Slashdot Mirror

← Back to Stories (view on slashdot.org)

L.A. Hospital Pays Off Ransomware Thieves To Reclaim Its Network (google.com)

Posted by timothy on from the let-me-guess-the-operating-system dept.

Los Angeles' Presbyterian Medical Center, the target of a successful ransomware attack (successful from the thieves' point of view, that is) has buckled under: to regain control of its network, the hospital has paid a 40-bitcoin ransom (about $17,000) to the gang responsible. That, at least, is a far cry from the much higher ransom widely reported to have been initially demanded: 9,000 bitcoin. (That would have meant a payment of $3.6-3.9 million.)

159 comments

  1. Preeeecious by Tablizer · · Score: 4, Insightful

    They fed the trolls.

    --
    Table-ized A.I.
    1. Re:Preeeecious by Black+Parrot · · Score: 1

      D. Trump, the first Troll President?

      No, the Constitution clearly states that only Lizard People can be presidents.

      --
      Sheesh, evil *and* a jerk. -- Jade
    2. Re:Preeeecious by Anonymous Coward · · Score: 0

      So only Cruz can run?

    3. Re:Preeeecious by Viewsonic · · Score: 1

      If by "they", you mean the FBI paid the ransom to see where it goes, then yes, "they" fed the trolls.

    4. Re:Preeeecious by Zaowulf · · Score: 1

      And Hilary, though even our scaly overlords don't particularly like her.

    5. Re:Preeeecious by Anonymous Coward · · Score: 0

      We got one in the form of Obama

  2. At that price... by MrKrillls · · Score: 2

    Cheaper to pay than to fix it themselves. Yes?

    --
    Don't step on the baby.
    1. Re:At that price... by Harlequin80 · · Score: 3, Informative

      By an absolute mile. At $17,000 you would just pay it straight away. They would have lost far more as a result of the systems being offline, and assuming the ransomware had got itself all through they systems it would have been orders of magnitude more to clean the system if it was even possible.

    2. Re:At that price... by Jeremi · · Score: 5, Insightful

      Of course, this does assume that the ransomers won't come back and ask for more money next week.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    3. Re:At that price... by MtHuurne · · Score: 5, Informative

      It's a short-sighted solution though. Their systems are still vulnerable, probably even still infected. And they validated the business model of the attackers, so more attacks will be coming.

      Also, while the CEO insists that hospital records were not compromised, I'm reading that as "the attackers weren't interested in hospital records", not "the hospital records were safe".

    4. Re:At that price... by arbiter1 · · Score: 4, Insightful

      Or that the theives didn't already download a ton of patient data off their machines which since they accepted such low amount from what they wanted sounds like they got enough info to make a ton of $ off identity theft.

    5. Re:At that price... by Harlequin80 · · Score: 3, Insightful

      Short sighted from an industry view, probably not from the hospitals view. You would hope they have air gapped their network from the internet at this stage while they reappraise their security and plug holes. From my understanding the ransomware attackers don't normally attack the same target twice as you are less likely to pay up if you think it will happen again. So this should protect them from the current infection.

      It also wouldn't surprise me if patient records were untouched. Those are probably behind higher levels of security than the rest of the network. What I suspect happened is they lost a way of accessing them because all their other systems went down.

    6. Re:At that price... by MtHuurne · · Score: 1

      It also wouldn't surprise me if patient records were untouched. Those are probably behind higher levels of security than the rest of the network. What I suspect happened is they lost a way of accessing them because all their other systems went down.

      If they were accessing the patient records from compromised systems, then the patient records were not safe, even if the records server itself wasn't infected.

    7. Re: At that price... by Anonymous Coward · · Score: 1

      $17,000 isn't that what the average US hospital charges for a roll of toilet paper?

    8. Re:At that price... by Harlequin80 · · Score: 1

      Not necessarily at all. If you access the patient records via a citrix system for example there would be no reason to believe the patient records were compromised just because the host machine was. This can also be extended to applications that communicate with a database server. There is nothing that prevents that being encrypted every step of the way.

      The only way would be via screenshots and your data rate would be terrible.

