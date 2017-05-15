Cyberattacks From WannaCry Ransomware Slow But Fears Remain (bbc.com) 27
WannaCry ransomware, which has spread across 150 countries, appears to be slowing down with few reports of fresh attacks in Asia and Europe on Monday. A report on BBC adds: However staff beginning the working week have been told to be careful. The WannaCry ransomware started taking over users' files on Friday, demanding $300 to restore access. Hundreds of thousands of computers have been affected so far. Computer giant Microsoft said the attack should serve as a wake-up call. BBC analysis of three accounts linked to the ransom demands suggests only about $38,000 had been paid by Monday morning.
The first 2 steps are the most important. The second one alone should protect you.
The biggest problem is you can't fix stupid.
With that said, Microsoft made a part of this shit sandwich by refusing to patch older, but still active operating systems until their feet were to the fire. Sure, no one should be running XP any longer, but once on a vendor lock-in treadmill it can be very hard and expensive to get off.
The trouble is there are perfectly valid reasons for using the older operating systems especially in the cases like hospitals.
Let's say, as an example, there is an ultrasound machine that was based around Windows XP. I know is sounds odd but there is a case to be made for taking an existing laptop motherboard design and tweaking it to add the special hardware needed for the ultrasound. Especially as the images can be sent to a central file server.
Now, 4 years later, update the OS.
Can you guarantee that th
Yea, I have at least two pieces of perfectly good hardware that I can't use except on an XP machine due to the manufacturers using some XP code (browser?). The HP scanner isn't that big a deal, more annoying. But the Sony Handycam means I can't get old recordings off of the tapes without XP.
Medical devices should be kept on a separate VLAN behind an ACL with a no access to the Internet and a dedicated update server. Exposure to the General VLAN can cause problems. From what I read about the British hospital, there network isn't highly structured.
File versioning going back in history that you can't edit, only recover from?
Regular backups, perhaps on some multiple-time-per-day schedule, stored in a security domain separate from the source backup domain seems like the most viable working solution now.
Too many of the exploits hit admin/root privileges and then attack the OS backup defenses and occasionally even backup systems running in the same security domain. You need backups not accessible by even top-level user IDs, and preferably offline.
Not too long ago you didn't need to worry about viruses at all unless you actively ran something with a
.EXE .COM or .BAT extension, then through the expansions of javascript, flash, and even html, now you can get infected in dozens of ways without your even knowing it happened or what website did it. This should never have been allowed, but someone wanted it to happen, and this is where we are now thanks mostly to Microsoft.
OR you could run a fundamentally safer operating system and don't run anything with a DMG extension unless you knowingly downloaded it from a known site.
Yep. Not even once (NB that I'm aware of). Add in an ad blocker of some sort and that my firewalls (iptables, pf, iptables again, and pfsense) over the years don't permit externally initiated access and I'm still clean. I do scan somewhat regularly, malwarebytes being my go to scanner, and catch an occasional sketchy cookie. The first time I ran it, several years back, it found several waiting viruses in my really old email backup of my work emails (work let us use our personal computers to VPN in, and Eudo