Patch Lady – make sure you are protected

Topic

New Reply

To specifically target hospitals and healthcare with ransomware is pure evil
[See the full post at: Patch Lady – make sure you are protected]

Susan Bradley Patch Lady/Prudent patcher

11 users thanked author for this post.

OscarCP, jburk07, woody, SueW, GreatAndPowerfulTech, doriel, wavy, rontpxz81, lmacri, HiFlyer, Nibbled To Death By Ducks

Reply | Quote

Replies

[Erik]

This has been going on for a while. I posted about it here: https://www.askwoody.com/forums/topic/over-400-hospitals-hacked-in-the-us-this-weekend/

At the time this was the only mention on it by any of the news: https://www.nbcnews.com/tech/security/cyberattack-hits-major-u-s-hospital-system-n1241254

Was a little surprised it received so little media attention and nothing on here until now. It is the largest attack in US history. Three of the four Hospitals in my area (Temecula, CA) were affected by it. They had to go back to full paper. I heard that they still haven’t fully recovered. This week the fourth hospital was down as well for this latest attack.

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

• This reply was modified 4 years, 6 months ago by Erik.
• This reply was modified 4 years, 6 months ago by Erik.

3 users thanked author for this post.

Steve S., jburk07, SueW

Reply | Quote

[Erik]

In September, the first known patient to die as a result of malware, died in Germany because the computers at the closest hospital were down. She needed urgent care but had to be brought to a hospital 20 miles away. Doctors were not able to start treating her for an hour and she died. https://apnews.com/article/technology-hacking-europe-cf8f8eee1adcec69bcc864f2c4308c94

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

• This reply was modified 4 years, 6 months ago by Erik.

1 user thanked author for this post.

SueW

Reply | Quote

[Steve S.]

@Erik  It was a good thing you tried to bring this to the attention of AskWoody members. I see there were no responses to the original posts – maybe because they were posted to “The Junk Drawer” which is probably not widely read here. They may have raised more eyebrows had they been posted to the “Code Red – Security/Privacy advisories” section. Appreciate the good intentions, though!

 

Win10 Pro x64 22H2, Win10 Home 22H2, Linux Mint + a cat with 'tortitude'.

• This reply was modified 4 years, 6 months ago by Steve S..

2 users thanked author for this post.

Erik, SueW

Reply | Quote

Thanks Steve. At the time I was looking for the correct forum to put it in but didn’t think it really fit anywhere so I used the junk drawer. In hind sight I guess the code red forum would have been the right place.

Windows 8.1 Group B, Brave & Mozilla ESR - grudgingly & Protonmail

Reply | Quote

It does make you think about bringing back public flogging, doesn’t it? It’s enough to make me think about forswearing my species and declare myself a Gorilla.

Awful, just awful. Right next to bombing said institutions, the perps should be made to stand trial for Crimes against Humanity.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

Douglas

Reply | Quote

The perpetrators are ultimate lowlife scum – the forum rules prevent me from saying what I would really like to say.  And no doubt happening in other countries as well.

Windows 10 Pro 64 bit 20H2

Reply | Quote

The problem is not ransomware, it’s poor system security and lack of planning by IT folk. This is probably exacerbated by the US “lowest possible cost” model.

cheers, Paul

3 users thanked author for this post.

jburk07, GreatAndPowerfulTech, wavy

Reply | Quote

Paul T wrote:

“lowest possible cost” model

this new version is very populair here too,   ‘-(
“Lowest possible cost” model, expanded to the game of “I Know Better”

* _ ... _ *

Reply | Quote

Turn on Software Restriction Policies in whitelist mode, make sure nobody runs as Administrator, and you’ll sleep better at night.

Reply | Quote

These criminals targeting hospitals and other facilities that people need are just awful. Hackers are in lead by a step at everytime, cause OS vendor has to react to newly discvered vulnerabilities and it takes some time to patch these holes.
Every chain is as strong as its weakest fragment. Same with IT. It takes just one “expert” to bring infection to your system/domain/whatecer.

Thanks for sharing this information! I have only one advice. These following steps should be done in reverse order

I’ve installed the October patches.

I’ve checked to make sure backups are working (and not backing up to a drive that is accessible by the user making the backup – look to your backup vendor/ask them if their solution does this).

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Phishing attempts are increasing all over.  I’m now getting about one a day.  According to Politico, the Wisconsin Republican Party just lost $2.3 million to a hacker(s). The FBI is investigating this one.

Reply | Quote

Can I just ask,  how do you turn email hygiene on? I use Thunderbird, have trackers and 3rd party cookies disabled, HTML turned off and don’t load images.  Is there anything else I should do?

Reply | Quote

no, don’t click anything
just delete everything that doesn’t ring a bell

* _ ... _ *

Reply | Quote

Thunderbird is good at stopping trackers and drive-bys, but it can’t prevent you being phished or downloading and running malware. We humans are suckers for flashy new get rich quick schemes, this is the reason the bad guys are successful.

cheers, Paul

1 user thanked author for this post.

doriel

Reply | Quote

I’m starting too late, but I need to keep a running total of the the millions that I have foregone by not clicking on the links in spam eMails.  I feel as though I am well on my way to my first billion.

Dell E5570 Latitude, Intel Core i5 6440@2.60 GHz, 8.00 GB - Win 10 Pro

Reply | Quote

One aspect confuses me. I make frequent image backups.

If I get hit by Ransomware, my understanding is that I can recover by restoring from a backup. So, why can’t hospitals and businesses do the same?

Also, I save my images on an ext. HD, which I keep in my safe deposit box. The HD is never connected to my computer, other than when I’m doing my image B/U. What is wrong with that?

 

Mel (Acer laptop, W10 ver 2004)

 

Reply | Quote

All problems cant be solved by restoring. Data are safe, but..
At home, restoring PC from backup will restore your PC exactly as it was some time ago (If you dont use Windows in-built restore points which manages to do exactly NOTHING), but not with enterprise infrastructure: with AD, DC, FS, Exchange, application servers, SQL servers, WSUS, …

Its just too comlicated to be backed up on “one tape”

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

compiler wrote:

So, why can’t hospitals and businesses do the same?

Mainly because they don’t do backups.

Reply | Quote

Alex5723 wrote:

Mainly because they don’t do backups.

I know my credit union does off-site backups and would be back up and running within hours.

Mel

Reply | Quote

… or that their backup procedure is a bad fit for their situation.

Especially the part about testing that the backup can be restored…

Also, in a complex enterprise environment, a full restore is sort of expensive anyway (at least if the local regulations require full testing afterwards, which is not unreasonable on the face of it but the full procedure might take a week or two…), so by math if the ransom is less than the total cost of restoring from backup and…

I just can’t figure out what kind of math would allow them to not do the full testing and recertification anyway after paying the ransom.

1 user thanked author for this post.

wavy

Reply | Quote