Wednesday, May 24, 2017

Does The ADHA, With 300 Or So Staff, Really Need a Week To Respond To WannaCry?

This appeared last Friday.

Ransomware - mitigation advice

Created on Friday, 19 May 2017
Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target our computer networks. Consequently, prior to the ‘WannaCry’ ransomware attacks that recently affected many healthcare organisations globally, the australian Digital Health Agency (the Agency) had t...

Ransomware - mitigation advice

Ransomware is an increasingly prevalent threat, with a rising number of variants designed to target our computer networks. Consequently, prior to the ‘WannaCry’ ransomware attacks that recently affected many healthcare organisations globally, the australian Digital Health Agency (the Agency) had taken proactive steps to defend against this type of attack.
In addition, to support the health sector more broadly, the Agency has developed and published Risk Mitigation Advice: Preventing and Recovering from Ransomware. These guides – one developed for the executive level managers of medium to large health organisations, and one developed for IT practitioners within the health organisation – provide the information and advice needed for healthcare providers to prepare and recover from a ransomware attack.
Check with your IT support provider that the usual security precautions are in place:
  • Make sure your security software patches are up to date. This particular ransomware variant exploits a vulnerability that Microsoft fixed in this patch.
  • Make sure that you are running up-to-date anti-virus software.
  • Back up your data somewhere else (and store it in a location that is not connected to your main computer system). You can’t be held to ransom if the data is available from another place – this is your best protection from ransomware. Are you sure that your backups are working? A regular restore from backup must be done to check that your backups are working.
Unsupported operating systems such as Microsoft Windows XP carry a heightened security risk. Where possible unsupported operating systems should be upgraded to supported versions. However, if you are currently using Microsoft Windows XP, Server 2003 or an unsupported version of Windows 8, you should apply this patch Microsoft has released until such time as you are able to upgrade to a newer operating system.
Beware of risks associated with clicking links in emails or opening attachments (especially when they’re from an unknown email address). To reduce the risk:
  1. First hover on the link with your mouse pointer, and look at where the link is taking you.
  2. Take a second to think. Any link or attachment that is not from within your practice or immediate network, or a recognised friend, should not to be clicked. When in doubt, either call or email (in a separate email) your friend or the organisation asking them to confirm that the email is legitimate.
  3. Only click if you’re sure it’s safe
For information, visit:
Now the advice is reasonably sound but, as an example, the Conversation  had with pretty much the same advice six days earlier.

Massive global ransomware attack highlights faults and the need to be better prepared

May 13, 2017 4.39pm AEST

Author David Glance

A massive malware attack was launched on Friday, affecting at least 75,000 computers in 99 countries. Computers running Microsoft Windows were infected with “WanaCrypt0r 2.0 or WannaCry” ransomware. Once infected, all of the files on the computer are encrypted by the malware, which then displays a ransom demand of between US $300 and $600 in bitcoin that needs to be paid before the files can be decrypted.
The WannaCry ransomware is being spread through a weakness in Microsoft Windows that was originally exploited by the US National Security Agency (NSA) as part of their arsenal of cyberweapons in a tool called “Eternal Blue”. Unfortunately, this tool, along with many others, was stolen by hackers and leaked to the world in April 2017 by a hacker group calling themselves the “Shadow Brokers”.
Microsoft had already released a fix for the Eternal Blue vulnerability in March, but the extent of the WannaCrypt attack has highlighted how many organisations have failed to apply the fix, or are running copies of Windows that are so old that there wasn’t a fix for them.
Russia, Ukraine and Taiwan have been the countries most affected by the attack. In the UK however, the attack hit Britain’s National Health Service badly enough that services to patients were disrupted.
At the time or writing, one of the bitcoin addresses used by the malware showed that only a few people had paid the ransomware so far but the number has been slowly ticking up.
The spread of the first wave of WannaCry ransomware may have been halted by a cybersecurity researcher who, by registering a domain with a particular name, effectively activated a “kill switch” in the malware software that stops it from spreading further.
Ransomware has become the biggest threat to organisations and governments trying to protect critical infrastructure. According to a study by IBM ransomware attacks increased by 6,000% in 2016 and at least 40% of spam emails now carry ransomware. The study also found that 70% of businesses infected with ransomware would pay the ransom. In many cases, this is because they either did not have backups, or they believed it was a faster way of getting their business back up and running.
The NHS has come in for particular criticism about the consequences of the attack because they knew about the risks and had been warned repeatedly to take steps to protect their networks and computers.
Finding out who was behind the malware is going to be very difficult. The malware communicates using the anonymising Tor network and demands payments in the equally anonymous currency, bitcoin, making tracing those behind the attack more complicated.
The NSA has also been held partly to blame for the attack because it had not alerted Microsoft about the weakness in its system until the NSA’s software that exploited it had been stolen and leaked to the public. Had the NSA told Microsoft when it discovered the weakness, the patch to fix the vulnerability would have been available in enough time for even the slowest of organisations to have patched their computers.
Ironically, large scale attacks such as these do have the effect of highlighting the threat of malware attacks and cybersecurity in general. This is true at the national level as well as amongst businesses. The frequency and scale of attacks also gives us a measure of how effectively companies and countries are prepared for cybersecurity attacks of any kind. Governments can act to enforce cybersecurity protective measures on companies, especially those that provide critical services or infrastructure. They can also act to direct their security services to disclose weaknesses in software systems, rather than keeping them secret in order to exploit them themselves against some future enemy.
Companies and their employees can help protect themselves from future attacks of ransomware by taking the following steps:
  1. Back up computers. This doesn’t protect a computer from an attack, it merely renders an attack ineffective because it is easy to re-install the system from a backup.
  2. Don’t click on links in emails unless you are expecting the email to contain a link. If you don’t know, double check with the sender. Equally, if you open a document and it asks to run macros, just say no. Avoid putting people into this situation in the first place by not sending links unless you have agreed prior to sending the email.
  3. Always update systems and software with the latest security updates. Better still, set the system to automatically do this on your behalf.
  4. Use antivirus software to protect systems.
  5. If infected, disconnect the computer from the network so that other computers are not infected.
Here is the link:
One can only wonder why the ADHA took so long to respond, given the number of health care entities that were hit?


Anonymous said...

That would seem quite quick, wonder if they by passed the 100 managers across five layers and the 190 supporting admin staff?

At least they put something out, I was struggling finding much about how to prevent it. Glad we have a world leading digital cyber security team.

Anonymous said...

Only 300 or so STAFF! Where is the Org. Chart Senators?
What do all these people do Senators?
What are the salary ranges by category Senators?
How much is being spent on Salaries Senators?
How much on travel, accommodation, conferences, consultants, Senators?
Where is the Budget Senators?
What does the 'business' do Senators?

Techslice said...

I think the problem, as was with many other organizations, was the out-dated windows versions on PC's. Typically, I.T. departments in large organizations do everything they can not to update anything.

Anonymous said...

This is a good example of what can go wrong, the intent was fine, scale this up to the pipe dream of ADOHA and boy we could be facing big issues, I would prefer to see a distributed system based on Interoperability principles. Maybe the ADOHA know this and have a very large communications and Twitter department

Anonymous said...

Legal, Privacy Principles people signatory and tax payer funds and not neglecting the burden both physically and mentally placed on healthcare people is irrelevant across Government is my perception of late.

It reminds me of a line for a Science Fiction Movie - Is it legal? -- I will make it legal.