NHS Ransomware - aka Wanna Decryptor - Updated

Problems/advice relating to your PC/Mac/Phone/Television/ Satellite TV/DVD/Blu ray......

Moderator: Moderators

Post Reply
cjb
Rank 0
Rank 0
Posts: 5
Joined: Mon 27 Jun 2016 19:47

NHS Ransomware - aka Wanna Decryptor - Updated

Post by cjb »

Update 2: For anyone still obliged to use Windows XP, MS have released a patch for the SP3 release of that OS: http://download.windowsupdate.com/d/csa ... 6ee9dd.exe

Update 1: Some newspapers are reporting that MS17-010 is the cause of the vulnerability. Based on what several researchers are saying, I think that is a misunderstanding. However MS is now saying it has released a further security update which is aimed at this exploit, so perhaps the previous patch wasn't fully protective. See https://redmondmag.com/articles/2017/05 ... -flaw.aspx


According to this Bleeping Computer Twitter page: ( https://twitter.com/BleepinComputer ) Windows 7, 8.1 and 10 should be protected against the NHS ransomware exploit (aka Wanna Decryptor) provided that MS17-010 (from March 14th 2017) has been applied.

For Windows Vista KB4012598 needs to have been applied.

For Windows 7 64bit OS either KB4012212 or, more likely, KB4012215 needs to be listed in the update history.

For Windows 8.1 64bit, either KBKB4012213 or KBKB4012216 needs to be listed.

For Windows 10 64bit, either KBKB4012606 or KB4013198 or KB4013429, depending on your Windows 10 version.

The MS pages with these details are:

https://support.microsoft.com/en-us/help/4013389/title

https://technet.microsoft.com/en-us/lib ... 7-010.aspx

Providing you normally let Windows Update run automatically, these patches should already be in place.
Last edited by cjb on Sun 14 May 2017 23:55, edited 2 times in total.
User avatar
russell
Rank 5
Rank 5
Posts: 1038
Joined: Fri 21 May 2010 16:03
Contact:

Post by russell »

Thanks for that.

It's about time that misson critical systems like the NHS dumped Wondows for something inherently secure like Linux or OSX.

Russell
martyn94
Rank 5
Rank 5
Posts: 2086
Joined: Sun 14 Apr 2013 14:37

Post by martyn94 »

russell wrote:Thanks for that.

It's about time that misson critical systems like the NHS dumped Wondows for something inherently secure like Linux or OSX.

Russell
This is great, but the NHS has many hundreds of thousands of people using PCs, mostly for a relatively small part of their overall activity, with minimal training, and with roughly zero interest in computers. If they know vaguely how to use any OS, it will be one or other flavour of Windows. If the NHS (or rather individual trusts, which vary in competence) cannot find the time and resources (and until a couple of days ago, the priority) to migrate from XP, they not going to shut down for a few months to switch to Linux

As I think as I've said before, there is an almost inevitable clash of cultures in any thread about computers: people who hardly know how to switch the thing on end up talking to people who think that the answer is Linux. (It's always the answer, whatever the question is.)
User avatar
russell
Rank 5
Rank 5
Posts: 1038
Joined: Fri 21 May 2010 16:03
Contact:

Post by russell »

There is no need to train users to use Linux.

First, there are many user interfaces for Linux which look very much like Win XP.

Second, the users don't need to know Windows or Linux or OSX. They only need to know how to use the applications they are given and lookalike applications could be produced for all three operating systems.

Here in France there are a mixture of computers used on the same system by the health service. Some doctors use MACs some use Windows. So there is no need to take the systems down for months to make the changes, they could be rolled out in a logical manner with little disruption.

What is important is the security of the system and taking regular backups in case of problems.

Russell
User avatar
russell
Rank 5
Rank 5
Posts: 1038
Joined: Fri 21 May 2010 16:03
Contact:

Post by russell »

Latest advice from Microsoft for those using Windows pre W10:

https://blogs.technet.microsoft.com/msr ... m=referral

I would add, for those who haven't done it recently, back up all your data onto an external HD and then keep it unplugged from your computer. That way you can recover your lost data if you do get infected.

Russell.
martyn94
Rank 5
Rank 5
Posts: 2086
Joined: Sun 14 Apr 2013 14:37

Post by martyn94 »

russell wrote:There is no need to train users to use Linux.

First, there are many user interfaces for Linux which look very much like Win XP.

Second, the users don't need to know Windows or Linux or OSX. They only need to know how to use the applications they are given and lookalike applications could be produced for all three operating systems.

Here in France there are a mixture of computers used on the same system by the health service. Some doctors use MACs some use Windows. So there is no need to take the systems down for months to make the changes, they could be rolled out in a logical manner with little disruption.

What is important is the security of the system and taking regular backups in case of problems.

Russell
Just as a question (I have no idea what the answer is, but I can guess ), do you have any reason to think that French health providers have IT which, taken together, amounts to a "system"? I know that individual providers have their own IT, which they use with more or less conviction and according to their own choices (they may just think that IMacs look sexy, and so choose OSX). But if I fall down and crack my head in Clermont Ferrand, say, and are unconscious (choosing a situation at random), is there anything useful that the A and E there can find, from their computers, about my identity, or medical history, or current medication, or drug sensitivities or anything else useful? I very much doubt it - many millions of pounds have been pissed down the wall in many places trying to get to grips with this. It is objectively staggeringly difficult , and I doubt that Linux is the answer or any large part of it, particularly if many thousands of independent contractors are happy enough with Windows (or OSX, or their old Sinclair) thank you very much.
Webdoc
Rank 5
Rank 5
Posts: 201
Joined: Tue 02 May 2006 19:09
Contact:

Post by Webdoc »

Actually in practice this situation just about never ever occurs. The unaccompanied unconscious patient is pretty rare and is usually either a head injury or drunk which is easy to identify, or high on drugs which is also easily spotted. Diabetics in a coma are diagnosed in the ambulance with a simple fingerprick, and epileptics have recovered by the time they get to hospital. Otherwise it's a stroke which is diagnosed within the hour by a brain scan.

