Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 14 subscribers
  • Views 10814 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UK NHS his by randsomware

Louis-M

Seems the UK national Health Service has been hit by a randsomware attack this afternoon and certain NHS trusts are now struggling with dealing with patients.

I got a quote from our Sophos supplier 3 months ago for exploit protection for endpoint protection which we have. This will currently rush it along.

We were hit last year but luckily we caught it and had backups. Hopefully they get it sorted but on monday morning, we shall be investing in this.



This thread was automatically locked due to age.
Parents

  • It is certainly good advise to have a layer which includes a dedicated crypto mitigation features that work by classifying the specific behaviour of crypto activity on the computer rather than relying solely on identity/heuristics of generic malware type behaviour.

    You'd hope the more traditional generic malware approach would prevent the initial entry point but passed that, something that is more "crypto aware" is very helpful.

    Even then assume the worst and have a backup strategy that has been fully tested.  The quicker the restore time the better.

  • in reply to jak

    We simply can't afford this to happen to us.

    Fortunately (and at the moment) we are ok. We don't have any of the risks associated with it and are fully patched.

    Systems we use are:

    Sophos UTM's at the perimetre with all protection eanbled eg IPS, AV, web protection, mail scanning, WAF etc.
    Public facing servers are in DMZ's with appropriate DNAT's, FW rules
    All clients have Sophos endpoint with patch assessment on.
    All clients are patched using a ringed approach via SCCM with all clients/servers receiving patches monthly (about 1 week after monthly updates are released)

    And backups are on a separate network that can only be reached via the backup server

    Our concerns are from within eg personal usb storage etc so we will be looking to employ the exploit protection to mitigate this risk and tighten up our policies.

    I really feel for those that have been hit and the only true way is to have proper backups that are tested regularly. I suspect we will find out in the next few days that some have not been.

Reply
  • in reply to jak

    We simply can't afford this to happen to us.

    Fortunately (and at the moment) we are ok. We don't have any of the risks associated with it and are fully patched.

    Systems we use are:

    Sophos UTM's at the perimetre with all protection eanbled eg IPS, AV, web protection, mail scanning, WAF etc.
    Public facing servers are in DMZ's with appropriate DNAT's, FW rules
    All clients have Sophos endpoint with patch assessment on.
    All clients are patched using a ringed approach via SCCM with all clients/servers receiving patches monthly (about 1 week after monthly updates are released)

    And backups are on a separate network that can only be reached via the backup server

    Our concerns are from within eg personal usb storage etc so we will be looking to employ the exploit protection to mitigate this risk and tighten up our policies.

    I really feel for those that have been hit and the only true way is to have proper backups that are tested regularly. I suspect we will find out in the next few days that some have not been.

Children
Unfiltered HTML