Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

NHS Cyber attacks

Chinahand

By Chinahand
in International News

Recommended Posts

  • Replies 85
  • Created
  • Last Reply
Chinahand Experienced

Chinahand

Posted
  • Author
Posted

How do people think this will be sorted out?

Will every computer effected need reconfiguring?

i presume the encryption is basically unbreakable so unless GCHQ or similar can gain access to the hackers' databases the data on the computer is forever locked so anything not backed up is effectively gone. 

Really really yuck. Millions of pounds to sort out criminal damage. 

Link to comment
Share on other sites
pongo Rising Star

pongo

Posted
Posted
9 minutes ago, Chinahand said:

How do people think this will be sorted out?

 

You would hope that they are able to restore most systems from backup. Where backup exists. But if the systems have not been kept properly up-to-date then you also have to wonder whether proper backup procedures are in place. Every affected machine will need to be re configured. But the risk is that it quickly happens again slightly differently.

In some cases they may simply have to pay. There was a case last year where a  US Police department ended up paying the ransom.

This is a particularly nefarious attack according to the reports. Once it arrives on a particular machine it then spreads to other machines on the same network. The way in which a machine first becomes infected is fundamentally a Windows issue. It simply should not be possible. It's a design flaw.

Link to comment
Share on other sites
guzzi Newbie

guzzi

Posted
Posted
15 minutes ago, Chinahand said:

How do people think this will be sorted out?

Will every computer effected need reconfiguring?

i presume the encryption is basically unbreakable so unless GCHQ or similar can gain access to the hackers' databases the data on the computer is forever locked so anything not backed up is effectively gone. 

Really really yuck. Millions of pounds to sort out criminal damage. 

Purely my take on it, and I know Helix has a good grasp on IT Security issues so his comments would be interesting.

But I would have thought that if you have your data backed up, and you know the moment the workstation or server in question was first infected, you could format the drive in question, reload the OS and then restore the data from the last clean backup. You would have to be confident you had removed the nasty from your network first, of course, or at least isolate the part of the network you were working on. Depending how long the thing had been latent for, you stand to lose a lot of data, and the effort would be enormous.

I would avoid paying the ransom if at all possible, on the standard grounds for terrorism that you do not want to encourage imitation.

 

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
Posted
5 minutes ago, guzzi said:

Purely my take on it, and I know Helix has a good grasp on IT Security issues so his comments would be interesting.

But I would have thought that if you have your data backed up, and you know the moment the workstation or server in question was first infected, you could format the drive in question, reload the OS and then restore the data from the last clean backup. You would have to be confident you had removed the nasty from your network first, of course, or at least isolate the part of the network you were working on. Depending how long the thing had been latent for, you stand to lose a lot of data, and the effort would be enormous.

I would avoid paying the ransom if at all possible, on the standard grounds for terrorism that you do not want to encourage imitation.

 

Pretty much spot on, but the big problem is whether they had backups or not.

You would hope that all patient data and data from tests was held centrally on a handful of servers which are backed up zealously at perhaps 30-60min intervals. You would also hope that Doctors' own notes are saved on a centralised area (via shared drives etc) which was also backed up.

My concern would be that neither of the two is true. If they have data all over the place on machines that are almost certainly not being backed up (cost, difficulty to set up etc) then they're in for a nightmare.

Link to comment
Share on other sites
pongo Rising Star

pongo

Posted
Posted
18 minutes ago, HeliX said:

There's no shortage of samba exploits on Linux either :)

Absolutely (if people are even using Samba - and granted there are always going to be potential vulnerabilities in any system). But the initial issue is how the first machine on a network becomes infected - and that's fundamentally about the scriptability of Windows and Windows products. It's about why 'integration' was never a good idea.

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
Posted
20 minutes ago, pongo said:

Absolutely (if people are even using Samba - and granted there are always going to be potential vulnerabilities in any system). But the initial issue is how the first machine on a network becomes infected - and that's fundamentally about the scriptability of Windows and Windows products. It's about why 'integration' was never a good idea.

So far as I'm aware it was standard phishing that got it in in the first place? "Dumb user runs thing dumbly" can certainly happen on other OSes, though the default permissions models in Windows do make it more likely there. But frankly, Organisations should be setting their permissions up better. Windows is developed with the home user in  mind, and making things easy for the home user as a priority. It's not appropriate to keep those same settings in a work environment.

Link to comment
Share on other sites
HeliX Grand Master

HeliX

Posted
Posted
16 minutes ago, woody2 said:

i thought this worm was a product of the fbi.....

Close! The exploit being used to propagate the worm was found by the NSA, and was released as part of the Shadow Brokers leaks.

Link to comment
Share on other sites
Mr Bear Newbie

Mr Bear

Posted
Posted

As I see it the government has only two options here:-

1.  Use this incident as an excuse to sell the NHS to their buddies.

2.  Set up a half baked cyber security firm and then employ them to design a new and already obsolete system with shallow and defective software for the NHS, while pretending that they are not benefitting personally from it.

Link to comment
Share on other sites
P.K. Grand Master

P.K.

Posted
Posted
5 hours ago, HeliX said:

Pretty much spot on, but the big problem is whether they had backups or not.

You would hope that all patient data and data from tests was held centrally on a handful of servers which are backed up zealously at perhaps 30-60min intervals. You would also hope that Doctors' own notes are saved on a centralised area (via shared drives etc) which was also backed up.

My concern would be that neither of the two is true. If they have data all over the place on machines that are almost certainly not being backed up (cost, difficulty to set up etc) then they're in for a nightmare.

I spent a great deal of my time in IT telling the customer base to take regular backups and store a copy offsite. Of course, when their system goes to ratshit and they call you in the first thing you ask for is the latest backup. Cue public servants saying "What's a backup?"

In my experience the only way to do 24/7 operations AND take regular backups is to use a dual system.

Not exactly rocket science and hardware ain't exactly expensive these days.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...