NHS hack.

JH4

Prominent Member
Joined
May 6, 2003
Messages
2,593
Reaction score
381
Points
499
Reading between the lines today, it seems that the NHS were not using the latest MS s/w, thus not getting regular security updates - maybe. Also, it seems they maybe had no offsite up-to-date data backups which they could use to reboot their systems ? We learned to do this decades ago where I worked, so if I am right, I am really surprised... ( I could be totally wrong, of course..) The MS patch for this issue came out a while back, apparently.
 
Reading between the lines today, it seems that the NHS were not using the latest MS s/w, thus not getting regular security updates - maybe. Also, it seems they maybe had no offsite up-to-date data backups which they could use to reboot their systems ? We learned to do this decades ago where I worked, so if I am right, I am really surprised... ( I could be totally wrong, of course..) The MS patch for this issue came out a while back, apparently.
What's your source on the lack of backups?
 
No source, but if they had really up-to-date data backups, the issue could maybe have been solved very quickly. Just a hunch....I could be wrong, but it does appear that they aren't using the latest MS s/w, according to the news reports, which could result in them not getting the usual MS regular security updates. As I write, it appears I am right. The patch came out on March 5th, to solve this issue.
 
Reading between the lines today, it seems that the NHS were not using the latest MS s/w, thus not getting regular security updates - maybe. Also, it seems they maybe had no offsite up-to-date data backups which they could use to reboot their systems ? We learned to do this decades ago where I worked, so if I am right, I am really surprised... ( I could be totally wrong, of course..) The MS patch for this issue came out a while back, apparently.

It's Ransomware. MS patches aren't going to stop Ransomware but Sophos Intercept X (a.k.a HitmanPro.Alert) would have killed it stone dead.

Those responsible in the NHS for not having anti-ransomware on their computers should be taken out and shot, they are idiots.
 
We got hit with the last one of these, we did not pay up and went to our backups and it crippled our IT for a while / everything shut down until we got stuff sorted - takes some time to restore so much data.

Not quite as easy as you think
 
No source, but if they had really up-to-date data backups, the issue could maybe have been solved very quickly. Just a hunch....I could be wrong, but it does appear that they aren't using the latest MS s/w, according to the news reports, which could result in them not getting the usual MS regular security updates. As I write, it appears I am right. The patch came out on March 5th, to solve this issue.

I'm sure they do have backups, I wouldn't expect them to be restoring things straight away though, priority would be containing and eliminating the threat.

And yes, using XP so vulnerable to an exploit thats being used to replicate the trojan across the network. There is no patch to prevent the trojan though.
 
It's Ransomware. MS patches aren't going to stop Ransomware but Sophos Intercept X (a.k.a HitmanPro.Alert) would have killed it stone dead.

Those responsible in the NHS for not having anti-ransomware on their computers should be taken out and shot, they are idiots.

Am sorry but this just is not true - not as simple as you think it to be
 
Am sorry but this just is not true - not as simple as you think it to be
He has a point though, HitmanPro may have stopped this, then there's software restriction policies that can be enforced, if it behaves like the version of crypto I've seen then it executes in the users local app data folder which they have full access to, there are measures that can be put in place to prevent things running there.
 
Am sorry but this just is not true - not as simple as you think it to be

I know for a fact that Intercept X / HMP.A would have stopped this attack.
 
maybe - we are locked down for the weekend - got very much burnt the last time around
 
maybe - we are locked down for the weekend - got very much burnt the last time around

There is no "maybe", it is a fact. I KNOW Sophos Intercept X / HMP.A would have prevented it.
 
The patch for this issue came out from Microsoft on March 5th for Windows 10. Foolish if it was not downloaded by everyone.... A lesson learned ?
 
On a less technical note (I don't understand much about this kind of stuff anyway), why would some hacker douchebag attack ... the NHS? I mean I really couldn't careless if you hold MacDondalds to ransome, perhaps a Supermarket, or Amazon.... nobody will die as a consequence.... but withholding vital medical records will kill vulnerable people.

If the hacker is a mercenary, then they just moved up to being a murderer.

This sickens me.
 
The patch for this issue came out from Microsoft on March 5th for Windows 10. Foolish if it was not downloaded by everyone.... A lesson learned ?

No MS patch will prevent Ransomware. :)

You need an anti-ransomware product if your AV doesn't already include it (most don't). Even a fully patched up Windows 10 system will get hit by ransomware.
 
There's having backups... and then there's having backups that are routinely tested and a levelled DR plain to deal with a variety of disaster scenarios.

With XP machines still very much in play, I suspect there's very little in the way of a DR plan.
 
On a less technical note (I don't understand much about this kind of stuff anyway), why would some hacker douchebag attack ... the NHS? I mean I really couldn't careless if you hold MacDondalds to ransome, perhaps a Supermarket, or Amazon.... nobody will die as a consequence.... but withholding vital medical records will kill vulnerable people.

If the hacker is a mercenary, then they just moved up to being a murderer.

This sickens me.

It isn't necessarily to ransom the NHS, it could be a test to see its effectiveness before going after a real target.
 
On a less technical note (I don't understand much about this kind of stuff anyway), why would some hacker douchebag attack ... the NHS?

