I saw that By the way El Loro .....I had one of those scam phone HMRC calls today ....the recorded message one ....guess what ...they are going to sue me 

Appears to be a major ransomware attack saying that NHS files will be deleted within 3 days if the ransom isn't paid.

It's not thought at present that patients' data is being hacked.

Baz posted:

I saw that By the way El Loro .....I had one of those scam phone HMRC calls today ....the recorded message one ....guess what ...they are going to sue me 

Yes, that's definitely a scam

El Loro posted:

Baz posted:

I saw that By the way El Loro .....I had one of those scam phone HMRC calls today ....the recorded message one ....guess what ...they are going to sue me 

Yes, that's definitely a scam

Yes ....I checked it out on web......and apparently this particular recoded message one  is targeting  older people  ....to which my 74 year old husband quipped ..* well that lets me out * 

A massive ransomware campaign appears to have attacked a number of organisations across Europe.

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by parties claiming to be affected.

There have been reports of infections in the UK, Spain, Italy, Portugal, Russia and Ukraine.

It is not yet clear whether the attacks are all connected.

One cyber-security researcher tweeted that he had detected 36,000 instances of the ransomware, called WannaCry and variants of that name.

"This is huge," he said.

The UK's National Health Service (NHS) was also hit by a ransomware attack and screenshots of the WannaCry program were shared by NHS staff.

It is not yet clear if the attacks are connected.

A number of Spanish firms were among the apparent victims elsewhere in Europe.

Telecoms giant Telefonica said in a statement that it was aware of a "cybersecurity incident" but that clients and services had not been affected.

Power firm Iberdrola and utility provider Gas Natural were also reported to have suffered from the outbreak.

There were reports that staff at the firms were told to turn off their computers.

Baz posted:

El Loro posted:

Baz posted:

I saw that By the way El Loro .....I had one of those scam phone HMRC calls today ....the recorded message one ....guess what ...they are going to sue me 

Yes, that's definitely a scam

Yes ....I checked it out on web......and apparently this particular recoded message one  is targeting  older people  ....to which my 74 year old husband quipped ..* well that lets me out * 

 Flipping hell, what utter dirtbags they are Baz

Lucky you were cool calm and collected about it... and you and your hubby could even joke about it afterwards 

So paying the ransom is the only realistic option in such a situation?

Cold Sweat posted:

So paying the ransom is the only realistic option in such a situation?

In our experience - NO. They either don't release the files or knowing you will pay they ask for more cash.

I have had personal experience of this, in fact we have just set up cyber-crime unit to tackle this specific threat.

My friend works at a doctors here in Notts, they had to shut everything down.

Reporting Scotland have just said that 6 Scottish Health Boards (NHS Lanarkshire being one of them) have reported that they have experienced some knock-on effects from the English NHS attacks.

Our office had some problems, but as they were much the same as what we often experience, we didn't do much more than shrug our shoulders. However, given what the news reports are saying, our problems today could well be because of these attacks and after effects!

It appears to have been part of a worldwide attack.

Some more technical background can be found here for those interested:

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

One ponders how on earth people coped before poota's were around.

Don't come into A&E unless it's a real emergency??

Can the NHS not fix a broken leg without a laptop???

Saint posted:

One ponders how on earth people coped before poota's were around.

 

Don't come into A&E unless it's a real emergency??

Can the NHS not fix a broken leg without a laptop???

 

No, it's not that. it's the way records are made and kept!

Saint posted:

One ponders how on earth people coped before poota's were around.

 

Don't come into A&E unless it's a real emergency??

Can the NHS not fix a broken leg without a laptop???

The problem is that part of the point of moving to a digital system is so that you don't have the cost and hassle of maintaining paper data (patients' medical records, in this case). The downside of that is that if anything goes wrong, you can't restore those paper records easily, if at all.

And yes: doctors have been resorting to pen and paper during the current attack.