    9. Re:At that price... by Crashmarik · · Score: 1

      Not likely the internet is used for insurance verification, patient record requests, remote data access for physicians at their offices and billing. There's certainly a bunch of other things that aren't on the top of my head.

    10. Re:At that price... by Anonymous Coward · · Score: 0

      This... time... muhahahahahahaaaa

    11. Re:At that price... by MtHuurne · · Score: 1

      If such a remote desktop is authenticated via password, a key logger on the compromised machine could capture it. That combined with the records system being accessible from the compromised network means the attackers could start their own remote desktop session to the records system.

    12. Re:At that price... by edis · · Score: 1

      And there are only those attackers, naturally. No others will be informed where to find those, who are willing to pay, and what to do for that.
      So, they just integrated terrorism into their business as usual. What perspectives this does actually open?

      --
      Servant of karma
    13. Re: At that price... by Maritz · · Score: 2

      That's the per-sheet rate. Can believe you thought you'd get a whole roll just for that. The very idea, LOL !!!

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    14. Re:At that price... by Anonymous Coward · · Score: 0

      Of course, this does assume that the ransomers won't come back and ask for more money next week.

      It assumes a lot more than that. It also assumes that they have no ethical responsibility regarding how their actions will negatively impact others. Paying ransom is a deeply self-oriented act of cowardice.

    15. Re:At that price... by Big+Hairy+Ian · · Score: 1

      From my understanding the ransomware attackers don't normally attack the same target twice as you are less likely to pay up if you think it will happen again. So this should protect them from the current infection

      The same ones may not come back but I can guarantee their competition has recognized an easy mark. Expect bible salesmen any minute!

      --

      Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

    16. Re:At that price... by Salgak1 · · Score: 1

      Indeed. Once you pay the Danegeld, you never get rid of the Dane. . . .

    17. Re: At that price... by Salgak1 · · Score: 1

      You forgot to roll in the per-sheet delivery, handling, installation, and disposal fees. Plus environmental fees for hazardous biowaste disposal. That would get us back to the original US$9 million. . .

    18. Re:At that price... by operagost · · Score: 1

      Yeah, I would imagine that expiring all passwords would be the standard action here.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    19. Re:At that price... by DarkTempes · · Score: 1

      And given that it's ransomware it doesn't have to include a back door component. It might even be smarter not to include a back door as it gives fewer traces back to the exploiter for the authorities to follow.

      The software just has to get onto a machine, even if air-gapped, and encrypt files and then prompt the user to contact some address for the key to decrypt the files.

      So even if the patient data isn't encrypted it is quite possible that no data left the hospital network.

    20. Re:At that price... by Anonymous Coward · · Score: 0

      Who's liable if the hospital is found negligent with other systems (personal doctor computer, insurance company) being infected?

    21. Re:At that price... by Anonymous Coward · · Score: 0

      Still short sighted from the hospital view. They havn't cleaned their systems. They'll just get ransomed again in a week, or a month, or later today.

    22. Re:At that price... by nycsubway · · Score: 1

      Unfortunately, it is cheaper. It's not just the cost, the medical staff can't do much to admit or treat patients without the electronic medical record system. They have patients waiting for surgery, procedures, med orders, etc.

      It's also unfortunate because it creates a precedent. It's a no-win situation for that hospital.

      --
      http://github.com/gbook/nidb
    23. Re: At that price... by Anonymous Coward · · Score: 0

      Um, I'm pretty sure that the hospital, being Presbyterian, is already in the market for Bibles.

    24. Re:At that price... by KGIII · · Score: 1

      Hate to say it but I agree with their choice. They got off *cheap.* I mean, dirt cheap. That's absurdly cheap and a good thing for them. I wonder how long it took for the bad guys to realize they'd scored a hospital network? Unless it was spear-phishing, they probably had no idea what they'd netted at first. I have to wonder if they realized the scale, the size and scope, of what they'd netted, asked for the original amount thinking it might be something other than what it was, and then asked for the original amount - without knowing there'd be this much publicity.

      That they went down in asking price indicates that they changed their mind. That tells me that it kind of likely that something changed mid-way through. Perhaps they'd not planned on this, something with that much publicity, something with that much backlash? If that's the case, I could see them lowering the ransom, perhaps with some kind of immunity deal - where the police won't look for them too hard? Because, let's face it, if they held out for the total and it hadn't been paid or if it hadn't been decrypted when paid, they'd have *really* pissed off some people and sometimes the American populace goes a little batshit crazy with their revenge.

      So, I wonder if they bit off something bigger than intended, threw the number out, found out it was a hospital, got offered a "deal" with less of a man-hunt and lower pay, and agreed to it lest they wake up dead after visit from a couple of angry guys in black make-up and oddly carrying an inflatable boat with them. I realize that seems a bit conspiratorial but I don't think it's that far fetched.

      --
      "So long and thanks for all the fish."
    25. Re:At that price... by Crashmarik · · Score: 1

      Beats me. I am not a lawyer, but I would guess whoever has the deepest pockets.

    26. Re:At that price... by KGIII · · Score: 2

      It's true that that's a good assumption to make but there's no real way to know if they had anything with a greater complexity than simply encrypting via remote. I've actually seen/read some of the malware that is out there - it was actually up on GitHub and at PasteBin. I can't actually say, for certain, what it was but it is pretty simple. It's not nearly as complicated as one might think - and it doesn't actually do anything more then just encrypt.

      Basically, the two samples that I've seen did this:

      Get attached to something - it rides in via a trojan or an exploit in a browser or something like that.
      It sends back a report to a C&C server.
      It checks for attached shares, drives, attached devices.
      It sends back a report to the C&C - it is not a RAT or anything like that. (Usually a compromised server, seems to be a PHP page.)
      As near as I can tell - I've not seen the C&C itself, it then lets them send a command when they want and not much else - it just lays dormant.
      It will keep sending reports to let you know if it's found new connected devices and it continues to wait.
      They encrypt it (I guess they could wait) and it generates a key and assigns that device/devices/hack a number.
      I don't know what they do with the key - I assume they save it along with the number.
      This locks the computer pretty much - I think they can kind of select which things they'll encrypt but it doesn't look all that refined.
      It doesn't look like they can even wildcard, they can do whole folders and not, say, *.doc or whatnot.
      They can then send a message that will appear on the screen that includes directions on how to get the key.
      One of them appears to be able to decrypt from remote? I'm not sure if they have a system to store the key at the C&C and point & click.
      They can include other comments, like contact details or whatnot - I assume they do as the hospital was able to communicate with them.
      That's about it.

      So, unless it's packaged with other things, that's all I've seen. I'm sure it can be daisy-chained. It just looks like they package it up with exploits or attach it to executables, or things like that. I imagine they can do some tweaking with it? I imagine they can spear-phish and whatnot. It doesn't look as complicated as we might think. It doesn't do *anything* other than that - in the cases that I've seen.** There's no magic sauce, no real control, it doesn't afford any way to exfiltrate the data, no method to be really all that specific about what they attack, and they can't really encrypt everything or the user would have no control of the OS at all as it wouldn't even boot.

      ** It should be clear that I'm not a programmer. I have done some programming, quite a bit of it. Just not in a long time and I'm not that good. But, if it did more than that, I did not see it in the code. It's really very basic. I have not seen the C&C server but it connects to a PHP file and you simply change that to your own server - I'm assuming they use compromised servers and just keep it hidden in some dusty old folder that the admin is unlikely to notice. There's no reason it couldn't be attached to something else but, by itself, that's all it appears to do.

      --
      "So long and thanks for all the fish."
    27. Re:At that price... by Anonymous Coward · · Score: 0

      Short sighted from an industry view, probably not from the hospitals view. You would hope they have air gapped their network from the internet at this stage while they reappraise their security and plug holes. From my understanding the ransomware attackers don't normally attack the same target twice as you are less likely to pay up if you think it will happen again. So this should protect them from the current infection.

      It also wouldn't surprise me if patient records were untouched. Those are probably behind higher levels of security than the rest of the network. What I suspect happened is they lost a way of accessing them because all their other systems went down.

      Hate to tell you this but hospitals have the WORSE security of any networks. "Air Gapped" oh hell no they don't have a clue what that is. "Higher levels of security" nope everything on a completely flat network with no controls.

