I pit these ultimate scum-of-the-earth hackers

Pretty shitty - scores of patients being turned away as NHS computers getting hit with a virus pop-up demanding $300 bitcoin payments. Speculated that the attack is of Russian origin. The international scope of this is quite fucking unnerving.

Don’t be unnerved. It’s really not that unusual; the Internet knows no national borders, after all. This piece of malware has spread so quickly because it exploits a particularly bad Windows security flaw that allows it to spread itself, with no action by the victim to open it. It’s been a while since we’ve seen something like this because Microsoft has done a better job at not releasing with really bad security flaws.

Now, the victim would need to have no applied 2-month-old security patches to be affected. So, if you want to know why we computer people are so insistent that people get the latest version of the software installed at all times, this right here is why. By not patching your systems, you’re leaving yourself wide open to attacks like these.

Does that mean that only computers running pre-10 versions of Windows would be affected? Because my Windows 10 installation doesn’t give me the option to refuse updates.

Larger organizations tend to centralize updates and patches so that everyone’s on the same release. Usually that entails rolling them out to a pilot group (to catch any bugs), then applying them to the general population later. If the updates are to servers, different rules apply since it’s preferred to do them at slack times. Bottom line, if someone in the security group misses or ignores a patch, the entire enterprise is at risk.

Many of the affected systems were running Windows XP, which is no longer supported by Microsoft and therefore does not receive any updates. Although Microsoft has now made an exception and issued a patch for Windows-XP to fix this vulnerability.

Although if I understand correctly, this vulnerability is only used to spread to other computers on the same local network. So assuming your corporate/home network has a proper firewall, someone on your local system needs to open a phishing e-mail. I haven’t found reliable information on what this initial vector looks like - whether just previewing the e-mail will infect the computer, or you need to open an attachment, or click on a link, or what.

Actually, a few hours ago a British researcher ingeniously stopped future ( not already ) attacks of the software by looking at the code and realising there was a kill-switch by which the malware looked up a non-existent url.

He registered that url.

The Guardian

Microsoft has been much maligned by certain idiots for making Win10 updates automatic, but this sort of thing is precisely why Microsoft decided to do that. A lot of people are too stupid or too lazy to make sure that their systems are properly updated.

As a matter of fact, Microsoft is releasing a version called Windows S, that is designed from the ground up with security in mind. Programs of any sort simply will not run unless they are pre-approved by Microsoft.

More info:

Why in the world were they still running XP:confused:
Two years ago, I was a member of a Windows migration project that did XP to 7 upgrades at a utility company. Even back then, they had to pay Microsoft extra for special support to keep XP.

Regular backups in the places I work and half of the computers are using Linux. :slight_smile:

Of course there are a few systems were I have seen some educators that do not want to change the OS because some programs they use were not made to run in new operating systems or have hardware with drivers that do not work in the new OS.

Fortunately in one school I work the few xp machines left are not critical or have data that can be copied from other updated machines. Their users will protest but new hardware and OS will replace their clunkers when the inevitable happens. I do think that my efforts of moving the students to the Linux environment in one district has saved us from a lot of grief.

Anyhow, as I have to still patch stuff (I use android and Linux at home but I still have a Windows 10 for training) I know that automatic patches are there for Windows 10, but I noticed that for older OS there are patches to be downloaded:


But while there are patches for XP and almost all other past Windows releases I noticed that Windows Vista and 7 are not there. :confused:

Just to emphasize not of Russian government origin, since some idiots attribute the hand of Dread Pirate Putin in everything.
I can be certain of this, since they have launched the malware at ‘the Russian Interior Ministry, the Russian Emergency Ministry and the Russian telecommunications company MegaFon’. One would have to be very foolhardy to do this anyway, since the Russians don’t look kindly on this sort of thing, let alone a government actor.

They couldn’t afford Mint.

Hackers will hack.

Who really should be pitted are the administrators of those millions of computers who haven’t yet applied a 2 months old patch. That is completely unacceptable for connected devices. Those people are the anti-vaxxers of IT; annihilating herd immunity to save a buck/save 10 mins. This “virus” is completely ineffective against a patched machine. Millions of damage perpetrated by a script kiddie.


The relevant patch for Vista was made available in March along with the other then-supported Windows versions. Vista went out of support in April, and 7 is in security support until 2020. I didn’t realise that Win 8 (as opposed to 8.1) had been so ruthlessly cut off though.

While it is true that blaming someone right away is reckless, to also assume their innocence is also dumb. AFAIK Russia has had experience on things blowing up in their faces and I do remember that a lot of unregistered Windows software is there. So while I do agree it is not reasonable to blame someone specifically yet, declaring them innocent is also dumb.


Well, while I think that line is a valid slap to the institutions affected, I have the experience to tell you that Linux technical help on the field is not free. Institutions still have to pay for people that know about an OS that is unusual for many.

These are school/corporate owned computers? ISTM, then, that isn’t their decision. Anyway, aren’t those programs also updated when there’s a major update to the prevalent OS.

You would think so, but no. There was one small school I helped to move to new computers but the new server refused to use the old computerized course training/grade program.

And when one of the managers/owners doesn’t want to learn a new program… You go to war with the army you have. So I managed to rig one server to still use the old program (I did call it the Frankenstein server, I transfered bits and pieces from the old server and file resources to make the old program work properly. The good news was that it worked as it was needed and it did not turn on his master :slight_smile: )

The issue was solved recently when another owner learned to use a new education system and so the old one was finally disposed, almost 10 years after it should not had been there really, it did help that the older owner decided to let others manage the place.

Were old Brezhnev and the old gang still in charge, it would be a bet; but Putin does not look like the kind of man who would hack himself.

George W. Bush, maybe.

Certainly, that that’s where Rat Hat and the noble SUSE, progenitor of my beloved OpenSUSE, make their money.

Thing is that you have to remember where the sourse code came from, from the NSA hacked by a group with connections to Russia. I would think that the possibility of this coming back to damage them, like poison gas in WWII with a wind change is a good one.

One should remember that there is a lot of division in Russia, so there is the factor that some groups do not know what others are doing. And then there is a lot of ransomware coming from there too and yes, gangs are involved.

I just came in to post that, thanks. This is the specific link to the patches for XP and other older unsupported OSs:

For Windows 7, the relevant patch is part of MS17-010 and should have come in through Windows Update around March 17, but can be separately downloaded from Microsoft Technet here.

I think you’re right, as the patch to fix it is called “MS17-010 Security Update for Microsoft Windows SMB Server”, which implies a LAN-protocol vulnerability. I don’t know if anyone knows for sure what the initial vector was, but some type of email spam is suspected.

And that fact that updates are not always sufficiently well tested and occasionally break things is precisely why some sites like to control what updates they get, if any, usually limited to critical security updates.

For the same reason that some of the world’s largest financial organizations are still running Windows 2000 (or older!) and will be for a great many more years. When you have many tens of millions invested in a specific infrastructure, you don’t just upgrade to the latest and greatest on a whim when it’s far cheaper to pay Microsoft for custom support.

Yes, it is widely reported to move about a network via SMB. Nobody knows the initial method of intrusion, as far as I have seen. At least no one who’s telling knows. Talos has a very good write up of what’s known here. I’ll also add that there are reports of new versions in the wild that don’t check the previous url. So yeah, patch often and early.

I understand that in the case of hospitals, there’s essentially no option in some cases; there’s equipment that was made with XP, and no newer versions are available.