Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Ransomware: Coming To A Hospital Near You?
Newest First  |  Oldest First  |  Threaded View
Christiaan.Beek
50%
50%
Christiaan.Beek,
User Rank: Apprentice
9/30/2016 | 9:27:12 AM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
IMHO concerning part here is that for example a stolen credit-card and data can be easily changed. You call to block your card and within a few business days you have a new card and the compromised data changed. With Medical data it's quite different, it can't be changed easily...
DavidF740
50%
50%
DavidF740,
User Rank: Apprentice
9/28/2016 | 9:45:32 AM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
Backup is the last line of defense. Yes, Harden the front end Network and Systems, Train the users and create and deploy an  Air-Gapped Backup system.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
9/27/2016 | 3:46:14 PM
Re: Ransomware is fast.
True, there are generally two problems when it comes to ransomware:

1. The person in the chair, as you call it. In many cases it's a person that instigates the ransomware through a phishing email, and the only way to solve that problem is through training. There are certainly some good technologies that can reduce the chances a phishing email gets through or prevents a user from clicking on a known bad link, but if someone is willing to click on something they shouldn't, the bad guys will always take advantage of the opportunity.

2. The files getting encrypted - Once the person in the chair has set the process in motion, automation is the only way to stop the attack while underway. Having an automated system that can investigate, identify, and understand that the files are being encrypted and then stopping the process, severing the remote connection, and removing all traces is the only way. Otherwise, you're right: you have to just re-image the whole thing and restore from backup. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:36:10 PM
Train train train
While backup is reactive approach, training people is actually proactive approach to ransomware problems. It is better to spend time and money in awareness.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:33:26 PM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
"... ransomware could be the single largest cybersecurity threat facing consumers ..." I would think it is the most impactful. There are companies paying to get the decryption key, that shows how successful it is.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:31:29 PM
Re: Ransomware is fast.
"... automation must be considered ..." I would say yes if the automation is reducing user interaction. The proeblem is the person on the chair as we know it.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:30:05 PM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
"... 400,000 healthcare records ..." This is a big number when we consider they charge per record.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:27:19 PM
Backup backup backup
There is no really easy solution for ransomware. The only option we are left with is to take backup and keep it somewhere without overwriting it for a while.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
9/27/2016 | 1:07:21 PM
Ransomware is fast.
Per your point:

Develop an incident response plan so that if your systems are compromised, you can get back in operation quickly.

With the speed by which ransomware can spread, automation must be considered when developing an incident response strategy. 

ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
9/27/2016 | 7:17:38 AM
More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
Cybersecurity firm OWL recently discovered over 400,000 healthcare records on the Dark Web. Some of these files were swiped during traditional system hacks. But, said OWL's president and CEO Mark Turnage, ransomware was responsible for the majority of the leaks. In the near future, ransomware could be the single largest cybersecurity threat facing consumers, companies, and organizations. https://cyware.com/news/more-than-400000-sensitive-healthcare-records-leaked-on-the-dark-web-dcec7889


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.