Apparently It was down to a bug in window 10 that was patched in March, it would appear NHS and others affected didnt update and patch it... Or so I've just been told 

The bug meant hackers could send it through email and the attachment didnt even need to be opened to get on the PC 

Jen-Star posted:

The bug meant hackers could send it through email and the attachment didnt even need to be opened to get on the PC 

I did respond to an NHS questionnaire recently - and added a photo of a friends dog 

Jen-Star posted:

Apparently It was down to a bug in window 10 that was patched in March, it would appear NHS and others affected didnt update and patch it... Or so I've just been told 

I'm not so sure about that, Jen. My understanding is that much of the NHS is still running XP.

From the Register article I quoted previously:

"The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system."

Eugene's Lair posted:

Jen-Star posted:

Apparently It was down to a bug in window 10 that was patched in March, it would appear NHS and others affected didnt update and patch it... Or so I've just been told 

I'm not so sure about that, Jen. My understanding is that much of the NHS is still running XP.

 

From the Register article I quoted previously:

"The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system."

 

Ah yes, that makes sense. Mrjen just said it was the bug we patched in March so we're safe.... I made the rest up in my head ��

Eugene's Lair posted:

Jen-Star posted:

Apparently It was down to a bug in window 10 that was patched in March, it would appear NHS and others affected didnt update and patch it... Or so I've just been told 

I'm not so sure about that, Jen. My understanding is that much of the NHS is still running XP.

 

From the Register article I quoted previously:

"The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system."

 

They were warned....outdated systems and no longer covered 

Cyber attack Hunt 

Sprout posted:

They were warned....outdated systems and no longer covered 

trident runs on a version of XP... 

Dame_Ann_Average posted:

 

Cyber attack Hunt 

Is that rhyming slang?

Saint posted:

Dame_Ann_Average posted:

 

Cyber attack Hunt 

Is that rhyming slang?

it certainly is in my house 

It does seem that it's been on Windows XP computers as has been mentioned above. It's been just over 3 years since Microsoft ended their support for Windows XP....

cyber attack Ransomware when they meant to type BransonCare 

Dame_Ann_Average posted:

 

Cyber attack Hunt 

Dame_Ann_Average posted:

Sprout posted:

They were warned....outdated systems and no longer covered 

 

trident runs on a version of XP... 

You couldn't make it up could you?  

Saint posted:

Dame_Ann_Average posted:

 

Cyber attack Hunt 

Is that rhyming slang?

Take it whichever way you want  

El Loro posted:

It does seem that it's been on Windows XP computers as has been mentioned above. It's been just over 3 years since Microsoft ended their support for Windows XP....

Eugene's Lair posted:

Jen-Star posted:

Apparently It was down to a bug in window 10 that was patched in March, it would appear NHS and others affected didnt update and patch it... Or so I've just been told 

I'm not so sure about that, Jen. My understanding is that much of the NHS is still running XP.

 

From the Register article I quoted previously:

"The security hole has been patched for modern Windows versions, but not WindowsXP – and the NHS is a massive user of the legacy operating system."

 

Our computers run Windows 7, but that doesn't mean that other boards do. The news has just said that only 3 boards in Scotland HAVEN'T been affected. In most areas it is only GP surgeries that have been hit, but in Lanarkshire all three hospitals have been hit as well!

God knows what it'll be like when we go back on Monday!

For Windows operating system users, provided you keep your computer up to date with Microsoft updates, your computer should be safe from this attack unless you are still using Windows XP or older versions.

You can check via Control Panel - Windows Update - View Update History to see if that inlcudes March 2017 Security Monthly Quality Rollup for your version of Windows,  or Cumulative Security Update.

Unfortunately our computers are little more than terminals. They are VDI units and all the information we input and use is stored in the CLOUD. Thus we are permanently working on a knife edge. One little glitch and vast amounts of work can't be done!

