This is not what we need in these final chapters of 2020 with COVID cases spiking.<p>> <i>Charles Carmakal, senior vice president for Mandiant, told Reuters that UNC1878 is one of most brazen, heartless, and disruptive threat actors he’s observed over the course of his career.</i><p>This is what terrorism looks like in 2020. Horrifying, terrifying, disgusting.
It is happening:<p><a href="https://www.bloomberg.com/amp/news/articles/2020-10-28/u-s-hospitals-hit-by-coordinated-ransomware-attack-firm-says" rel="nofollow">https://www.bloomberg.com/amp/news/articles/2020-10-28/u-s-h...</a><p>Patients are being turned away:
Wyckoff Hospital hit by computer virus<p><a href="https://www.reddit.com/r/nyc/comments/jju0rp/wyckoff_hospital_hit_by_computer_virus/" rel="nofollow">https://www.reddit.com/r/nyc/comments/jju0rp/wyckoff_hospita...</a>
Interesting that DHS's public twitter has no word of this, and instead is a full-time campaign ad for the border fence.<p>It's also ironic that for all the pervasive government surveillance of the internet, this stuff just flies right under the radar. I thought the whole point of this surveillance was for our protection?
Bad health IT is a public health issue.<p>Perhaps it’s time for hospitals to regularly report their OS versions and patch levels to our local health departments.
As diabolical as this is, you wouldn't really need state level actions to take down hospitals.<p>Anyone who has been to one in the last year, pre-covid even, understands the ferris wheel of nurses and doctors that churn through the butter of what goes on there.<p>These weren't exactly hardened targets to begin with.
Consider a hospital like a person's body.<p>If you don't nurture a wound, you'll get an infection. If you don't clean your hands before eating or you eat something foul, you get diarrhea.
The outside world is a dangerous place, and if you wish to interact with it, you should have your defences in order and take necessary precautions. And then still bad actors will get through, such as the yearly flu, so you must deal with that as well.<p>You won't defeat the outside world with offense, there's just too much out there, adapting too fast.
If this attack results in actual loss of life, I firmly believe the US should ensure that there are real-world physical consequences for these criminals. They cannot be described as anything less than the worst humanity has to offer. A failure to respond with meaningful and severe consequences for those responsible (assuming this is attack can be confidently attributed to a particular threat actor) opens the floodgates. Time to find out how seriously the US takes its own cyber doctrine.<p><a href="https://www.reuters.com/article/us-usa-defense-cybersecurity-idUSTRE7AF02Y20111116" rel="nofollow">https://www.reuters.com/article/us-usa-defense-cybersecurity...</a>
This is truly appalling per se, even more so during a global pandemic.<p>If I can be of any help to stop this, disrupt these guys or whatever I'm ready to give a few of my days and nights to it.
Contact email in my about.<p>I'm a professional developper with a dormant interest in ethical hacking. Been following EH courses, done some CTFs ranging from basic web pen testing to crypto and assembly debugging and been reading/watching keenly everything I saw on cyber-security in the past 5-6 years.
Mikko Hypponen and F-Secure will get revenge.<p>> Public message to ransomware gangs: Stay the f away from medical organizations. If you target hospital computer systems during the pandemic, we will use all of our resources to hunt you down.<p><a href="https://nitter.net/mikko/status/1240225603565105152?lang=en" rel="nofollow">https://nitter.net/mikko/status/1240225603565105152?lang=en</a>
How similar does this sound to the NotPetya "digital nuke" Russia unleashed on Ukraine?<p><a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/" rel="nofollow">https://www.wired.com/story/notpetya-cyberattack-ukraine-rus...</a>
That's messed up if true, but why would a ransomware operator target them? I mean like, they don't <i>really</i> target, they just wait for people to install something right?
Do all these hospitals have backups that ransomware and automation can not tamper with? Is anti-tampering a requirement in their audits, or just detection? Have any hospitals started implementing secured workstations in kiosk mode? i.e. Windows 10 LTSC with all the hardening options enabled and AD permissions locked down and treating workstations as ephemeral devices.
The actors responsable are doing an all out attack to maximize profits as US Large corps and military are currently targeting their networks to prevent election tampering. These botnet networks have prooven difficult to disrupt even fort hem. This is a profit maximization effort for them and probably one they'll do right before folding and disappearing as the last time hosptials and police were directly targeted national governments began disappearing the perpitrators.<p>What'd be heartless is if the malware, such as the ryuk ransomware in December of 2019, had a bug in it that prevented the decryption key from working and all it did was garble and trash data.<p>Be forwarned, a few groups deploying ransomware are on sanctions lists which carries direct liability if you pay them. If you're the IT staff, make the CFO\CEO pay them and wash your hands of it.
InsurTechnix's founders experienced the effects of cyber attacks on multiple hospitals at our previous start up. That's one of the reasons we founded InsurTechnix.<p>Here's an introduction to our ransomware report: <a href="https://youtu.be/2yDqp34JN9k" rel="nofollow">https://youtu.be/2yDqp34JN9k</a><p>If any hospital CISO and/or IT admin would like a three month free trial - even just to get through the current attacks - please reach out.
US hospitals are ripe to attack. They make huge profits and use extremely outdated tech or use new (untested) software.<p>I take this opportunity to complain about regulatory capture and the medical cartels. Their constant irresponsibility (opioid epidemic, coronavirus response) affects everyone. Yet they still are paid more than any other industry.
Could this be related to repealing ACA in some way? Would information stolen help one side or the other? Or is there no connection? & How would one know anyway?<p>Non-American (but not ignorant of USA) wondering why this is happening now.
It's interesting that this topic was much talked about when I was working with hospitals 3-5 years ago. They've seen it coming, but have largely squandered the opportunity.<p>Most hospitals store their data and run systems on-prem and are hyper-allergic to anything cloud based. They often have sloppy if extant back-up policies, and I've never heard of a hospital practicing a restore from backups. They also all seem to have terrible policies around passwords that cause most of their staff to iterate passwords every few months by simply incrementing a number at the end. You're also quite likely to find passwords on post it notes under half the keyboards in a given facility.<p>Security certifications are kind of a joke and mostly conducted by lawyers and compliance officers who have no technical background, let-alone info sec training.<p>TL;DR this has been a ticking time bomb for a decade and everyone involved knew it.
I assume/hope hospitals have contingency plans for if their network goes down?<p>It would certainly make them less efficient and result in more errors, but hopefully they wouldn’t grind to a complete halt.
Why are hospital systems connected to the public internet, anyway? Wouldn't it make more sense to have all of the life-or-death stuff on its own secure network?
There is still an opportunity from the lessons learned. You can regulate your hospital systems as you regulate financial institutions and certificate them. I was also thinking a network setup on a sub-pub system separating trusted and untrusted networks using computer vision via optical sensors or camera&monitor in an old fashion using ocr,classification or even barkod /optimized qr code that client picks task id and id from queue and shows on a device and server reads via sensor or camera. Maybe problem is not the we are lack of solution but the systems just old.
Maybe hospitals should escrow their data with NSA.
Append only backups. Get ransomware, restore from NSA backup. Make all that storage capacity useful.