The Daily Decrypt
The Daily Decrypt
Windows Recall Updates, London NHS Ransomware Crisis, VSCode Darcula Typosquatting Research

In today’s episode, we discuss the NHS’s urgent appeal for O-type blood donations following a ransomware attack on Synnovis, the security risks uncovered in the Visual Studio Code Marketplace with malicious extensions such as the fake ‘Darcula’ theme, and Microsoft’s decision to make its controversial Windows Recall feature opt-in by default. Learn about the cyber-attack’s impact on London hospitals, the widespread vulnerabilities in VSCode extensions, and the privacy concerns surrounding Windows Recall. Stay updated with the latest developments in cybersecurity and how organizations and individuals are responding to these challenges.

Article URLs:


00:00 Introduction

01:07 Deep Dive into Windows Recall Feature

03:57 Impact of Ransomware on Healthcare

06:01 Israeli Researchers’ Findings on Malicious Extensions

Ransomware, London hospitals, NHS, O-type blood, Israeli researchers, typosquatting, VSCode extension, Visual Studio Code Marketplace, Microsoft, AI-powered, Security, Screenshots, Windows Recall, cyber-attack, O-positive, O-negative

Search Phrases:
Ransomware attack on London hospitals, NHS blood donation cyber-attack, O-type blood donations needed in London, impact of ransomware on NHS, Israeli researchers typosquatting VSCode, malicious VSCode extensions uncovered, Visual Studio Code Marketplace security, Microsoft AI screenshot concerns, Windows Recall feature controversy, how to protect against malicious VSCode extensions

Thanks to Jered Jones for providing the music for this episode. Logo Design by

NHS appeals for O-type blood donations after cyber-attack delays transfusion —`Flash Briefing: NHS Appeals for O-type Blood Donations After Cyber-attack

  1. Critical Incident Declared:
    • Several major London hospitals declared a critical incident following a ransomware attack on the pathology firm Synnovis.
    • Operations and tests were canceled, and hospitals struggled to carry out blood transfusions.
  2. Appeal for O-type Blood Donations:
    • NHS Blood and Transplant urgently calls for O-positive and O-negative blood donors across England.
    • O-type blood is universally safe for all patients, crucial for maintaining transfusion services during the crisis.
  3. Ransomware Attack Details:
    • The cyber-attack, attributed to the Russian cybercriminal group Qilin, disrupted the ability to match patients’ blood types at normal speeds.
  4. Importance of O-negative Blood:
    • O-negative blood, known as the universal blood type, can be given to anyone and is vital in emergencies.
    • Only 8% of the population has O-negative blood, yet it constitutes about 15% of hospital orders.
  5. O-positive Blood Insights:
    • O-positive blood is the most common type, with 35% of donors having it.
    • This blood type can be given to anyone with a positive blood type, covering 76% of the population.
  6. National Blood Week and Appointment Availability:
    • During National Blood Week, it was highlighted that hospitals need three blood donations every minute.
    • There are 13,000 available appointments in NHS blood donor centers nationwide, including 3,400 in London.
  7. Call to Action:
    • Dr. Gail Miflin and Prof. Stephen Powis emphasize the urgent need for O-type donors to book appointments to support critical surgeries and patient care.
    • New donors are also welcomed, as they might have one of these essential blood types.


  • PA Media, “NHS appeals for O-type blood donations after cyber-attack delays transfusions,” The Guardian, June 10, 2024.`

Malicious VSCode extensions with millions of installs discovered —`-

Malicious VSCode Extensions: Israeli researchers discovered thousands of malicious Visual Studio Code (VSCode) extensions on Microsoft’s marketplace, impacting over 100 organizations.

  • Actionable Insight: Regularly audit and monitor installed VSCode extensions for suspicious activity.
  • Trojanized Dracula Theme: The researchers created a typosquatted version of the popular ‘Dracula Official’ theme, named ‘Darcula’, which included risky code.
    • Actionable Insight: Verify the authenticity of extensions by checking the publisher and source before installation.
  • Data Collection via Extensions: The ‘Darcula’ extension collected system information and sent it to a remote server, evading detection by traditional endpoint security tools.
    • Actionable Insight: Use network traffic monitoring tools to detect unusual outbound connections from development environments.
  • High-Value Targets Affected: The malicious ‘Darcula’ extension was mistakenly installed by high-value targets, including a major publicly listed company and national security companies.
    • Critical Implication: Organizations must educate developers on the risks of installing unverified extensions.
  • VSCode Marketplace Vulnerabilities: Researchers identified 1,283 extensions with known malicious code, 8,161 communicating with hardcoded IP addresses, 1,452 running unknown executables, and 2,304 using another publisher’s GitHub repository.
    • Actionable Insight: Develop a policy for the controlled use of third-party extensions and perform regular security reviews.
  • Lack of Marketplace Controls: Microsoft’s lenient controls over the VSCode Marketplace facilitate abuse, with many discovered malicious extensions still available for download.
    • Critical Implication: Microsoft needs to enhance its security measures and review processes on the VSCode Marketplace.
  • ExtensionTotal Tool: Researchers will release a free tool named ‘ExtensionTotal’ next week to help developers scan and identify potentially harmful extensions.
  • Actionable Insight: Utilize the ‘ExtensionTotal’ tool once released to audit your VSCode environment for security threats.
  • Call for Community Attention: The researchers emphasize the need for the security community to focus on the risks posed by malicious VSCode extensions.
    • Engagement Suggestion: Discuss with your team the importance of extension security and share experiences of suspicious activities related to extensions.
  • Awaiting Microsoft’s Response: BleepingComputer reached out to Microsoft regarding plans to enhance marketplace security, but no response has been received yet.
    • Engagement Suggestion: Encourage listeners to follow up on this issue by checking for updates from Microsoft and share any new developments.

Feedback Question for Listeners: Have you ever encountered a suspicious or malicious VSCode extension? How do you ensure the extensions you use are safe? Share your strategies and experiences with us!`

Windows Recall will be opt-in and the data more secure, Microsoft says

Windows Recall Feature Update:

  1. Enhanced Security Measures:
    • The search index database storing screenshot content will be encrypted.
    • Users must authenticate via Windows Hello Enhanced Sign-in Security (biometrics or PIN) to view or search the timeline.
    • Source: Microsoft Announcement
  2. User Control and Privacy:
    • Users can control what is saved, pause snapshot saving, filter specific apps/websites, and delete snapshots anytime.
    • Private browsing activities on major browsers will not be saved.
    • Source: Microsoft Announcement
  3. Enterprise Management:
    • IT administrators can disable Recall on managed work devices but cannot enable it.
    • This ensures Recall remains a user-controlled feature.
    • Source: Microsoft Announcement
  4. Criticism and Response:
    • Security experts criticized the initial lack of security and privacy safeguards.
    • Microsoft responded by emphasizing user control and enhanced security measures.
    • Source: Security Researcher Kevin Beaumont
  5. Commitment to Security:
    • Microsoft faced backlash for recent security mishaps and pledged to prioritize security over new features.
    • This aligns with their Secure Future Initiative, focusing on robust security practices.
    • Source: Microsoft CEO Satya Nadella

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.