Ransomware attack on the NHS

ardvark71 · 05-14-2017, 06:00 PM

Quote:

Originally Posted by hazel

PS: Vista may be insecure but does anyone actually use it?

Every day.

Regards...

blade7 · 05-14-2017, 06:15 PM

Microsoft did it. To force companies and organizations to move to windows 10. Microsoft would say, "I want to spy on the world"

Turbocapitalist · 05-14-2017, 11:17 PM

Quote:

Originally Posted by hazel

I was going to ask if that story was true. If it is,

Here's a proxied link to a statement the other day straight from the horse's mouth: The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack

Quote:

The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States. That theft was publicly reported earlier this year.

And an older link from a better source: Current wave of ransomware not written by ordinary criminals, but by the NSA

hazel · 05-15-2017, 01:02 AM

That is so like Microsoft! Blame everyone else but themselves! Yes, of course the NSA has behaved badly in this, but they could not have "stockpiled vulnerabilities" unless the vulnerabilities were there to begin with. And who put them there? Incompetent Windows software designers, that's who.

They say they already had a patch for this. Why didn't they make sure it was applied? We already know that Microsoft have ways of forcing updates, which they're happy to use to stuff new releases down people's throats, to make more money for themselves. Why don't they use them to make their existing software self-patching?

grumpyskeptic · 05-15-2017, 05:26 AM

Quote:

Originally Posted by 273

Only if they're in the extradition zones for the countries affected. Otherwise they'll get away with it or be hired by their government.

Since many countries have been affected, there must either be very few or no countries that do not extradite to any of them. Even if there was one, and the person or people had moved there, then they would one ordinary day be jostled by a small group of people and then wake up in a prison cell thousands of miles away.

I expect any countries that do not have any extradition treaties would be unpleasant places to live which you would try to leave if you possibly could.

cynwulf · 05-15-2017, 05:45 AM

Quote:

Originally Posted by SimonDevine

The trouble is that IT has become so ubiquitous and people don't realise how open Windows still is. It is a bit of a rude awakening, but it's my sincere hope that ordinary working people start to recognise that computing is much more than the on/off switch on the box.

I'm afraid it won't change a thing. This kind of thing has happened before and it will happen again - and it will happen on Linux embedded IoT and omnipresent Android devices as well.

The average person wants speed, performance and "easy", security is something someone else takes care of or an "app" they install and this knocks on to the "IT guy", security is something he pays a subscription for and installs and it takes care of itself... which in turn leads to the "security" firms; where security is usually about some *BSD or Linux powered hardware which someone else writes the software for. Who? They don't really know, but it "just works"... Eventually they are left with a device which is no longer supported, so they take the hit and go out and buy a new one (or maybe not).

The issue of people not updating/upgrading remains, it's not a windows specific problem - in fact it's getting worse and has the potential to be much worse than it ever was in windows.

moxieman99 · 05-15-2017, 10:10 AM

My question is very simple: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?

hazel · 05-15-2017, 10:53 AM

If you mean, how could the propagation of the worm be stopped? Presumably when the originators wanted to stop it, they would register the domain and then the phoning home would work. Only the "accidental hero" got there first.

moxieman99 · 05-15-2017, 11:02 AM

Quote:

Originally Posted by hazel

If you mean, how could the propagation of the worm be stopped? Presumably when the originators wanted to stop it, they would register the domain and then the phoning home would work. Only the "accidental hero" got there first.

No, I mean exactly what I said: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?

273 · 05-15-2017, 11:27 AM

Quote:

Originally Posted by moxieman99

No, I mean exactly what I said: How can a computer reach an unregistered domain name on the internet? If it's unregistered (the domain), how could relay servers know where to send your computer's signals?

Why would they need to? How does this relate to the matter at hand?

moxieman99 · 05-15-2017, 12:26 PM

Quote:

Originally Posted by 273

Why would they need to? How does this relate to the matter at hand?

The ransomware originally communicated with "an unregistered domain" and that was integral to the process of spreading itself. The domain name was registered, and that stopped the spread of the original malware version. My question is, how could the malware send a message to an internet domain that is unregistered in the first place?

273 · 05-15-2017, 12:34 PM

Quote:

Originally Posted by moxieman99

The ransomware originally communicated with "an unregistered domain" and that was integral to the process of spreading itself. The domain name was registered, and that stopped the spread of the original malware version. My question is, how could the malware send a message to an internet domain that is unregistered in the first place?

I think either hazel and myself are misunderstanding how this was stopped or you are. The reports are that once th domain was registered (in other words: could be connected to) the infection stopped.

jailbait · 05-15-2017, 12:46 PM

Quote:

Originally Posted by moxieman99

The ransomware originally communicated with "an unregistered domain" and that was integral to the process of spreading itself. The domain name was registered, and that stopped the spread of the original malware version. My question is, how could the malware send a message to an internet domain that is unregistered in the first place?

The ransomware tried to find an unregistered domain. If the attempt failed then the ransomware tried to spread to other machines. If the attempt to reach the domain in question succeeded that was the signal to the ransomware to not try to spread.

So to answer your question the ransomware did not communicate with an unregistered domain. The ransomware merely looked for the domain name in question.

------------------------
Steve Stites

ondoho · 05-15-2017, 02:14 PM

^ so the ransomware actually has an on/off switch? how considerate.

ondoho · 05-15-2017, 02:17 PM

Quote:

Originally Posted by Soadyheid

Is it just me or during times of cutbacks and austerity purges, it always appears to be the IT sections that are culled first?

in politics, it's always the social sector. child care, schools, health care, etc. they tend to not have lobbyists.

which this whole incident, indirectly, proves.