• Patch Lady – make sure you are protected

    Home » Forums » Newsletter and Homepage topics » Patch Lady – make sure you are protected

    Author
    Topic
    #2307777

    To specifically target hospitals and healthcare with ransomware is pure evil
    [See the full post at: Patch Lady – make sure you are protected]

    Susan Bradley Patch Lady/Prudent patcher

    Viewing 11 reply threads
    Author
    Replies
    • #2307780

      This has been going on for a while. I posted about it here: https://www.askwoody.com/forums/topic/over-400-hospitals-hacked-in-the-us-this-weekend/

      At the time this was the only mention on it by any of the news: https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254

      Was a little surprised it received so little media attention and nothing on here until now. It is the largest attack in US history. Three of the four Hospitals in my area (Temecula, CA) were affected by it. They had to go back to full paper. I heard that they still haven’t fully recovered. This week the fourth hospital was down as well for this latest attack.

      Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

      • This reply was modified 3 years, 4 months ago by Erik.
      • This reply was modified 3 years, 4 months ago by Erik.
      3 users thanked author for this post.
      • #2308082

        In September, the first known patient to die as a result of malware, died in Germany because the computers at the closest hospital were down. She needed urgent care but had to be brought to a hospital 20 miles away. Doctors were not able to start treating her for an hour and she died. https://apnews.com/article/technology-hacking-europe-cf8f8eee1adcec69bcc864f2c4308c94

        Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

        • This reply was modified 3 years, 4 months ago by Erik.
        1 user thanked author for this post.
      • #2308737

        @Erik  It was a good thing you tried to bring this to the attention of AskWoody members. I see there were no responses to the original posts – maybe because they were posted to “The Junk Drawer” which is probably not widely read here. They may have raised more eyebrows had they been posted to the “Code Red – Security/Privacy advisories” section. Appreciate the good intentions, though!

         

        Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

        • This reply was modified 3 years, 4 months ago by Steve S..
        2 users thanked author for this post.
        • #2308957

          Thanks Steve. At the time I was looking for the correct forum to put it in but didn’t think it really fit anywhere so I used the junk drawer. In hind sight I guess the code red forum would have been the right place.

          Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

    • #2307783

      It does make you think about bringing back public flogging, doesn’t it? It’s enough to make me think about forswearing my species and declare myself a Gorilla.

      Awful, just awful. Right next to bombing said institutions, the perps should be made to stand trial for Crimes against Humanity.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      1 user thanked author for this post.
    • #2307784

      The perpetrators are ultimate lowlife scum – the forum rules prevent me from saying what I would really like to say.  And no doubt happening in other countries as well.

      Windows 10 Pro 64 bit 20H2

    • #2307800

      The problem is not ransomware, it’s poor system security and lack of planning by IT folk. This is probably exacerbated by the US “lowest possible cost” model.

      cheers, Paul

      3 users thanked author for this post.
    • #2307823

      “lowest possible cost” model

      this new version is very populair here too,   ‘-(
      “Lowest possible cost” model, expanded to the game of “I Know Better”

      * _ being 20 in the 70's was fun _ *
    • #2307858

      Turn on Software Restriction Policies in whitelist mode, make sure nobody runs as Administrator, and you’ll sleep better at night.

    • #2307886

      These criminals targeting hospitals and other facilities that people need are just awful. Hackers are in lead by a step at everytime, cause OS vendor has to react to newly discvered vulnerabilities and it takes some time to patch these holes.
      Every chain is as strong as its weakest fragment. Same with IT. It takes just one “expert” to bring infection to your system/domain/whatecer.

      Thanks for sharing this information! I have only one advice. These following steps should be done in reverse order 🙂 🙂 🙂

      I’ve installed the October patches.

      I’ve checked to make sure backups are working (and not backing up to a drive that is accessible by the user making the backup – look to your backup vendor/ask them if their solution does this).

      Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

      HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      PRUSA i3 MK3S+

    • #2307888

      Phishing attempts are increasing all over.  I’m now getting about one a day.  According to Politico, the Wisconsin Republican Party just lost $2.3 million to a hacker(s). The FBI is investigating this one.

    • #2308137

      Can I just ask,  how do you turn email hygiene on? I use Thunderbird, have trackers and 3rd party cookies disabled, HTML turned off and don’t load images.  Is there anything else I should do?

      • #2308177

        no, don’t click anything
        just delete everything that doesn’t ring a bell

        * _ being 20 in the 70's was fun _ *
      • #2308208

        Thunderbird is good at stopping trackers and drive-bys, but it can’t prevent you being phished or downloading and running malware. We humans are suckers for flashy new get rich quick schemes, this is the reason the bad guys are successful.

        cheers, Paul

        1 user thanked author for this post.
    • #2308299

      I’m starting too late, but I need to keep a running total of the the millions that I have foregone by not clicking on the links in spam eMails.  I feel as though I am well on my way to my first billion.

      Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

    • #2308851

      One aspect confuses me. I make frequent image backups.

      If I get hit by Ransomware, my understanding is that I can recover by restoring from a backup. So, why can’t hospitals and businesses do the same?

      Also, I save my images on an ext. HD, which I keep in my safe deposit box. The HD is never connected to my computer, other than when I’m doing my image B/U. What is wrong with that?

       

      Mel (Acer laptop, W10 ver 2004)

       

      • #2309194

        All problems cant be solved by restoring. Data are safe, but..
        At home, restoring PC from backup will restore your PC exactly as it was some time ago (If you dont use Windows in-built restore points which manages to do exactly NOTHING), but not with enterprise infrastructure: with AD, DC, FS, Exchange, application servers, SQL servers, WSUS, …

        Its just too comlicated to be backed up on “one tape”

        Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        PRUSA i3 MK3S+

    • #2308853

      So, why can’t hospitals and businesses do the same?

      Mainly because they don’t do backups.

      • #2308856

        Mainly because they don’t do backups.

        I know my credit union does off-site backups and would be back up and running within hours.

        Mel

      • #2308873

        … or that their backup procedure is a bad fit for their situation.

        Especially the part about testing that the backup can be restored…

        Also, in a complex enterprise environment, a full restore is sort of expensive anyway (at least if the local regulations require full testing afterwards, which is not unreasonable on the face of it but the full procedure might take a week or two…), so by math if the ransom is less than the total cost of restoring from backup and…

        I just can’t figure out what kind of math would allow them to not do the full testing and recertification anyway after paying the ransom.

        1 user thanked author for this post.
    Viewing 11 reply threads
    Reply To: Patch Lady – make sure you are protected

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: