 AM.
Cocoa $11,000 per tonne.
Time zone effect, the working day started over there first.Originally posted by ZenOps
Damn US hackers. You can tell its a US hacker for sure by the damage done to Britain and the Russians.
EDIT: Actually, was wrong this one started around 11am EST.
https://www.nytimes.com/interactive/...-map.html?_r=0
I guess Europe and Russia doesn't like to patch their Windows
Last edited by Xtrema; 05-13-2017 at 06:42 AM.
Still, whose fault is it.
US builds a nuke, and then guards it with a pet poodle and a rusty padlock. Teenager from the US gets bored of going to the mall and steals said nuke, then demands that everyone pay him money or more people will start dying in hospitals.
Cocoa $11,000 per tonne.
Let it go, Z. Why are you so insistent that it might be the USA's fault in some way?
I am amused though that it appears that this could've easily been avoided.
Last edited by speedog; 05-13-2017 at 07:02 AM.
Will fuck off, again.
It is USA's fault because NSA did not disclose this bug to keep the backdoor open. Then hired a contractor who was not careful with the tools.Originally posted by speedog
Let it go, Z. Why are you so insistent that it might be the USA's fault in some way?
I am amused though that it appears that this could've easily been avoided.
This could be avoided if everyone sticks reasonably close to MS's patching schedule which has been around for more than a decade now. When this surfaced, MS actually postpone the patching cycle in Feb to get MS17-10 in quick. This is serious enough that MS actually skip a patching release 1st time ever since the program started.
So to not have MS17-10 patched by May, especially on user workstation is pretty weak from IT security perspective.
Its bad enough when one country gets a backdoor, its even worse when they lose it to a rogue hacker.
Imagine if China got a backdoor into Microsoft Windows for legitimate, above board for use at any time. And then they *accidentally* lost the code to North Korea.
North Koreans then encrypt all medical files of all US hospitals, and banking information for ransom of 20 bitcoins each. The beauty of encryption is that the data is not blatantly destroyed or altered, its just encrypted. Have a million dollars in a bank? Prove it.
Its foolish to trust the NSA any more than the former KGB, or North Korea.
Last edited by ZenOps; 05-13-2017 at 09:06 AM.
Cocoa $11,000 per tonne.
There are many reasons companies don't update when patches are released and that's the same reason many companies are still using old operating systems. Some applications are legacy and don't support newer versions of windows or some developers need time to ensure that patches won't break their applications as with the case with the recent creators update
Sig nuked by mod.
While this is true, it doesn't necessarily hold true for security updates...Originally posted by adam c
There are many reasons companies don't update when patches are released and that's the same reason many companies are still using old operating systems. Some applications are legacy and don't support newer versions of windows or some developers need time to ensure that patches won't break their applications as with the case with the recent creators update
.NET updates may be held off (but not .NET security updates, those are usually always applied). Feature packs, added functionality, etc... can and usually are held off for testing (won't effect security). Security updates are usually always separate, and should always be done ASAP.
It's definitely work to balance, but it's do-able (part of everyday I.T.).
Generic windows security updates should always be applied (usually don't break things).
If the company is large enough, they should have dedicated people testing deployment with applications before approving updates for deployment.
Problem is, companies are cheap AF when it comes to IT... I can't tell you how many times I've gone on a sales call to a decent sized business that stores customer personal data, only to find out they haven't patched in 3 years, and have active infections on their server. Management doesn't usually care as the systems are still working (I get told, well if it's not broke, don't fix it).
You tell them how serious it is, with violations of the privacy act by not taking care of it. They lie and say they found someone cheaper to do it (always find out later they ended up doing nothing), lol.
Sig was pwned by Moderator!
Bingo. That why nobody learns until people who make these dumb decisions is removed.Originally posted by Zhariak
Problem is, companies are cheap AF when it comes to IT... I can't tell you how many times I've gone on a sales call to a decent sized business that stores customer personal data, only to find out they haven't patched in 3 years, and have active infections on their server. Management doesn't usually care as the systems are still working (I get told, well if it's not broke, don't fix it).
You tell them how serious it is, with violations of the privacy act by not taking care of it. They lie and say they found someone cheaper to do it (always find out later they ended up doing nothing), lol.
That's not an excuse any more in 2017. If it's business critical and you can't update it, one should start looking at restricting access and firewall it off.Originally posted by adam c
There are many reasons companies don't update when patches are released and that's the same reason many companies are still using old operating systems. Some applications are legacy and don't support newer versions of windows or some developers need time to ensure that patches won't break their applications as with the case with the recent creators update
But going back to Zhariak's observation about business being cheap AF when it comes to security, that's why these shit spreads.
I'm glad WannaCry happened. It's been almost a decade since for a major outbreak and CIOs and IT Managers are getting lax on paying attention.
Last edited by Xtrema; 05-13-2017 at 10:02 AM.
I'm not saying it's an excuse it's just how it is, I'm pretty sure you work in IT as do I. We have clients who refuse to deploy updates because someone might leave work open in their computer and don't want to risk losing it but if this were to hit them it would be the fault of IT regardless of who said not to deploy updates
One client in particular... we asked them what would happen in the event of a power outage, they would lose their work.. their response was to buy desktop ups devices for their workstation and still refused regaular patching
Last edited by adam c; 05-13-2017 at 09:57 AM.
Sig nuked by mod.
For clients like that, I will have all the email/decision saved. The minute shit like WannaCry hit, will send it back to them or their bosses and along with a quote of clean up bill.Originally posted by adam c
One client in particular... we asked them what would happen in the event of a power outage, they would lose their work.. their response was to buy desktop ups devices for their workstation and still refused regaular patching
One client I know has been hit with Ransomware on 2 separate occasions the past 4 years, both times I was able to save their business from backups - yet they refuse to have me check the backups (and their file server) on a regular basis - eg. every 2-3 months 1 hour remote check. Its not even a real Windows Server, just a desktop OS/box with Enterprise drives inside.
It was sheer luck that their systems were running when the latest attack occurred as I happened to be on a service call and noticed their file server needed some work, about a month prior (their backup drive stopped working).
Pure cheap-assery - yet at the same time I know arrogant IT guys who love to make work, talk down to clients and thus create jaded customers who despise IT.
Last edited by revelations; 05-13-2017 at 10:17 AM.
Oh btw, here is a prevention tool im sure many of you have heard of ..... but just in case you havent:
https://ransomfree.cybereason.com/
Essentially it monitors for massive file and folder attrib changes system wide. Windows 10 came out with something similar but this would be of benefit to older systems.