Seems the crooks are always one step ahead of the law in this game. With that being said, with all of the countries affected, someone should be able to track these guys down. Something like this should result in a life sentence.
Remember this the next time some Democrat says he's going to tax/regulate/attack in some other way, the internet.
And, it's not 1 step, its more like 5. Actually, it's more like the government is -2 steps back, because they are a jobs program that keeps hiring incompetents (campaign staff/affirmative action), and paying off political big wigs with management jobs. Precisely how you get enough bad decisions, designs, and executions that allow the ENTIRE NHS to be taken. And, the hackers are +2 steps forward, because Microsoft does everything it can to keep everything and everybody at 0(on the timeline that suits them). When events force Microsoft to act quickly, it almost always means huge holes created by hastily written and poorly tested code. Microsoft has been playing catchup for years, and constantly trying to force their old, tired model back into relevance: by hasting filing their square pegs to fit into the round holes that the market wants.
When you do that: you leave cracks. Oh sure the peg fits, but not properly, and that's how the virus gets through.
Social media, that keep integrating everything either in the clear, or, with very shoddy authentication, are to blame here too.
And finally: it wasn't the hackers who designed England's NHS computer system. It was the government. Ransomware has been around for 10 years now, and in that time, what has the NHS done to ensure: 1. they have adequate backup architecture 2. they have adequate failover devices 3. they can completely dump their infected hardware and switch over to their backup architecture and failover devices instantly?
Clearly nothing. It's not like the cost, in today's hardware, is astronomical. In fact, there are companies who have been around at least 5 years who specialize in this, are competent, and for the NHS, would probably cost, at most, $40k a month(to maintain the backup capability, not to run the system on it, that obviously costs more, but it is by definition temporary). Even if it was $400k a month, isn't that pennies compared to the cost now?
They shouldn't be holding old transactional data in their systems anyway. As soon as it's a green-lit record it needs to be gone. And, an entire architecture should never be able to be compromised based on one successful intrusion.
But, remind me again: why do we want single payer here , complete with NHS-style IT competence?
Edited by OCinBuffalo, 16 May 2017 - 10:55 AM.