Massive Ransomware attack today using Eternal Blue. 74 Countries and FEDEX hit hard.

Hide sidebar Show sidebar
TLS Guy

TLS Guy

Seriously, I have no life.
If any of you IT gurus want to weigh in on this Ransomware attack today, I would be interested.

As I understand it NSA found a weakness called EternalBlue in Windows. The NSA got hacked by a Russian hacker gang, and it was dumped on the dark NET. Now some other bad guys have monetized it and are locking up computers world wide.

It has crippled the UK NHS, and there will be loss of life if there already has not been. It involves 74 countries now. Spanish utilities are crippled and FedEx has been hit hard.

Microsoft have had a fix since march, but IT admins have been tardy cutting off the hack.

That is what I know. But it seems serious.
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
TLS Guy said:
My computers security is up to date. I checked. But should we be leaving our computers off, as the second article suggests?
Click to expand...
Krebs has good reasons to be paranoid, but I think as long as your windows computers are win10 and fully patched - you and everyone should be fine.
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
TLS Guy said:
Microsoft have had a fix since march, but IT admins are often understaffed, overloaded and regulatory other tasks take were forced to priority other than security by business.
Click to expand...
FTFY. It's easy to blame it on IT admins, but real core of the issue often comes from incompetent management.
Not to mentioned that patching 1-10 machines is easy, but patching thousands require a bit more being not "tardy".
It's not uncommon for IT guy to troubleshoot or train it's company Sr Manager mobile device basic usage instead of focusing on best practises.
Don't get me wrong, plenty of IT guys sitting on their asses, wasting time, but honestly hospitals, even in US are extremely lacking in even basic IT security with blame falls just as well on shoulders of medical devices and equipment manufactures.
https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
 
TLS Guy

TLS Guy

Seriously, I have no life.
BoredSysAdmin said:
FTFY. It's easy to blame it on IT admins, but real core of the issue often comes from incompetent management.
Not to mentioned that patching 1-10 machines is easy, but patching thousands require a bit more being not "tardy".
It's not uncommon for IT guy to troubleshoot or train it's company Sr Manager mobile device basic usage instead of focusing on best practises.
Don't get me wrong, plenty of IT guys sitting on their asses, wasting time, but honestly hospitals, even in US are extremely lacking in even basic IT security with blame falls just as well on shoulders of medical devices and equipment manufactures.
https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
Click to expand...
Hospitals I agree are vulnerable. There are so many terminals and devices.

The NHS if course is now in the hurt bag. Their windows operating system is no longer supported so I assume it is XP or earlier. They have 39 regional authorities out and that includes all their hospitals and GP clinics. Knowing the NHS I doubt the data is properly backed up or even at all. They will not be paying a ransom.

According to Henry Marsh who is an eminent neurosurgeon, in his wonderful autobiography, says almost all NHS passwords to radiology etc, have been set by the medics to F*&k you. If you don't know the password he says that generally works!
 
jinjuku

jinjuku

Moderator
Businesses see IT as a way to increase shareholder revenue. That is to cut back and to outsource. I've spoken with small regional hospitals, spanning several locations where they literally have 1.5 admins for 500 users and 2-3 times that in devices.

Patching presents it's own problems as a patch that takes down the network is just as costly as a crypto-ware attack while you are restoring from backup.

Years ago I got into a scuffle with some Arsians about managed DNS and the importance of Whitelisting. I'll have to go find my posts on the matter and refresh their memory and shove it down their throats.
 
TLS Guy

TLS Guy

Seriously, I have no life.
I have just learned from the Telegraph that 90% of computers in the NHS are running Windows XP, the remainder Windows 7 or 8. They can't even use their phones let alone the computers. The NHS is the only outfit affected in the UK.

As an ex capital budget chairman, I can tell you it is an uphill battle to get medical governing boards to invest in robust infrastructure. I'm forceful and usually got my way.

The real problem, and many will be surprised to hear this, that medical centers are chronically short of funds,. It is not a profitable business venture in the main. If people want the benefits of the wonders of modern medicine then it will cost a lot more which is not tenable. The fact is the medical industry could easily spend a nations whole GDP and then some.

People say "You can't put a value on a human life." Well we can and we do!
 
highfigh

highfigh

Seriously, I have no life.
I have friend who manages a computer store for a local chain and when I was there last, someone asked about anti-virus software and whether Kaspersky is good. The manager said "I used to like Kaspersky, but I don't trust them" and when asked why, he said "Because they're Russian!". Ilya is from Kiev.
 
panteragstk

panteragstk

Audioholic Warlord
BoredSysAdmin said:
FTFY. It's easy to blame it on IT admins, but real core of the issue often comes from incompetent management.
Not to mentioned that patching 1-10 machines is easy, but patching thousands require a bit more being not "tardy".
It's not uncommon for IT guy to troubleshoot or train it's company Sr Manager mobile device basic usage instead of focusing on best practises.
Don't get me wrong, plenty of IT guys sitting on their asses, wasting time, but honestly hospitals, even in US are extremely lacking in even basic IT security with blame falls just as well on shoulders of medical devices and equipment manufactures.
https://www.wired.com/2017/03/medical-devices-next-security-nightmare/
Click to expand...
I worked for one of if not the largest hospital in Dallas for about a year. The sheer level of devices and the utter lack of competence made it an unbearable place to work.

To give a better picture of how out of date some things were, we were still pulling netware off of some of the computers. Don't even get me started on the patient record software they used. SMHo_O
 
BoredSysAdmin

BoredSysAdmin

Audioholic Slumlord
In extremely unusual move, Microsoft issued patches vs this bug for OSes it stopped supporting 3 years ago, including XP, 2003 Server and 8.
Good news is windows 10 in any patch version is not affected by this.
 
You must log in or register to reply here.

Latest posts

newsletter

  • RBHsound.com
  • BlueJeansCable.com
  • SVS Sound Subwoofers
  • Experience the Martin Logan Montis

Sitemap

Sitemap

Site Information

Site Information

HTML

audio forum
  • Facebook
  • Youtube
  • Twitter
  • instagram
  • rss
Top