I have a feeling there is a very short security-hygiene checklist that, if followed, could prevent the vast majority of the ransomware attacked that we have seen in the last few years.<p>* Keep all systems up to date with the latest patches.<p>* Have a DR plan and test it regularly.<p>* Make frequent backups, verify them, and keep them <i>offline</i>.<p>Historically organizations have been so bad at backups that the advice has been to automate them as much as possible, to try to ensure that a recent backup at least exists. But I am increasingly of the opinion that the next level of backup maturity is to dial back on the automation and invest <i>manual</i> effort in airgapping the backups.<p>Fully automated backups are necessarily part of the software attack surface.<p>If you have to hire more ops people to rotate tapes by hand every day, that will have to be a cost of doing business safely.
A lot of these articles don't actually mention specifically how the systems were compromised.<p>Was it a malicious email attachment that propagated through unsecured networks or outdated OS versions? And what data was encrypted? Are we talking regular excel files or actual databases?<p>It would be interesting to have some more detail or case studies so others could know how to fortify infection points and limit the blast radius of their own systems.
One can do ZFS snapshots so one does not need do insanely huge backups all the time. Just transfer off the diffs as needed. If an attack happens it's pretty easy to roll-back to a known good state. It's also not that complex to set some process in place that does random checksum verification of some files to trigger an alarm that such an attack has taken place. It is really perplexing me that very large institutes don't do this
There's a trend of paying these ransomware attacks which are sometimes in the order of millions. Imagine if those millions were _proactively_ invested into the computer security of these systems?
A bit more detail in The Irish Independent. References the Conti ransomware.<p><a href="https://m.independent.ie/irish-news/serious-and-sophisticated-hse-confirms-ransomware-cyber-attack-has-hit-all-hospital-it-systems-40425737.html" rel="nofollow">https://m.independent.ie/irish-news/serious-and-sophisticate...</a>
One of the major issues I've seen while working with large organisation on software development is one of mindset. These are organisations who predominantly think: "We are an 'x' organisation that happens to develop software". The more productive and safer way of thinking is: "We are a software development organisation that is within 'x' market".<p>However, the latter requires a huge mindset and experience shift from the very top of the organisation. And groups and individuals of that organisation having strong interest in their survivability are, of course, not going to change that.
Odd effect of this is that it would be difficult to distinguish encrypted backups from ransomware encrypted files being backed up.<p>Cloud documents like Word and Google docs seem less susceptible, as writing a content parser for each file format to encrypt it would be a higher bar. Or am I missing something there?<p>It also suggests there could be a market for cryptocurrency futures as a form of insurance. This is one extreme situation where you are forced to buy a currecy at market prices, but I suspect it's the first of more.
I love the increase in these kind of attacks, eventually there will be enough pressure for liability legislation for companies to take security seriously.
On one hand I'm excited about all the good things that e-health can enable for us, but then again, I'm super scared to leave a trail of my health history in IT systems.
That's not the first attack on health.. in the context of a worldwide struggle I find the operation against medical institution utterly despicable. God.