There was someone on the news this morning from the government IT security stating that depts were all warned a while back to make sure all files were backed up.

I think our IT guys run a back up every weekend, or possibly every night, but the number of times we get a message to say it failed is amazing!

Niissan's Sunderland plant has been affected:
http://www.bbc.co.uk/news/uk-england-39906534

El Loro posted:

Niissan's Sunderland plant has been affected:
http://www.bbc.co.uk/news/uk-england-39906534

Places all over the world apparently.

Gregor Peter‏ @L0gg0l 14h

As some of you may know, my work is related to the rail industry, so I'm expecting my company's span filters to be working overtime this weekend...

Extremely Fluffy Fluffy Thing posted:

I think our IT guys run a back up every weekend, or possibly every night, but the number of times we get a message to say it failed is amazing!

Unfortunately a lot's going to depend on the details of the backup policy and its implementation.

It's the same with security updates: in theory, Systems post-XP should be patched, but in practise many people have been slow to do so...

Speaking personally, my company's backup tool seems to be fine for my own day-to-day work, but I've colleagues who've had big problems with it. My own problems have been down to more systems-related data, which even IT assumed was being included in the backup process, but wasn't in practise.

Some more background info, courtesy of The Register:

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+/wannacrypt_ransomware_worm/

Basically, this all goes back to the theft of a couple of spying tools developed by the US  National Security Agency (NSA) - Eternalblue and Doublepulsar. The Wannacrypt ransomware worm currently doing the rounds is developed from Eternalblue. What's not getting as much publicity at the moment is that it's also installing Doublepulsar - a "backdoor" access tool that allowed the NSA - and presumably now other criminals - to remotely control infected machines.

Final words from The Register:

If you haven't been infected, make sure your security patches are up to date. Kill off SMBv1 at the very least, and block access to it from outside your network. The exploits the malware uses have already been patched, and there's no excuse for getting caught out as a private user. It's understandable that IT managers with annoying corporate policies and heavy workloads have been forced to hold back patches, or are unable to apply them. If you can update your installations, drop everything and get patching.

And we'd sure appreciate it if you could stop clicking on attachments from unknown parties, too. ®

It is just beyond belief! All this emphasis that's put on security and good practise.......and then we find that someone at the top has left the back door open!

Part of the problem, I think, is because so many people have fingers in the same pies!

I was enjoying a nice day out on Saturday, so I'm still catching up with the fallout from this (and no doubt that will continue when I return to work tomorrow...   ).

Official advice from Microsoft (includes links to security updates for old systems):

Customer Guidance for WannaCrypt attacks

Blog by MalwareTech, the guy who inadvertently activated the malware's "kill switch":

How to Accidentally Stop a Global Cyber Attacks

It's (unsurprisingly) rather technical, but readable and interesting nonetheless. It also helps correct some of the media misreporting during all the panic and confusion. MalwareTech is not an amateur, but an information security professional: his job is to track and stop malware,  thus assisting victims and law enforcement. He just happened to be on holiday at the time (his boss has given him another week off to make up for the lost break!).

Also, it looks like the "kill switch" wasn't actually an intentional "kill switch" (self-destruct mechanism) after all: current thinking is that it was a badly-engineered attempt by the bad guys to try to prevent the good guys analysing the malware. In theory, the bad guys' thinking was valid (and has been done before), but in practise its poor implementation  provided the good guys with a simple way of stopping it altogether (even if they didn't initially realise it).

Eugene's Lair posted:

I was enjoying a nice day out on Saturday, so I'm still catching up with the fallout from this (and no doubt that will continue when I return to work tomorrow...   ).

 

Official advice from Microsoft (includes links to security updates for old systems):

Customer Guidance for WannaCrypt attacks

As EL's post says the above link includes links to patches for older versions of Windows including Windows XP. Microsoft have taken this rare step due to the widespread problems. Micosoft also says that Windows 10 users were not targeted in Friday's attack.