      I have worked as a Pen Tester for 20 years. Hospital network security is a joke at ANY hospital. All I have ever seen and yes I have seen a lot there just isn't any network security. Hell I just recently tested a hospital and the Domain Administrator accounts password was "password". Really no shit. Most hospitals have being tested and failing don't fix what is found. Just last month I retested a hospital I tested last year and the exact same holes were there that was there last year. Hacking it was a cake walk. Hospitals do not give a fuck about your records or network security. To them network security is just a hassle.

  3. How much is that in commodity medical supplies? by xxxJonBoyxxx · · Score: 5, Informative

    >> the hospital has paid a 40-bitcoin ransom (about $17,000)

    That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.

    1. Re:How much is that in commodity medical supplies? by Rinikusu · · Score: 5, Funny

      17 of those Shkreli specials.

      --
      If you were me, you'd be good lookin'. - six string samurai
    2. Re:How much is that in commodity medical supplies? by ZipK · · Score: 1

      That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.

      At the negotiated Medicare discount price.

    3. Re:How much is that in commodity medical supplies? by U2xhc2hkb3QgU3Vja3M · · Score: 1

      Or in Canada, assuming a $17K USD value of 23217.75 Canadian Dollars and a retail price of $12.99 for 200 tablets of regular strength Aspirin (without taxes), that's about 1787 boxes x 200 tablets = 357400 tablets.

    4. Re:How much is that in commodity medical supplies? by mwvdlee · · Score: 0

      Never to worry; when Trump the Magnificent Negotiator comes to power, he'll negotiate those prices down to no medicare system at all.
      He'll build a wall around hospitals and let poor people pay for it.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    5. Re:How much is that in commodity medical supplies? by jandersen · · Score: 1

      the hospital has paid a 40-bitcoin ransom (about $17,000)

      That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.

      What you're saying seems to imply a really interesting price structure: 340 Aspirin tablets for $17000? Or are we talking about a seriouosly hefty kind of portable computing device called 'Aspirin'?

    6. Re:How much is that in commodity medical supplies? by Richard_at_work · · Score: 1

      Or in the UK, assuming $17K USD is £11,873.30 (xe.com conversion) - that's 400,545 tablets at retail prices in our local supermarket.

    7. Re:How much is that in commodity medical supplies? by dcollins117 · · Score: 2

      It takes a special talent to miss the point so completely.

      While it is true you can buy aspirin over the counter for a fraction of a penny per pill, that is not the same price you will be billed if you are hospitalized in the US and a nurse gives you the exact same aspirin. OP suggested, perhaps tongue-in-cheek, a price of $50 USD per pill. That's only about twice as much as reported here.

      In L.A. I would not be surprised if they charge $50 per aspirin.

    8. Re:How much is that in commodity medical supplies? by ThatsNotPudding · · Score: 2

      That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.

      Can you convert that to Danegeld?

    9. Re:How much is that in commodity medical supplies? by U2xhc2hkb3QgU3Vja3M · · Score: 2

      Not my fault if you live in a you're-poor-so-you're-going-to-die country.

      In real countries, health care is free and everyone is billed a small amount.

    10. Re:How much is that in commodity medical supplies? by Impy+the+Impiuos+Imp · · Score: 1

      Most of that is paying for the nurse to come in and give it to the patient.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    11. Re:How much is that in commodity medical supplies? by Impy+the+Impiuos+Imp · · Score: 1

      How much does such a tablet cost in your hospital when an NHS employee brings that aspirin to a patient?

      No cheating by hiding the costs behind a "general salary" issue.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    12. Re:How much is that in commodity medical supplies? by Anonymous Coward · · Score: 0

      That's about 340 tablets of hospital aspirin or 680 hospital bandaids for those counting at home.

      Can you convert that to Danegeld?

      Sure... 40 BitCoin

    13. Re:How much is that in commodity medical supplies? by Anonymous Coward · · Score: 0

      So, Canada isn't a real country because I can assure you, the hospitals here don't give away free medication like that. Cancer treatment drugs, sure. The various medicines you get to take for a C-Section with epidural? Well, the epidural is free, the rest of them sure aren't. Basically, if the hospital isn't injecting you with it, or it's not a special exception drug, you're paying for it out of your own pocket.

