[ Date Index ]
[ Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
Re: [LUG] nhs cyber attack
- To: list@xxxxxxxxxxxx
- Subject: Re: [LUG] nhs cyber attack
- From: Martijn Grooten <martijn@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 May 2017 17:44:29 +0000
- Content-disposition: inline
- Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1491642364; h=Sender:Content-Transfer-Encoding:Content-Type:Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date; bh=k6VRWL1AUCD7gEnje1SXGe2UTGReEQaexqnEfldT7Po=; b=tjdkyeOUYca5mmgO32eJqmV0NtyBp9TT49tT66D7vg23czXVG+2oTmLUT/THkHblC7pTMQI2qZwLzuGRUZFrXNCzn/zEw2Bf+tvgUMRabKa4VGHPw2XBo/G6TTuxdO+1THlpA93uoqnCyOG/cHzr5AIMz4isVrUIjh0713Rp8n0=;
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lapsedordinary.net; s=mail; t=1494611069; bh=Cl9gXEIxWYMZB0bsEp03/7/mFfSvecVd2eOaw5vWn3g=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=K2w+DmABHr35SfGaha21VFwU1uljTklhXmkcZaL8d1hBC7kJB4DA/VPfiAOl1NKCQ mr8zvGry43+t7VpZrF1HjpQ4+FsmSI6ZeEclmE3KFSLUbuhP0/LAmhe0EMwgsj4VnG 9W/t9cEEX65sSye0NrUNIDIs5YvZxmgUb7PF17lU=
On Fri, May 12, 2017 at 05:17:07PM +0000, mr meowski wrote:
> You must be joking... I've heard from some ex-colleagues at Kings who
> are currently fielding this and whilst it is certainly bad, this is
> "just" your usual bog standard crappy ransomware that's finally snuck
> onto the corporate network and sabotaged a lot of the end user Windows
> boxes.
It may be bog standard crappy ransomware, it spreads via a worm that
exploits a SMB vulnerability. This means that most victims won't have
opened an email, clicked on the attachment, enabled macros etc. They
just had a computer on a network where there was already an infected
machine.
As such, the number of infections is far larger than your averge
ransomware campaign.
Martijn.
PS the SMB vulnerability was patched by Microsoft a few months ago. If
you are responsible for Windows PCs anyway, DO PATCH.
--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
