Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Ransomware: Coming To A Hospital Near You?
Newest First  |  Oldest First  |  Threaded View
Christiaan.Beek
50%
50%
Christiaan.Beek,
User Rank: Apprentice
9/30/2016 | 9:27:12 AM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
IMHO concerning part here is that for example a stolen credit-card and data can be easily changed. You call to block your card and within a few business days you have a new card and the compromised data changed. With Medical data it's quite different, it can't be changed easily...
DavidF740
50%
50%
DavidF740,
User Rank: Apprentice
9/28/2016 | 9:45:32 AM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
Backup is the last line of defense. Yes, Harden the front end Network and Systems, Train the users and create and deploy an  Air-Gapped Backup system.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
9/27/2016 | 3:46:14 PM
Re: Ransomware is fast.
True, there are generally two problems when it comes to ransomware:

1. The person in the chair, as you call it. In many cases it's a person that instigates the ransomware through a phishing email, and the only way to solve that problem is through training. There are certainly some good technologies that can reduce the chances a phishing email gets through or prevents a user from clicking on a known bad link, but if someone is willing to click on something they shouldn't, the bad guys will always take advantage of the opportunity.

2. The files getting encrypted - Once the person in the chair has set the process in motion, automation is the only way to stop the attack while underway. Having an automated system that can investigate, identify, and understand that the files are being encrypted and then stopping the process, severing the remote connection, and removing all traces is the only way. Otherwise, you're right: you have to just re-image the whole thing and restore from backup. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:36:10 PM
Train train train
While backup is reactive approach, training people is actually proactive approach to ransomware problems. It is better to spend time and money in awareness.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:33:26 PM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
"... ransomware could be the single largest cybersecurity threat facing consumers ..." I would think it is the most impactful. There are companies paying to get the decryption key, that shows how successful it is.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:31:29 PM
Re: Ransomware is fast.
"... automation must be considered ..." I would say yes if the automation is reducing user interaction. The proeblem is the person on the chair as we know it.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:30:05 PM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
"... 400,000 healthcare records ..." This is a big number when we consider they charge per record.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:27:19 PM
Backup backup backup
There is no really easy solution for ransomware. The only option we are left with is to take backup and keep it somewhere without overwriting it for a while.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
9/27/2016 | 1:07:21 PM
Ransomware is fast.
Per your point:

Develop an incident response plan so that if your systems are compromised, you can get back in operation quickly.

With the speed by which ransomware can spread, automation must be considered when developing an incident response strategy. 

ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
9/27/2016 | 7:17:38 AM
More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
Cybersecurity firm OWL recently discovered over 400,000 healthcare records on the Dark Web. Some of these files were swiped during traditional system hacks. But, said OWL's president and CEO Mark Turnage, ransomware was responsible for the majority of the leaks. In the near future, ransomware could be the single largest cybersecurity threat facing consumers, companies, and organizations. https://cyware.com/news/more-than-400000-sensitive-healthcare-records-leaked-on-the-dark-web-dcec7889


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "Elon, I think our cover's been blown."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...
CVE-2021-2299
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful atta...
CVE-2021-2300
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...