      Pain in the ass, too, because you get to go to the hospital pharmacy while you're in the hospital, see that it isn't open, then drive elsewhere for them.

      BTW: Aspirin, or at least the generic, is far cheaper in the USA than I've ever seen in Canada, even at dollar stores. I always pick some up for returning to Canada.

    14. Re:How much is that in commodity medical supplies? by nbauman · · Score: 1

      It's one thing to go into CVS and take a bottle of aspirin off a shelf next to all the other OTC remedies.

      It's something else again to go into a hospital pharmacy and take a bottle of aspirin off a shelf next to a lot of drugs that could kill you.

      http://www.nytimes.com/2015/03...
      At my own hospital, in 2013 we gave a teenager a 39-fold overdose of a common antibiotic. The initial glitch was innocent enough: A doctor failed to recognize that a screen was set on âoemilligrams per kilogramâ rather than just âoemilligrams.â But the jaw-dropping part of the error involved alerts that were ignored by both physician and pharmacist. The error caused a grand mal seizure that sent the boy to the I.C.U. and nearly killed him.

      Hospitals have systems in place to prevent those 1-in-a-million accidents. In fact, since they dispense more than a million pills, they have systems in place to prevent 1-in-100 million accidents. Even so, they keep making rare mistakes. It's a constant battle. And it's expensive -- they use bar codes, the pharmacist has to check the prescription, the nurse has to check the prescription, and if there are dangerous drugs around, like in cancer treatment, another nurse has to check the first nurse, etc. It's a pretty expensive process. It's worth a lot, because otherwise they would kill more people.

      There was a recent British report that evaluated the reason why a cancer patient got an injection into the spine of the wrong, fatal drug, which killed him. It went into great detail about the error-prevention methods, and why they failed. Here's a news story about it. http://www.dailymail.co.uk/new...

      So when you get an aspirin in a hospital, it has to go through an expensive process. They can't just go next door to CVS and buy a bottle.

    15. Re:How much is that in commodity medical supplies? by Anonymous Coward · · Score: 0

      Shoulda got the generic kind for $0.50, seriously, why do people want the overpriced version

    16. Re:How much is that in commodity medical supplies? by Richard_at_work · · Score: 1

      Why shouldn't it be considered a general salary? The salary is paid regardless of whether the nurse is delivering the drug or not.

      Anyway, so lets take a salaried nurse at £23,000 a year (neither the lowest nor the highest wage for a nurse in the NHS), and lets assume it takes 5 minutes for the nurse to prescribe, fetch and hand the drug to the patient.

      The figure you are asking for is ... £0.97p for two aspirin.

      Most of that is in the nurses salary. And that's ignoring the fact that my previous figures were using an off-the-shelf cost for a packet of 28 aspirin at a supermarket - the NHS will be buying in much larger quantities and getting them much cheaper. Aspirin is a generic drug, and as such the NHS will always be buying them at the lowest rate.

      Thats also ignoring the fact that it doesn't take a nurse to prescribe and issue an aspirin to most patients, as certain lower paid clinical employees can do so.

  4. So, will they ever spend these bitcoin? by JoeMerchant · · Score: 4, Interesting

    And, can the FBI monitor the blockchain to get IP addresses where these coins were accessed from when the hospital handed them over?

    1. Re:So, will they ever spend these bitcoin? by Time_Ngler · · Score: 4, Funny

      Only if they can get the courts to force a silicon valley company to do it for them

    2. Re:So, will they ever spend these bitcoin? by Time_Ngler · · Score: 1

      No shit?

    3. Re:So, will they ever spend these bitcoin? by Anonymous Coward · · Score: 0

      Not that hard to break chains. There are actual laundry services, but I would think moving into any pool that the chain gets lost and then piece it out. Go to one of the numerous places that have wallets - exchanges in foreign countries, gambling services, etc etc. Your bitcoin ends up in their pool and when you draw them out it's an accounting nightmare to figure out. Or convert to a few alt coins and bounce those around the exchanges, convert back to bitcoin, sell that off slowly. Interesting thought experiment. Ransomware has been going on for awhile with bitcoin so whomever is doing it has an exit strategy that must be working for them.

