Prepare for a string of ransomware cases

[Nashemon]

http://www.bbc.com/news/technology-35602527

A Los Angeles hospital has paid $17,000 (£11,800) to hackers after its computer systems were taken offline by ransomware.
Systems at Hollywood Presbyterian Medical Center had been affected for more than a week.
Staff had been forced to carry out some tasks on paper.
However, the hospital's chief executive Allen Stefanek, said that the incident had not affected the delivery or quality of patient care.
Ransomware is a form of malware which infects a victim's computer, locking it, and demanding that a ransom - often in bitcoins - be paid in order to restore access.


Previously, local news sources had reported that the hackers were demanding a ransom payment of $3.4m - but Mr Stefanek denied this.
"The amount of ransom requested was 40 bitcoins, equivalent to approximately $17,000," he wrote.
"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key."
All systems currently in use had been cleared of malware and thoroughly tested, he added.

Surely this successful instance in the news will motivate the terrorists to redouble their efforts. Paying ransoms to terrorists is discouraged because it promotes demanding ransom in future attacks. I guarantee this hospital gets hit again shortly with the same attack.

 

[LPCTech]

If only people could figure out not to download random email attachments.

 

[KeithP]

I would support a law that would make paying in situations like this illegal and punishable by fine and jail time. Giving in to their demands just makes things worse.

-KeithP

 

[JimKiler]

I would support a law that would make paying in situations like this illegal and punishable by fine and jail time. Giving in to their demands just makes things worse.

-KeithP

It is illegal to pay the ransom. But that does not stop the police departments in the US from paying it when criminal case files are held ransom.

I listened to a podcast once where an old lady got hit by it and needed the files for somethin important (taxes maybe) and she went to get bitcoins but the police had forced the hand of the bitcoin dealer and they would not help her since they new it was for ransomware.

 

[PliotronX]

Just wow...

 

[Kaido]

Just wow...

You'd be amazed at how many CEO's have to pay it because they keep all of their stuff on their laptops rather than a secure network drive. And are usually doing personal surfing when they get the ransomware

 

[balloonshark]

Why don't companies use white list based anti-executable programs to block malware or have recent images to undo damage by malware?

 

[LPCTech]

You'd be amazed at how many CEO's have to pay it because they keep all of their stuff on their laptops rather than a secure network drive. And are usually doing personal surfing when they get the ransomware

Why don't companies use white list based anti-executable programs to block malware or have recent images to undo damage by malware?

Cuz most people are pathetic level stupid nowadays. Hacking is easy when its not hacking, its tricking stupid people, and that was an art before computers existed. lol

 

[Elixer]

Cuz most people are pathetic level stupid nowadays. Hacking is easy when its not hacking, its tricking stupid people, and that was an art before computers existed. lol

Sadly, that is so true.
People don't want to think these days.

For example, I know a person who went to USPS to mail a package, a few weeks went by, and they got "Notice from UPS" and that had an attachment of "Package.exe" They ran it, and got owned.

I asked them, why they clicked on that? They said, the email said it was about their package. I go, at the post office, did you leave a e-mail address? They said no. I said UPS isn't USPS, they said, it is "all the same thing!" I said so, how did they find you? They said "Computers!".

This is a big reason why MS is forcing people to always apply patches. There are just too many stupid people using computers these days.

 

[Red Squirrel]

Ugh. I worked in a hospital. It's frightening the lack of care for security in that environment. I can't judge every hospital just for having worked in one, but I have a feeling it's typical of any critical environment. They don't want to allow you to make any changes to the network for any reason "in case it goes down" even though the reason you want to make the change is to prevent future downtime. The thinking in that environment is not "we need to do some changes to prevent nnn from happening" it's "we need to ensure that we can blame someone if nnn happens".

 

[PliotronX]

You'd be amazed at how many CEO's have to pay it because they keep all of their stuff on their laptops rather than a secure network drive. And are usually doing personal surfing when they get the ransomware

Not surprised at all actually, haha I realized how bad the problem is when we were reduced to trying a cold boot attack to unlock a BitLockered drive whose key was not planted in AD properly and the drive belonged to the CFO of one of the largest energy companies in the US. All e-mail historically stored on this guy's drive in the form of PST files. Years of documents. No backups. All gone. The only lesson learned was that we need DRAs out the ass if we are to continue using FDE because literally all of the executives in this company do the same s***.

 

[BarkingGhostar]

They'll just cut the hours of one of the nurses for a few months to offset the costs, or charge a patient for an extra aspirin--whichever is more.

 

[John Connor]

What if E-mail attachments were signed with a CRC? Something based on a server in the network. Seems E-mails are the primary vector where hackers get in and this ransomware crap originates.

 

[PliotronX]

What if E-mail attachments were signed with a CRC? Something based on a server in the network. Seems E-mails are the primary vector where hackers get in and this ransomware crap originates.

That's pretty much what S/MIME signing does but I have seen trojans hijack Outlook and send out e-mail that could be misinterpreted as authentic. The signing would just dupe recipients into believing it's legit even moreso. I love the concept of e-mail signatures and encryption, both S/MIME and the PGP model, but in the end it's just a tool. The ultimate weak link is the end user D:

 

[blankslate]

You'd be amazed at how many CEO's have to pay it because they keep all of their stuff on their laptops rather than a secure network drive. And are usually doing personal surfing when they get the ransomware

If those CEO's only had Macbook Pro's then they'd have been safe....


___________