Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Ransomware: Coming To A Hospital Near You?
Threaded  |  Newest First  |  Oldest First
ChandanaP946
50%
50%
ChandanaP946,
User Rank: Strategist
9/27/2016 | 7:17:38 AM
More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
Cybersecurity firm OWL recently discovered over 400,000 healthcare records on the Dark Web. Some of these files were swiped during traditional system hacks. But, said OWL's president and CEO Mark Turnage, ransomware was responsible for the majority of the leaks. In the near future, ransomware could be the single largest cybersecurity threat facing consumers, companies, and organizations. https://cyware.com/news/more-than-400000-sensitive-healthcare-records-leaked-on-the-dark-web-dcec7889
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:30:05 PM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
"... 400,000 healthcare records ..." This is a big number when we consider they charge per record.
Christiaan.Beek
50%
50%
Christiaan.Beek,
User Rank: Apprentice
9/30/2016 | 9:27:12 AM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
IMHO concerning part here is that for example a stolen credit-card and data can be easily changed. You call to block your card and within a few business days you have a new card and the compromised data changed. With Medical data it's quite different, it can't be changed easily...
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:33:26 PM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
"... ransomware could be the single largest cybersecurity threat facing consumers ..." I would think it is the most impactful. There are companies paying to get the decryption key, that shows how successful it is.
DavidF740
50%
50%
DavidF740,
User Rank: Apprentice
9/28/2016 | 9:45:32 AM
Re: More than 400,000 Sensitive Healthcare Records Leaked on the Dark Web
Backup is the last line of defense. Yes, Harden the front end Network and Systems, Train the users and create and deploy an  Air-Gapped Backup system.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
9/27/2016 | 1:07:21 PM
Ransomware is fast.
Per your point:

Develop an incident response plan so that if your systems are compromised, you can get back in operation quickly.

With the speed by which ransomware can spread, automation must be considered when developing an incident response strategy. 

Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:31:29 PM
Re: Ransomware is fast.
"... automation must be considered ..." I would say yes if the automation is reducing user interaction. The proeblem is the person on the chair as we know it.
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
9/27/2016 | 3:46:14 PM
Re: Ransomware is fast.
True, there are generally two problems when it comes to ransomware:

1. The person in the chair, as you call it. In many cases it's a person that instigates the ransomware through a phishing email, and the only way to solve that problem is through training. There are certainly some good technologies that can reduce the chances a phishing email gets through or prevents a user from clicking on a known bad link, but if someone is willing to click on something they shouldn't, the bad guys will always take advantage of the opportunity.

2. The files getting encrypted - Once the person in the chair has set the process in motion, automation is the only way to stop the attack while underway. Having an automated system that can investigate, identify, and understand that the files are being encrypted and then stopping the process, severing the remote connection, and removing all traces is the only way. Otherwise, you're right: you have to just re-image the whole thing and restore from backup. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:27:19 PM
Backup backup backup
There is no really easy solution for ransomware. The only option we are left with is to take backup and keep it somewhere without overwriting it for a while.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/27/2016 | 3:36:10 PM
Train train train
While backup is reactive approach, training people is actually proactive approach to ransomware problems. It is better to spend time and money in awareness.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27020
PUBLISHED: 2021-05-14
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation).
CVE-2021-30183
PUBLISHED: 2021-05-14
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.
CVE-2021-31922
PUBLISHED: 2021-05-14
An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. This vulnerability is resolved in 21.1, 20.3R1, 20.2R1, 20.1R2, 19.2R4, and 18.2R3.
CVE-2021-32051
PUBLISHED: 2021-05-14
Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.