    4. Re:So, will they ever spend these bitcoin? by Darinbob · · Score: 1

      The perps are most likely under the personal protection of Putin. Good luck extraditing them.

    5. Re:So, will they ever spend these bitcoin? by Ingenium13 · · Score: 1

      Bitcoin doesn't work like that. Maybe if you had an omnipotent view of the whole internet to see where a transaction actually originated from. But even then it's trivial to just use Tor.

    6. Re:So, will they ever spend these bitcoin? by Anonymous Coward · · Score: 0

      Sargeant Shaved Balls?

    7. Re:So, will they ever spend these bitcoin? by JoeMerchant · · Score: 1

      With the omnipotent view, Tor doesn't work either - and there are few enough Tor nodes that it would not be surprising for most of them to be monitored and recorded.

      The Bitcoin blockchain is inherently public knowledge - key component of how the system works. If you want to do a transaction, you have to interact with the blockchain - infact, if you want to "act normal and blend in" you advertise your proposed transaction publicly. The coins paid as ransom are known to the persons who gave them away... only trick is to trace back to whoever accepted ownership of them.

      Anybody who accepts 40 coin and does not immediately take ownership of them in the blockchain is begging to have them spent by the person who gave them to them. I'd see a timeline like: 1) Hospital gives coin, 2) Blhackmailers take ownership of coin in blockchain, 3) Blhackmailers transfer ownership of coin to 3rd party in exchange for something of value, 4) Blhackmailers release Hospital assets.

      Steps 3) and 4) could be reversed, but both steps 2) and 3) require revelation of a consistent identity.

    8. Re:So, will they ever spend these bitcoin? by OverlordQ · · Score: 1

      That's not how anything related to bitcoin works.

      --
      Your hair look like poop, Bob! - Wanker.
    9. Re:So, will they ever spend these bitcoin? by Anonymous Coward · · Score: 0

      Anybody who accepts 40 coin and does not immediately take ownership of them in the blockchain is begging to have them spent by the person who gave them to them.

      That is also not how bitcoin works, you don't "accept" them. Once the hospital sends bitcoins to an address, they sit on the blockchain until spent by the hackers. The hospital can't "double-spend" them once they're confirmed on the blockchain.

      Spending coins just requires a valid transaction, which can be generated offline and then relayed by anyone anywhere. There are services online that do this for free, and since the transaction is already signed, these middlemen can't steal the coins.

      So the timeline is:

      1) Hospital sends bitcoins to the hacker's address

      2) Hacker waits until coins are confirmed

      3) Hackers release hospital assets and send coins through multiple mixing services (in case one is a honeypot)

      4) Profit!

      It has historically been very difficult to catch people doing this - the guy who ran bitcoin's most notorious drug website didn't get caught until an FBI agent noticed he used his personal email address in an early post about the site. The darknet drug market is several times larger now because it works.

  5. Now What? by Irate+Engineer · · Score: 3, Funny

    I'm sure that they are going to take the $3.6 million that they didn't have to pay during this episode and devote that to upgrading and securing their systems to prevent the possibility of future attacks like this. That would be the smart thing to do.

    Right?

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

    1. Re:Now What? by aaarrrgggh · · Score: 3, Insightful

      Unfortunately, that is only $8k per bed, or likely around $800/employee. Hell, it is really only two FTEs for the next 5 years...

      A grossly flawed system is much more expensive to fix than that. Maybe they could afford a backup system that is resistant to bitlocker though...

    2. Re:Now What? by Shadow99_1 · · Score: 5, Informative

      lol, I've seen some major hospitals that have 2 entire IT people on staff (an admin and an assistant)... I applied for a network admin position at a hospital with 2 IT employees (though I didn't know that until the interview) for 400 employees and well over 300 connected systems (from tablets doctor's used, to connected hardware, routers, and servers of various types, as well as dedicated workstations for nurses). They also used highly specialized systems that were extremely complex. Oh and did I mention satellite officers for doctor's that are part of their network, but not onsite? Yeah... Huge mess there.

