Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Not Over!! WannaCry??


  • Please log in to reply
5 replies to this topic

#1 raisya

raisya

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 17 November 2017 - 09:47 PM

Patient information was likely to be next frontier for major cyber attacks. A Wanna Cry attack is one of a ransomware that could cause serious damage to the healthcare industry. Healthcare industry without backup indeed lost data due to the asymmetric encryption usage. My questions, what are the basic measure that healthcare industry should execute to have a better chance at staying safe? And why this attack was so devastating to the healthcare industry?   :hello: [/size]

Edited by Platypus, 18 November 2017 - 04:54 AM.
Two duplicate posts deleted


BC AdBot (Login to Remove)

 


#2 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 18 November 2017 - 03:42 AM

 My questions, what are the basic measure that healthcare industry should execute to have a better chance at staying safe? 

1- User training, someone clicked the malware (in the patient-zero machine) and executed it. Users are the weakest link in the security chain.

2- Backup policy, if the victims had regular backups, the effects would be less harmful.

3- "Up-to-date" policy, every machine should have been updated regularly to ensure that old vulnerabilities are fixed.

 

And why this attack was so devastating to the healthcare industry?    :hello: 

Because all the points above were not respected. Wannacry is a ransomware but it was the final touch, the top of the iceberg; the real responsible was EternalBlue; a network kernel exploit using the SMB v1 vulnerability, allowing to spread freely to every machine in the network.


Edited by Umbra, 18 November 2017 - 03:44 AM.


Emsisoft Community Manager


#3 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 7,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:21 AM

Posted 18 November 2017 - 05:12 PM

It was helped in the case of the British National Health Service by the fact that infosec in its widest sense was not taken seriously enough. Agreed, they are always under severe budgetary pressure, but, if anyone does, they should know that an ounce of prevention is worth a pound of cure (for those who prefer the metric system, 25gm and 500gm).

 

I am reminded of a friend of mine who about 12 years ago had a hard drive die on her completely. Including taxes it cost her over £400 to have her photos recovered by a specialist firm. She could have bought a lot of back up for that much. How much did it cost our Health Service to recover from this attack ?

 

Chris Cosgrove



#4 raisya

raisya
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 18 November 2017 - 10:41 PM

Thanks for your opinion Umbra :thumbup2:

 

When we talk about policy, there is some issue to talk about it. The expertise of policy marker can be an issue on their credibility and knowledge. So, what is your opinion on this matter?

 

Second is EternalBlue. EnternalBlue is vulnerability on Windows system with outdated versions of the Windows File and Printer services (SMB). So, how to update windows to fix the EternalBlue vulnerability and prevent this Ransomware attack? 



#5 raisya

raisya
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 18 November 2017 - 10:59 PM

Thank for opinion Chris Cosgrove :thumbup2: 

 

I agreed with you. Budgeting is not a new issue to talk about especially on technology. As we know, technology always changing on formatting, security, policy, etc that lead to high budgeting on maintaining the current technology or develop new technology. 

 

Based on your question "How much did it cost our Health Service to recover from this attack?", the cost can be estimated around $10 million as what happens to Erie County Medical Centre in April 2017 when ransomware attacks their hospital system and services on 6,000 computers. To recovery from this attack in three month, the officials estimate the total cost has reached nearly $10 million. 

 

 

 



#6 Umbra

Umbra

    Authorized Emsisoft Rep


  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 19 November 2017 - 09:39 PM

When we talk about policy, there is some issue to talk about it. The expertise of policy marker can be an issue on their credibility and knowledge. So, what is your opinion on this matter?

I just mentioned about doing a backup regularly, any decent sysadmin have to do that, it is the basic of the job and the first thing we learn. 

Now a decent sysdmin should already have his personal policies/rules, which he submits to his company board for approval (and he should get it), now of course people have various skills and experiences level , but there is some basic common rules (in term of security) and they have to be implemented even if it is sometimes unwelcomed by employees.

 

Second is EternalBlue. EnternalBlue is vulnerability on Windows system with outdated versions of the Windows File and Printer services (SMB). So, how to update windows to fix the EternalBlue vulnerability and prevent this Ransomware attack? 

 

 

 

 You just have to update Windows normally, the fix have been issued by Microsoft right after the accident and even on WinXP which is normally not supported anymore.


Edited by Umbra, 19 November 2017 - 09:41 PM.


Emsisoft Community Manager





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users