It isn't just the NHS, it is a global ransomware attack.
Still pretty bad, but not just targeting the NHS.

Mark

I feel honour bound to point out that about two years ago the NHS made a massive chunk of their in-house IT staff redundant and handed most of their 'back end' IT over to Centrica.


Jonathan

Microsoft sends out a Windows XP patch to block new ransomware | TechRadar
http://www.techradar.com/news/microsoft ... ransomware

Is network security the real problem here, for it to spread the way it did? I find it unlikely that it got in through XP globally... oh, I dunno, it just doesn't feel right!

The problem is, it is spread through SMB, which means any PC on a local network, that hadn't been patched, could be infected. The initial infection might run over a phishing email or an infected website (or on a PC that was on an open network and didn't have SMB deactivated, shouldn't be the case since XP SP2, but idiots will be idiots).

Once one PC is infected, it just needs to search for all other PCs on the local network that haven't been patched and it can infect them, because SMB is the protocol used on local networks for transferring files between PCs and between servers - well, on more modern PCs, you will probably use CIFS, but SMB is still active for legacy connections.

I've since read a bit more and it seems to be a worldwide problem. One of the big issues is that older medical software designed to run on XP won't necessarily run on anything newer.

It was I think only last year that we were upgraded to Windows 7. Prior to that, we ran XP. We were issued smartcards about a year or so before the upgrades. The software to activate the smartcards, change passwords and user profiles etc would only work with IE6. If you let IE update itself to the latest version (which everyone did), then the smartcards wouldn't work. I ended up installing Firefox on every computer so staff could access the internet/intranet, leaving IE at version 6.

Obviously since then, they'd fixed the issue and we're all on Windows 7.
One of the servers is on the latest Windows version. The other is still on 2003. I just shut everything down as soon as I was aware of the issue.

I run a lot of my software at work on an XP virtual machine. It's clanky but may be more secure?

Depends when it was last snapshotted really doesn' it? Also, even if your VM being infected may not cause much trouble of itself, if the VM has network access it can stil propogate the problem to other computers.

Exactly Jon. If it is XP, then it shouldn't have any network access these days, end of story.

Well so far looks okay at work this morning. However, one of the servers is Windows 2003. It's not directly connected to the internet but it is connected to the rest of the network (by the looks of things, through another server).

This is an odd one - they talk about Windows XP, Windows 7 and 8 being affected, but not Vista. Isn]t Vista between XP and 7, and would also be a potential target? Not even Microsoft mentioned it in their patch notes.

I would assume Vista is indeed as vulnerable as the others but in terms of uptake its usage now must be pretty minuscule unlike the more popular iterations (although calling 8 popular is a bit of a stretch I guess). It's possible that the threat surface from Vista is so small that it wasn't worth the effort. Alternatively, maybe they did release a patch on the quiet but are sticking to the 'Don't Mention Vista' mentality to try and make people forget it was ever a thing - I expect 8 to end up going that way eventually as well.

Indeed. Windows 8 was the first version since 3.1.1 (the oldest version I'vve used) that I didn't like at all.
Having said that I don't think I ever used Vista. I never had it and work went from XP to 7.

The sad thing is that Vista and 7 actually share much of the same underpinning but they just made a complete hash of a couple of things in Vista that made it a massive pain to use.
UAC was overly keen to pop up and IIRC the indexing system just seemed to thrash away almost constantly which really didn't help performance much.

Vista was never really accepted by businesses and they stayed on XP until 7 came long (in fact many businesses moved from XP to Windows 7 long after 7 moved out of mainstream support and had been superceded by 8 and 10).

There are very low numbers of users and it was generally reviled (I found it a huge step forward, compared to XP, but i was in the minority).

It implemented UAC controls to ask for permission to do administration tasks, just like Mac OS X, Linus or UNIX, but Windows users weren't used to being asked for permission to install software. Plus, there was so much poorly written software that needed Administrator privileges, that the application complained and asked for the administrator password every time the it was started.

This extra, in fact, industry standard, security gave Vista a bad name, so MS had to weaken that aspect of security, when it released Windows 7.