Roundup: NHS Cyberattack Is Now Global In Scope… Here’s What You Need To Know
What started out about a story about the NHS getting pwned by ransomware has now evolved into the biggest cyberattack in history. The New York Times has a map that illustrates how wide spread the attack is. The Financial Times has an excellent story on the attack itself which utilizes a piece of NSA developed malware to leverage poorly secured or antiquated systems running the Windows OS. In terms of the latter, the NHS in the UK was apparently running Windows XP systems which haven’t had security patches from Microsoft in years. Thus making them great targets for this sort of thing. You can bet that heads will roll over that. Organizations such as Fed Ex, Telefonica, Renault, The Russian Interior Ministry among others have hit by this cyberattack.
All is not lost though. Microsoft has added detection and prevention routines to their antivirus products. Other antivirus vendors are doing the same. And by sheer luck, A British cybersecurity researcher accidentally stopped the attack from spreading more widely.
The only good news is that this may be the event that finally forces companies and governments to take cybersecurity seriously. Not to mention the average consumer. After this calms down, I suspect that a serious rethink about how one protects themselves in the age of the cyberattack.
UPDATE: Microsoft has advice for customers here. This page also includes emergency patches for operating systems as far back as Windows XP.
UPDATE #2: If you are a network admin who wants to protect their network from potentially getting pwned by this, here’s what you need to know. Disabling SMBv1 disables the bug that the NSA sourced ransomware uses. Guidance on how to do that can be found here. This applies to devices like network attached storage boxes that may use SMBv1 as well. You should also firewall off SMB ports 139 and 445 from the outside world and restrict access to the service where possible on internal networks.
UPDATE #3: Another way to protect yourself is to ensure that your computer(s) are fully patched. Thus this is a really good time to run software update to make sure that you are covered. This applies to companies, governments, and individuals.
UPDATE #4: A reader just asked me if this ransomware affects Macs. It does not.
UPDATE #5: Motherboard is reporting that there is a new version of this ransomware. The difference is that this one cannot be stopped accidentally or otherwise. Thus we may about to see round two this cyberattack.
May 15, 2017 at 10:13 am
[…] title of this story sounds a bit harsh, but I think that this cyberattack where tens of thousands of computers in something like 170 countries are being held… is a wake up call for a number of […]
August 3, 2017 at 2:16 pm
[…] is best known as the UK national who upon analyzing a sample of the “WannaCry” malware that hit the planet earlier this year, stumbled upon a kill switch that was tied to a domain name. Upon learning that, he registered said […]
October 27, 2017 at 12:01 pm
[…] Service in the UK got pwned by what became known as the “WannaCry” ransomware outbreak that went global. Well, it turns out that they could have easily protected themselves from this outbreak. […]
March 29, 2018 at 9:04 am
[…] according to The Seattle Times. This is the same ransomware that pwned the NHS in UK among other places on Earth last […]
April 30, 2018 at 9:10 am
[…] this as the Wannacry ransomware really disrupted its services when they got pwned. But to be fair, they weren’t alone on that front. Hopefully other organizations who got pwned by this ransomware last year take note and use this as […]
June 11, 2018 at 8:47 am
[…] the problem with using SMB1. This protocol. has been implicated in a variety of exploits including the one that rocked the world not too long ago. Microsoft considers this to be enough of a threat that they have been turning off SMBv1 by default […]