Major Cyberware Attack World Wide

[Geek-9pm]

Today, Friday may 12.
The BBC, the New York Times, Fox news and other major media report a very big Cyber attack taht has hit some big companies and institutions.
The link below says hospitals were also hit:
http://www.cumbriacrack.com/2017/05/12/nhs-hospitals-hit-major-cyber-attack/

Trusts and hospitals in London, Blackburn, Nottingham, Cumbria, Merseyside and Hertfordshire have been affected, other parts of the country are also reporting problems with their computer systems.
They have asked patients not to come to the hospitals unless it is an emergency.
NHS Merseyside, Tweeted: “following a suspected national cyberattack, we are taking all precautionary measures possible to protect our local NHS systems and services.”
As of 3:30pm sixteen NHS organisations have reported that they have been affected.

It is said to be ransomware.
For more search:
Major Cyberware Attack

USA Today:
https://www.usatoday.com/videos/tech/2017/05/12/major-ransomware-attack-hits-thousands-systems-worldwide/101611568/

[camerongray]

The current thinking is that it used a SMB vulnerability (MS17-010) to spread across a local network.  The vulnerability was patched by Microsoft in March.  This reinforces why I lose faith in people advising to just "turn off Windows update" or that it's safe to run an unsupported version of Windows because "if you have Antivirus it'll be fine".

Don't think the situation was helped by the NHS apparently cancelling their support contract with Microsoft while still continuing to use XP: https://www.theguardian.com/technology/2015/may/26/uk-government-pcs-open-to-hackers-as-paid-windows-xp-support-ends  Does make you wonder where they are getting their IT staff from if they would be remotely happy doing such a thing.

For people that still insist on running XP, Microsoft have released a patch after this whole problem which can be found here: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/.  At the very least apply this patch although maybe treat this as a reason why it isn't a good idea to still run a 15 year old operating system...

[Geek-9pm]

camerongray, I have to agree with you.
Yes, I still use XP.
But it is insane for a large company to continue running XP.

[patio]

No...it's not.
And the vulnerability is NOT specific to XP PC's...

Read more...

[Geek-9pm]

The Government ended its annual £5.5 million deal with Microsoft to provide ongoing security support for Windows XP in May 2015, unless individual trusts - already struggling with budgets - were prepared to pay extra for an extended support deal.
Experts say that with no support deal in place Trusts were unable to have access to Microsoft’s anti-virus ‘patches’ designed to foil precisely the sort of attack experienced on Friday.

http://www.telegraph.co.uk/news/2017/05/13/nhs-cyber-attack-repeated-warnings-system-vulnerability-not/
This would suggest that the attack was NOT specific to XP.
Look at this:
https://www.nytimes.com/2017/05/12/world/europe/nhs-cyberattack-warnings.html?_r=0

Many of the N.H.S. computers still run Windows XP, an out-of-date software that no longer gets security updates from its maker, Microsoft. A government contract with Microsoft to update the software for the N.H.S. expired two years ago.

Many? How many is many? They should not an ANY.

“Historically, we’ve known that N.H.S. uses computers running old versions of Windows that Microsoft itself no longer supports and says is a security risk,” said Graham Cluley, a cybersecurity expert in Oxford, England. “And even on the newest computers, they would have needed to apply the patch released in March. Clearly that did not happen, or the malware wouldn’t have spread this fast.”

Is it OK to take Aspirin that has expired a year ago?
Ask your doctor. 

[patio]

Kinda what i stated above...

[camerongray]

I never said it was specific to XP.  However, XP machines without an extended support contract would not have received the patch that was made available for newer versions of Windows.

[patio]

Au contraire'...

XP still recieves important security updates...contrary to popular belief...

[Geek-9pm]

I just got some yesterday. Don't know what they do. 

[patio]

They are security updates...they went out to all Win machines...as i said...read more.

My XP rig which is on 24/7 gets them regularly...

[BC_Programmer]

Windows XP is out of support and no longer receives Security Updates, and hasn't received regular security updates since April 2014.  Microsoft has provided a few out-of-band security updates for serious issues like this one to the public and continues to provide security updates and bulletins to corporations paying for extended support contracts.

The last Security update for Windows XP was KB2965111 on May 1st, 2014, (which was also an out-of-band update). I can find no reference or information about XP updates (KB articles) issued after that date.

Some users have decided that fiddling with their registry to make Windows Update identify their system as a POS Terminal system is a sufficient replacement, as those continue to receive EFT security updates. The fact that EFT security patches aren't particularly useful on consumer systems doesn't seem to affect their glee at "beating the system".

[patio]

Mine gets updates about every 3 weeks...and i havent spoofed it to a POS system either...

[Geek-9pm]

Back to the broad scope of topic.
Newsweek has this item of interest:

An interactive map that visualizes the global cyber war in real time has been making the rounds on social media in recent days. It shows a steady flow, or sometimes deluge, of cyber-attacks—depicted as colorful, laser-esque beams—traversing the screen...and it is captivating audiences.
http://www.newsweek.com/real-time-cyber-attack-map-shows-scope-global-cyber-war-352886

It has been reported that about 100 countries have been under attack recently.
I can not get the MSN link to work.

[Geek-9pm]

Today is  5/14/2017

Cyber Attack Kill switch Found.

https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

The above claims the threat is now over. Discovered by a malware  researcher.

[Computer CPR]

They were saying that in the source code of the malware it checks to see if this crazy long domain name is registered and if so, it doesn't do any harm.  So they registered the domain and seemed to put it at bay...for now.

[Geek-9pm]

That is what I also read from a link from a friend on Facebook.
However, some media reports say the threat is still running. Which seems to contradict the information about the "kill switch" thing.
And it might shift to another issue. Lawsuits.
See here:
https://www.computerhope.com/forum/index.php/topic,160820.0.html
Recent Cyber Attacvk may start lawsuits.
So we live in a crazy world?
Be a victim and get sued!