NHS England hit by 'cyber attack'

http://www.bbc.co.uk/news/health-39899646

 

Yeah, clubhouse1, this is very creepy, you know why? Just yesterday, there was an article here about an NYU breach involving military secrets and here was a reply:

"Time to step back into a prehistoric era: put stuff on paper, make old fashioned Xerox copies, vacuum seal them and bury them somewhere a mile underground, with security mechanisms that include rings of toxic waste and a three-headed dog. Simple is best."

https://www.wilderssecurity.com/thr...g-computer-project-to-entire-internet.393938/

 

See here: https://www.wilderssecurity.com/thr...ters-amid-massive-ransomware-outbreak.393952/

 

Considering that most of the NHS and most banks in the UK are still using unsupported XP systems this was a disaster waiting to happen.

http://www.theinquirer.net/inquirer...-trusts-are-still-running-windows-xp-machines

 

Attacks in several countries,

Ransomware infections reported worldwide.

 

"Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool

An extensive cyberattack struck computers across a wide swath of Europe and Asia on Friday, and strained the public health system in Britain, where doctors were blocked from patient files and emergency rooms were forced to divert patients.

The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency.

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen N.S.A. hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems..."

https://www.nytimes.com/2017/05/12/...n-region&region=top-news&WT.nav=top-news&_r=0

 

Yes, it is the SMB vulnerability being exploited as I noted in the other thread on the ransomware.

Really no excuse for this since a patch was available 2 months ago. And if commercial concerns are running XP, they deserve to get nailed.

 

Concerning the NHS I think the first priority is getting systems up and running again then there will undoutably (sic)follow a full enquiry.

 

This thing is HUGE !

"Hack hits computers worldwide, exploiting a vulnerability identified in leaked NSA documents

Malicious software that blocks access to computers is spreading swiftly across the world, snarling critical systems in hospitals, telecommunications, corporate offices and beyond, apparently with the help of a vulnerability discovered by the National Security Agency, cybersecurity experts say..."

https://www.washingtonpost.com/worl..._rhp-banner-main_britain-240pm:homepage/story

 

Just flashing on the concept of someone's dying because of massive computer breakdown, and the "key" is the demand for X number of bitcoins. It's just insane. But the dependence on Internet/computer devices is profound, literally can't do without it, right?

https://arstechnica.com/information-technology/2017/05/nhs-ransomware-cyber-attack/

 

Latest on this here: https://www.bleepingcomputer.com/ne...oit-leaked-by-shadow-brokers-is-on-a-rampage/

 

wcrypt Tracking Map:

https://intel.malwaretech.com/botnet/wcrypt

Also try clicking on "Live Map." wcrypt attacks are in green.

Live Map is perversley mesmerizing -- botnet porn.

 

The only people who deserve to get nailed are the scum who are profiting from this malware, nailed literally to the floor.

 

FedEx got hit.

"...In a statement to NBC News, FedEx said that 'like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.'

The Memphis, Tennessee-based global delivery company did not immediately say whether a ransom was demanded for return of their computers' functions..."

http://www.nbcnews.com/news/world/n...lish-hospitals-hackers-demand-bitcoin-n758516

https://www.washingtonpost.com/news/worldviews/wp/2017/05/12/what-you-need-to-know-about-the-massive-hack-that-hit-britain-and-11-other-countries/?hpid=hp_rhp-top-table-main_wv-hack-446pm:homepage/story

 

Kaspersky are saying so far 74 countries have been hit.


https://securelist.com/blog/inciden...sed-in-widespread-attacks-all-over-the-world/

 

Notice the only place in Africa to get hit so far is South Africa? Whomever is behind this is targeting countries where there is a high likelihood that payment will be made.

 

Blog from security company Fox-IT about it:
https://blog.fox-it.com/2017/05/12/...-large-amounts-of-computers-around-the-world/

 

Does anybody know whether there are already decryptors available?

 

According to the Kaspersky article above, as of 5:30 pm EST, no. I see the attack was enabled by having unpatched SMB servers, OK, no wonder. The payment deadline is three days, the articles say. I'd like to think Fabian Wosar/Emsisoft is working on it, right?

Edit: Ah, I see hamlet has provided the answer. What a disaster, and many won't pay for various reasons.

Re-edit: Files will be lost in one week's time, says the ransom messages.

 

The ransomware experts at Emsisoft seem skeptical about a decryptor being possible.

http://blog.emsisoft.com/2017/05/12/wcry-ransomware-outbreak/

from the post - "Unfortunately, after evaluating the way WCry performs its encryption, there is no way to restore encrypted files without access to the private key generated by the ransomware. So it’s not likely a free WCry ransomware decrypter will be available for victims."

 

Thanks hamlet !!
Very unfortunate news that it is not likely that there will be a free decryptor!! My first thought, when I heard about this big outbreak, was: let's hope that there will come soon a decryptor (and that it will be available via the site of the NoMoreRansom project). Alas, that looks now very unlikely.

Another thing in the Emsisoft blog caught my attention:

It is that "early February 2017". Early February 2017? Were security companies not able to make definitions (and other measures) to prevent that systems got infected?

 

"Animated Map of How Tens of Thousands of Computers Were Infected With Ransomware..."

https://www.nytimes.com/interactive...n-region&region=top-news&WT.nav=top-news&_r=0

 

Our wonderful NSA................. creating nasty malware to use on the bad guys, but then being too inept to secure their own servers!