Severe and life-threatening allergies could and should be noted on a wristband (MedicAlert). Current medication and past medical history are not required in a resuscitation situation, and casualty doctors (and GPs) are experts in managing patients with an incomplete history.

A comprehensive joined-up national healthcare IT system like the NHS has sounds ideal but I very much doubt if it is worth the huge expenditure it requires. And the downside is that viruses can spread across the network much more easily, and (in my mind the most important) confidentiality goes out the window. Despite the assurance of confidentiality, in practice the system is wide open to abuse.

I know someone who worked in the department who issue NHS Smartcards required by all staff to access the system. Issuing them works quite well but there's no efficient system to switch them off when a member of staff leaves so the potential for abuse is huge. Plus when the boss of the whole security department went away he left his (top level security) card on the desk and the pin on a post-it "in case of an emergency".

Pharmacists and social workers are to be given access too. The whole system is wide open.
User avatar
Gus Morris
Rank 5
Rank 5
Posts: 280
Joined: Sat 07 Mar 2015 05:45
Contact:

Post by Gus Morris »

Two quick points.

First. How is an NHS IT failure relevant on a forum for English speakers living in France?

Second. I have a Carte Vitale. It allows authorised persons to access a central system which appears to hold quite a lot of medical data.

Gus
martyn94
Rank 5
Rank 5
Posts: 2086
Joined: Sun 14 Apr 2013 14:37

Post by martyn94 »

Webdoc wrote:Actually in practice this situation just about never ever occurs.

I was trying to pick an example, obviously ineptly, though what you've said makes perfect sense. Though I do still believe that more information might be better than none, given that someone has already bothered to collect it: if I change GP, there are lots of reasons why my old practioner might pass on a better history than I would.

But in a sense you just make my point (in relation to Russell): if all that practioners are going to do (or can usefully do) is to run their own practice-management software (and hardly that, in France: I haven't a had a hand-written prescription in the UK for God knows how long, but have never had anything else here), it makes even less sense to hope that they all switch to Linux: you might as well tell them all to go on a diet.
User avatar
russell
Rank 5
Rank 5
Posts: 1038
Joined: Fri 21 May 2010 16:03
Contact:

Post by russell »

martyn94 wrote: Just as a question (I have no idea what the answer is, but I can guess ), do you have any reason to think that French health providers have IT which, taken together, amounts to a "system"?
I was thinking of the Carte Vitale health insurance/ payment system which is nationwide.

Russell
User avatar
russell
Rank 5
Rank 5
Posts: 1038
Joined: Fri 21 May 2010 16:03
Contact:

Post by russell »

Gus Morris wrote:Two quick points.

First. How is an NHS IT failure relevant on a forum for English speakers living in France?

Second. I have a Carte Vitale. It allows authorised persons to access a central system which appears to hold quite a lot of medical data.

Gus
It is not just an NHS failure. It is a worldwide problem for anyone using an insecure computer system. If you are using a Windows computer that is not regularly updated you are at risk.

Widows is inherently insecure which is why it needs to be continually updated to protect against malware. OSX and Linux were both based on Unix which was designed to be used on multiuser systems and has file ownership protection built in. Of course with Linux being embedded in so many devices, GPS navigators, Kindles, Android tablets, Raspberry Pi's, Smart TV's, even coffee machines, many of which have common user names and passwords they are not all as secure as they should be.

Interesting point on the Carte Vitale. Does it provide access to a central patient database as well as the health insurance/payment system?

Russell
Allan
Rank 5
Rank 5
Posts: 1384
Joined: Tue 01 Sep 2009 21:21
Contact:

Post by Allan »

russell wrote:Thanks for that.

It's about time that misson critical systems like the NHS dumped Wondows for something inherently secure like Linux or OSX.

Russell
Keep it up with the urban myths Russell. The mobile phone OS most plagued with malware and viruses is Android, guess what that is based on -Linux.

Look in the US National Vulnerability Database and you will find 3 times as many vulnerabilities in Linux as in Windows 10.

There are at least 50 strains of Linux malware and have you noticed that the major distributors have all dropped their virus free claims.

Linux is open source and was contributed to by a huge number of programmers around the world. Do you seriously believe none of them built in back doors.

It is true that a well configured Linux system is more secure but not all are well configured and if it became widely used on desktops then the hackers and malware creators would turn their attention towards it. In any case, more secure does not mean secure.

Android is subject to so many viruses because it is so widely used just as Windows is so widely used.

The bigger problem is the stupidity of users who open dubious attachments or use their pet's name as a password. A change in operating system won't make them any less stupid.
User avatar
HarBenly
Rank 2
Rank 2
Posts: 25
Joined: Thu 16 Feb 2017 15:16

Post by HarBenly »

I heard the new malware attacked in the previous week. It was PETA something and it worked its magic on fully patched windows too. Not sure how much of it was true but this is becoming a serious problem now.

Thank the Lord I switched to Linux in my office and installed Windows 10 at home.
Ben.
Webdoc
Rank 5
Rank 5
Posts: 201
Joined: Tue 02 May 2006 19:09
Contact:

Post by Webdoc »

Some users of Windows 10 might find the following link useful:

https://www.bleepingcomputer.com/news/s ... -outbreak/
Post Reply