It's been found in various organisations and territories worldwide - I doubt the UK NHS has been specifically "targetted," - it's just demonstrated that they were vulnerable.
 
Last edited:
By the way dear readers - next time you find yourself at work complaining about all the things "nasty old IT" won't let you do with your computers - it is in order to try our best to prevent things like this that we put all the "restrictions" in place. (Though we are never complacent enough to think we've thought of everything. This sort of thing keeps us awake at nights!) :thumbsup:
 
Last edited:
The patch for this issue came out from Microsoft on March 5th for Windows 10. Foolish if it was not downloaded by everyone.... A lesson learned ?
It isn't that simple. Many of the NHS computers will be supplied as part of systems for connecting to monitoring equipment or running specialist software. The maker of the kit may not allow anti-virus or updates, as it may interfere with their systems. We have microscopes at my work like this, and they have to run on XP.
 
It isn't that simple. Many of the NHS computers will be supplied as part of systems for connecting to monitoring equipment or running specialist software. The maker of the kit may not allow anti-virus or updates, as it may interfere with their systems. We have microscopes at my work like this, and they have to run on XP.

If they have to be networked then I hope those XP microscopes are on their own VLAN. If they are sharing the same VLAN as the rest of the network then your IT guys will need good backup and DR plans.

But then like the NHS, if your IT guys haven't patched the later OS clients and servers then XP on your network is going to be a moot point as all the clients and servers, regardless of version, are currently wide open to attack if they don't have anti-ransomware. :D
 
But then like the NHS, if your IT guys haven't patched the later OS clients and servers then XP on your network is going to be a moot point as all the clients and servers, regardless of version, are currently wide open to attack
Again, this is being over-simplified. In a complex environment with machines and servers running all sorts of legacy software, it is impossible to keep everything fully patched and up to date. That's not to say there aren't other things that can and should be done, however.
 
This ransom worm was built off the back of one of the NSA exploit leaks, that's why it's so potent (even if it's a few years old) Russia & India both hit very hard suggests lots of XP pirated systems still floating around there.

The only upside is hopefully it will make some of those affected take security a bit more seriously.

I worked in industrial computing in the early 2000's and you totally get systems just left to their own devices, no management or some bored worker at a terminal takes the initiative and connects up a computer to a network it was never meant to be on etc. back in the day we had the sense to lock down the systems to stop that but not every business wanted that.
 
I'm not going to defend the NHS here as I know their IT is generally not as well maintained as it should be but I'm not sure some of you appreciate or understand the cost, size, scope and logistical nightmare it is to keep any massive scale IT up to date and protected. Ignoring the cost issue for a moment (I'll come back to it) but it is horrendously difficult to protect any system on this sort of scale. The NHS also has some very very peculuar and specific IT "problems" that no other companies are subject to. The nature of what it does disincentivises updating in much the same way as the MOD has traditionally always gone for older versions of software and OS. Older versions are better understood, they are generally more stable, you know where the holes and the risks are. This tends to mean you keep what works and what's stable because that's what you value.

Then we get to the cost. Would you prefer 1 billion a year to be spent on care, or 1 billion a year to be spent patching Windows and protecting all the inbound and outbound points? (it's an either or as there is not unlimited money). It's very easy with hindsight right now to say "Well patching and protecting of course" but if we'd gone back to last week and said "The NHS have spent 20 billion over the past 20 years and never suffered a security breach" would you be so sure?Some might say "well thats money well spent then" but is it? Is this breach going to cost anywhere near 20 billion to recover from? I very very much doubt it and thats the rub.

Risk is all about weighing up the likelyhood and impact and balancing it against the cost of mitigating that risk. As much press as this has got and the undoubted pain and suffering it's going to cause it is still likely minute in comparison to implementing and maintaining a fully robust protection against things like this. I'm sure more could be done. I'm sure theres any number of lessons to be learned from this whole thing. Ultimately though that risk decision was made to ultimately save the NHS money and it probably has done.

G
 
Windows patches are free, btw... No need to spend millions...
How the cyber attack could have been mitigated - apologies for a long post: A while ago I worked for a large telecom company here in the UK, back when mainframe computers were huge, ran very hot, and data was stored on reels of magnetic tape.Because of the risk of fire or hard drive failures, it was decided to create a back-up system for this data. (cybercrime was unknown then) So, we set up the simple system: data was backed up locally everyday, and a second backup was created on reels of tape that were then taken off site and stored in another telephone exchange in fire proof safes. The backup data was never more than a day old. These were then rotated every week. It worked well. In fact one telephone exchange did in fact catch fire - but that's another story.. ! I know all of this because I was the one charged with setting up this simple process for the company. Times move on and we now have Windows 10 which everyone who uses Windows should be using - it was a free update, after all. Backups now could load a thousand times faster than in the old days, to restore service. The NHS in the UK is still on Win XP which is no longer supported by Microsoft. This is just plain stupid. As now known, the patch was sent out from MS back in March for this issue, and would have been installed automatically on correctly set up computers running Windows 10. I rest my case...
 

The latest video from AVForums

Is Home Theater DEAD in 2024?
Subscribe to our YouTube channel
Back
Top Bottom