Ransomware cyberattack on various NHS hospitals

[Nihilego]

I feel the need to point out that this attack isn't NHS-specific, and probably didn't target the NHS. It's ransomware which spreads through old Windows machines via file sharing, I believe (which is why the NHS was hit so bad - patient data). Some poor sod probably clicked on the wrong thing in an email and it sorta escalated. Very, very unfortunate that it's ended up here, though.

How will companies be able to get across the point that accepting random emails is not necessarily a good thing, let alone opening them, and how will people be able to protect themselves from ransomware in the future?

Mandatory basic computer literacy courses for their staff. So many people have no idea how to tell something that looks dangerous from something which doesn't and, at least in the UK, NHS workers aren't explicitly trained on this (as far as I'm aware).

Will antivirus software ever be able to keep up to the evolving form of money grabbing and be able to stop ransomware before it becomes too big?

Microsoft released a patch for this in March this year for supported computers (which, I believe, don't include XP-based ones; i.e. the software that 90% of NHS computers run on). Antivirus would have been, dare I say, overkill had the NHS just bothered keeping their software up-to-date.

Will the NHS get away from this unscathed?

Financially, probably; I certainly can't see them paying out to fix this, other than to their own tech people. But undoubtedly this is going to cause big problems for patients and may even cost lives - blood group data, for example, will currently be inaccessible.

 

[Lucario]

Moral: Don't use old windows machines for critical systems.

 

[Leviathan]

Honestly when I heard how it spread I felt like shaking my head a little. One of the oldest tricks in the book, preying on user incompetence. I dunno if I would hurry to suggest an upgrade of their operating systems (given the crucial nature of their data and the heavy relliance on stability, which the newer Windows OSs are anything but), but if all else, better Antivirus, spam filters, anti-malware, the works.

And of course a few crashcourses for staff on the importance of web browsing wouldn't go astray either, but of course this is but speculation on my part. The NHS will do what it can to move past this mess and recover.

 

[Raffy98]

Microsoft released a patch for this in March this year for supported computers (which, I believe, don't include XP-based ones; i.e. the software that 90% of NHS computers run on). Antivirus would have been, dare I say, overkill had the NHS just bothered keeping their software up-to-date.

Microsoft decided to push an extraordinary update even on older versions of Windows like our beloved Windows XP, even though the support ended on the 8th of April 2014. (source)
This was a forced move, in my opinion, even if this OS is almost 16 years old I still see it installed on lots of PCs in schools and hospitals.
This is not a good thing as it can put data security at great risk and this malware is proving it.

 

[Dter ic]

Moral: Don't use old windows machines for critical systems.

It wouldn't surprise me if some of the expensive equipment used by the NHS had XPe (embedded) which cannot be upgraded.

Seems like it has stopped for now though there's a chance it may happen again. The way they stopped this by registering a hardcoded domain to check for sandboxing (causing the ransomeware to exit) could suggest this from what I have read.

 

[Mewtwolover]

Moral: Don't use old windows machines for critical systems.

This.

Microsoft decided to push an extraordinary update even on older versions of Windows like our beloved Windows XP, even though the support ended on the 8th of April 2014. (source)
This was a forced move, in my opinion, even if this OS is almost 16 years old I still see it installed on lots of PCs in schools and hospitals.
This is not a good thing as it can put data security at great risk and this malware is proving it.

Indeed, releasing that update to XP was actually a mistake, Microsoft should've forced users to upgrade to newer Windows instead.

 

[Raffy98]

Anyway, I follow this guy on YouTube. If anyone wants to see the malware in action, he made a really nice video about this.

 

[Hands]

You gotta be a real scumbag to target an already underfunded Health system thats on the brink.

 

[Maki-Nishikino]

they are saying North Korea could be the ones behind the attack or someone using North Korean code

 

[Dter ic]

someone using North Korean code

North Korean code? Any sources? Because the exploits used by WannaCry are from the NSA exploits leaked by the Shadow Brokers

 

[Maki-Nishikino]

North Korean code? Any sources? Because the exploits used by WannaCry are from the NSA exploits leaked by the Shadow Brokers

someone found north korean code inside the wannacry ransomware it was on stuff like ABC

 

[Tsutarja]

You gotta be a real scumbag to target an already underfunded Health system thats on the brink.

Unfortunately, that's just who hackers want to target?the most volatile.

 

[pkmn.master]

I'm a CS major entering my senior year for my bachelors, and with this news I have been thinking that it might be better to focus on cyber security rather than just software engineering jobs. The wars of the future will be fought in cyberspace, as cheesy as that sounds. I feel as if we will be seeing more ransomware attacks soon. These hackers, and wannabe hackers all over the world are getting a taste of fresh blood.