My wife's hospital will be hitting the news shortly

[Penner]

My wife is a nurse at Heritage Valley Medical Center in Beaver PA. She just called and told me that their computer system was hacked and that its locked. That means there are no medial records available for the doctors and nurses. The hackers want $300 in bitcoin. I told my wife several years ago when they went all digital with their records that it was a mistake. These hackers need to be murdered because they are putting innocent lives at risk.

Given what happened in the UK, "hacked" isn't really the right term... Typically its some moron worker who gets an email with an attachment, from someone they don't know, and stupidly opens the attachment.

Then, of course, the UK one was probably older XP systems (unpatched) or they weren't up to date (common in the medical field because of all the HIPPA rules)... The idiots machine who ran the attachment then infects everything on the network it can, and files that are on shared drives are really easy (don't even to use the unlatched SMB share bugs for that)...

Its sad, but honestly true hacks from outside are fairly rare with good firewalls/security/design. Moron users from inside opening unknown email attachments, getting infected via websites, etc, is usually where stuff comes from.

It's actually called "RansomWare" because of what you describe above.

[Speaker to Animals]

I thought this was an actual worm that propagated through unsecured ports in Windows machines.

[Ph64]

I thought this was an actual worm that propagated through unsecured ports in Windows machines.

Both. Only a moron would have their machine/company not behind a firewall that blocks those ports from the outside world... But once it gets inside your network it can spread fast.

So typically its a "human engineering" scam - bulk email out some infected attachments (in this case one of the articles I posted mentioned word/excel documents with VB macros, but could be a lot of things with known vulnerabilities)... And once some user opens that attachment inside your network, well, you're fucked if the things/ports its trying to take advantage of are unpatched on your internal machines.

It almost always gets in by the ID10T method though.

[The Conservative]

I thought this was an actual worm that propagated through unsecured ports in Windows machines.

Both. Only a moron would have their machine/company not behind a firewall that blocks those ports from the outside world... But once it gets inside your network it can spread fast.

So typically its a "human engineering" scam - bulk email out some infected attachments (in this case one of the articles I posted mentioned word/excel documents with VB macros, but could be a lot of things with known vulnerabilities)... And once some user opens that attachment inside your network, well, you're fucked if the things/ports its trying to take advantage of are unpatched on your internal machines.

It almost always gets in by the ID10T method though.

If the firewall is put up right, it should never have allowed said attachments through in the first place.

[Okeefenokee]

IT dropped the ball?

[The Conservative]

IT dropped the ball?

Pfft, I wish... I've spent 9 months fixing the shit that the old IT screwed up.

By august everything will be exactly where I need it to be. No more BS, and chances of this shit happening.

[3knuckleshuffle]

This one doesn't appear to be spreading via attachments (this is from our internal security center, so take with a grain of salt, but we are a huge retailer, so they have a lot of people following it):

Using a tweaked version of Mimicats (security auditing tool), which is able to obtain hashed credentials from RAM, the ransomware was able to spread via PSEXEC and WMIC laterally within a network along with exploiting the MS17-010 (ETERNALBLUE) SMB vulnerability.

At this time, there is no proof this was spread by phishing emails and/or with attached Word documents.
· This isn’t ‘Petya’ or ‘Petyawrap’ ransomware; a new variant called ‘NotPetya’ which utilizes different encryption and attack methods but uses similar base code

Luckily, it is super easy to vaccinate, as long as you can distribute files easily:

The ransomware includes a "vaccine" where it looks for the presence of a file named, "C:\Windows\perfc" and if it is present, it exits instead of proceeding with the infection. Creating this file will prevent infection even on systems that would otherwise be vulnerable.

[The Conservative]

This one doesn't appear to be spreading via attachments (this is from our internal security center, so take with a grain of salt, but we are a huge retailer, so they have a lot of people following it):

Using a tweaked version of Mimicats (security auditing tool), which is able to obtain hashed credentials from RAM, the ransomware was able to spread via PSEXEC and WMIC laterally within a network along with exploiting the MS17-010 (ETERNALBLUE) SMB vulnerability.

At this time, there is no proof this was spread by phishing emails and/or with attached Word documents.
· This isn’t ‘Petya’ or ‘Petyawrap’ ransomware; a new variant called ‘NotPetya’ which utilizes different encryption and attack methods but uses similar base code

Luckily, it is super easy to vaccinate, as long as you can distribute files easily:

The ransomware includes a "vaccine" where it looks for the presence of a file named, "C:\Windows\perfc" and if it is present, it exits instead of proceeding with the infection. Creating this file will prevent infection even on systems that would otherwise be vulnerable.

Fire their asses....

MS17-010 (ETERNALBLUE) SMB vulnerability was a known issue March 14, 2017. The fact this wasn't patched when it was found out, my god... what the hell were they waiting for... oh wait... it happened.

https://technet.microsoft.com/en-us/lib ... 7-010.aspx

[Speaker to Animals]

This is what happens when you don't maintain a strict regime over your IT slaves.

It usually happens if there are not enough software engineers in the company to explain to management how to properly manage these knuckle draggers.

[Speaker to Animals]

IT dropped the ball?