News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Patch Lady – make sure you are protected

    Posted on Susan Bradley Comment on the AskWoody Lounge

    Home Forums AskWoody blog Patch Lady – make sure you are protected

    • This topic has 18 replies, 14 voices, and was last updated 3 weeks ago.
    Viewing 12 reply threads
    • Author
      Posts
      • #2307777 Reply
        Susan Bradley
        Da Boss

        To specifically target hospitals and healthcare with ransomware is pure evil
        [See the full post at: Patch Lady – make sure you are protected]

        Susan Bradley Patch Lady

      • #2307780 Reply
        Erik
        AskWoody Lounger

        This has been going on for a while. I posted about it here: https://www.askwoody.com/forums/topic/over-400-hospitals-hacked-in-the-us-this-weekend/

        At the time this was the only mention on it by any of the news: https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254

        Was a little surprised it received so little media attention and nothing on here until now. It is the largest attack in US history. Three of the four Hospitals in my area (Temecula, CA) were affected by it. They had to go back to full paper. I heard that they still haven’t fully recovered. This week the fourth hospital was down as well for this latest attack.

        Windows 8.1 Group B, Firefox ESR, Duck Duck Go & Protonmail

        • This reply was modified 3 weeks, 5 days ago by Erik.
        • This reply was modified 3 weeks, 5 days ago by Erik.
        3 users thanked author for this post.
        • #2308082 Reply
          Erik
          AskWoody Lounger

          In September, the first known patient to die as a result of malware, died in Germany because the computers at the closest hospital were down. She needed urgent care but had to be brought to a hospital 20 miles away. Doctors were not able to start treating her for an hour and she died. https://apnews.com/article/technology-hacking-europe-cf8f8eee1adcec69bcc864f2c4308c94

          Windows 8.1 Group B, Firefox ESR, Duck Duck Go & Protonmail

          • This reply was modified 3 weeks, 4 days ago by Erik.
          1 user thanked author for this post.
        • #2308737 Reply
          Steve S.
          AskWoody Plus

          @Erik  It was a good thing you tried to bring this to the attention of AskWoody members. I see there were no responses to the original posts – maybe because they were posted to “The Junk Drawer” which is probably not widely read here. They may have raised more eyebrows had they been posted to the “Code Red – Security/Privacy advisories” section. Appreciate the good intentions, though!

           

          Win7 Pro x64(Group B), Win10 Pro x64 1909, Win10 Home 1909, Linux Mint + a cat with 'tortitude'.

          • This reply was modified 3 weeks, 1 day ago by Steve S..
          2 users thanked author for this post.
          • #2308957 Reply
            Erik
            AskWoody Lounger

            Thanks Steve. At the time I was looking for the correct forum to put it in but didn’t think it really fit anywhere so I used the junk drawer. In hind sight I guess the code red forum would have been the right place.

            Windows 8.1 Group B, Firefox ESR, Duck Duck Go & Protonmail

      • #2307783 Reply

        It does make you think about bringing back public flogging, doesn’t it? It’s enough to make me think about forswearing my species and declare myself a Gorilla.

        Awful, just awful. Right next to bombing said institutions, the perps should be made to stand trial for Crimes against Humanity.

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least four legs and no brain."

        -Robert Heinlein

        1 user thanked author for this post.
      • #2307784 Reply
        Bundaburra
        AskWoody Plus

        The perpetrators are ultimate lowlife scum – the forum rules prevent me from saying what I would really like to say.  And no doubt happening in other countries as well.

        Windows 10 Pro 64 bit 20H2

      • #2307800 Reply
        Paul T
        AskWoody MVP

        The problem is not ransomware, it’s poor system security and lack of planning by IT folk. This is probably exacerbated by the US “lowest possible cost” model.

        cheers, Paul

        3 users thanked author for this post.
      • #2307823 Reply
        Fred
        AskWoody Plus

        “lowest possible cost” model

        this new version is very populair here too,   ‘-(
        “Lowest possible cost” model, expanded to the game of “I Know Better”

        ~ ~ ~
      • #2307858 Reply
        UncleRemus83
        AskWoody Lounger

        Turn on Software Restriction Policies in whitelist mode, make sure nobody runs as Administrator, and you’ll sleep better at night.

      • #2307886 Reply
        doriel
        AskWoody Lounger

        These criminals targeting hospitals and other facilities that people need are just awful. Hackers are in lead by a step at everytime, cause OS vendor has to react to newly discvered vulnerabilities and it takes some time to patch these holes.
        Every chain is as strong as its weakest fragment. Same with IT. It takes just one “expert” to bring infection to your system/domain/whatecer.

        Thanks for sharing this information! I have only one advice. These following steps should be done in reverse order 🙂 🙂 🙂

        I’ve installed the October patches.

        I’ve checked to make sure backups are working (and not backing up to a drive that is accessible by the user making the backup – look to your backup vendor/ask them if their solution does this).

        Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

        HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2307888 Reply
        anonymous
        Guest

        Phishing attempts are increasing all over.  I’m now getting about one a day.  According to Politico, the Wisconsin Republican Party just lost $2.3 million to a hacker(s). The FBI is investigating this one.

      • #2308137 Reply
        Tom
        AskWoody Plus

        Can I just ask,  how do you turn email hygiene on? I use Thunderbird, have trackers and 3rd party cookies disabled, HTML turned off and don’t load images.  Is there anything else I should do?

        • #2308177 Reply
          Fred
          AskWoody Plus

          no, don’t click anything
          just delete everything that doesn’t ring a bell

          ~ ~ ~
        • #2308208 Reply
          Paul T
          AskWoody MVP

          Thunderbird is good at stopping trackers and drive-bys, but it can’t prevent you being phished or downloading and running malware. We humans are suckers for flashy new get rich quick schemes, this is the reason the bad guys are successful.

          cheers, Paul

          1 user thanked author for this post.
      • #2308299 Reply
        ScotchJohn
        AskWoody Plus

        I’m starting too late, but I need to keep a running total of the the millions that I have foregone by not clicking on the links in spam eMails.  I feel as though I am well on my way to my first billion.

        Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

      • #2308851 Reply
        compiler
        AskWoody Plus

        One aspect confuses me. I make frequent image backups.

        If I get hit by Ransomware, my understanding is that I can recover by restoring from a backup. So, why can’t hospitals and businesses do the same?

        Also, I save my images on an ext. HD, which I keep in my safe deposit box. The HD is never connected to my computer, other than when I’m doing my image B/U. What is wrong with that?

         

        Mel (Acer laptop, W10 ver 2004)

         

        • #2309194 Reply
          doriel
          AskWoody Lounger

          All problems cant be solved by restoring. Data are safe, but..
          At home, restoring PC from backup will restore your PC exactly as it was some time ago (If you dont use Windows in-built restore points which manages to do exactly NOTHING), but not with enterprise infrastructure: with AD, DC, FS, Exchange, application servers, SQL servers, WSUS, …

          Its just too comlicated to be backed up on “one tape”

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, W10 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

      • #2308853 Reply
        Alex5723
        AskWoody Plus

        So, why can’t hospitals and businesses do the same?

        Mainly because they don’t do backups.

        • #2308856 Reply
          anonymous
          Guest

          Mainly because they don’t do backups.

          I know my credit union does off-site backups and would be back up and running within hours.

          Mel

        • #2308873 Reply
          mn–
          AskWoody Lounger

          … or that their backup procedure is a bad fit for their situation.

          Especially the part about testing that the backup can be restored…

          Also, in a complex enterprise environment, a full restore is sort of expensive anyway (at least if the local regulations require full testing afterwards, which is not unreasonable on the face of it but the full procedure might take a week or two…), so by math if the ransom is less than the total cost of restoring from backup and…

          I just can’t figure out what kind of math would allow them to not do the full testing and recertification anyway after paying the ransom.

          1 user thanked author for this post.
    Viewing 12 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Patch Lady – make sure you are protected

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.