      Because obviously all this tech in a modern hospital can just work on it's own. No one ever wants to keep enough IT staff on hand to deal with regular maintenance because that would take away from executive bonuses. Hospitals are not any different, even as they are required to push further into the digital realm. This is the direct result. Oh and they don't even usually pay that well. Heck I think half the interviews I've had with companies lately are just to 'prove' a native worker wasn't 'qualified' to do the job even though my resume is solid. Good luck to the sucker form India getting those jobs.

      --
      we are all invisible unless we choose otherwise
    3. Re:Now What? by Antique+Geekmeister · · Score: 1

      I've done them. Like good password policies, the upfront cost is often refused.

    4. Re:Now What? by m.alessandrini · · Score: 1

      Haven't you watched Mr. Robot? Next one will be a prison.

    5. Re: Now What? by Anonymous Coward · · Score: 0

      If you think 300 device networks are too much for two days admins then you aren't qualified for the job

    6. Re: Now What? by v1 · · Score: 1

      I am one of three desktop support on a campus of 3,500 machines spread across 10 buildings with an additional ten satellite sites and we manage just fine, though we do have 2-3 interns from time to time to help. On the other hand, another campus near us has an incredible staff of over 300 to manage less than double the machines we do, and many over there consider themselve extremely overworked. "Work smarter, not harder", the job is only as difficult as you make it. Proper application of automation and central management is key.

      --
      I work for the Department of Redundancy Department.
    7. Re: Now What? by JoeMerchant · · Score: 1

      One needy doctor can occupy 25%+ of an IT support FTE when they get "in the zone." If you've got a research program on-campus with 20+ docs, an admin + assistant will not keep the hungry fed.

    8. Re:Now What? by pastafazou · · Score: 1

      All they needed was a proper backup and they could've just restored all the encrypted files without paying a cent.

    9. Re: Now What? by Anonymous Coward · · Score: 0

      Did it ever occur to you that most of the support goes to that 300, and you are just the b-team spillover group? Because that is what you are in a situation with asymmetric staffing.

    10. Re:Now What? by Anonymous Coward · · Score: 1

      I really need to understand something.

      I use the Internet, so I'm quite familiar with the rampant incorrect use of apostrophes to convey pluralization. However, you don't fit the pattern: you only used it to pluralize doctors. You did it twice, so it's apparent that it was intentional.

      What is it about that one word that led you to believe that adding an apostrophe was the correct way to pluralize it? This is a serious question and I'm not flaming you; I genuinely want to understand this.

    11. Re: Now What? by Anonymous Coward · · Score: 0

      Did it ever occur to you that the 300+ staff managing less than double the number of machines his staff of 3 handles is doing so for another campus, meaning his team manages the machines at his campus and the other manages those at the other; hell, the two campuses might not even be part of the same hospital, he need not identify that fact, though.

    12. Re:Now What? by Shadow99_1 · · Score: 1

      It's called I wrote it at midnight and was half asleep. Then again after a car accident I have very minor brain damage that causes me to reverse the placement of letters when I'm typing at times, so typos are extremely common for me anyways.

      --
      we are all invisible unless we choose otherwise
  6. Backups? by Anonymous Coward · · Score: 5, Informative

    Good god, doesn't anyone keep backups anymore?

    1. Re:Backups? by gavron · · Score: 3, Interesting

      Yes. I have backups. You have backups. You're modded down to 0 for a perfectly reasonable question.
      I'm sure I'll soon join you.

      Meanwhile the dipshits that run public hospitals DON'T have a usable backup strategy, pay trolls ransom,
      and the new slasdhdot posts it as if it's big news.

      Big news would be if someone actually had a backup and DIDN'T pay the ransom... or if they got LEOs
      to actually FIND the bad guys. Paying ransom... heck, even the LEOs pay ransom. https://www.google.com/search?...

      E

    2. Re:Backups? by Anonymous Coward · · Score: 0

      If their backup system was live rather than tape based, it is completely possible for the virus to have encrypted them as well.

      But even with backup, they may have had to manually restore every computing device. That would take a lot of time and money. Most hospitals tend to be understaffed at every position, especially including IT.

    3. Re:Backups? by m.alessandrini · · Score: 1

      Ironically, people keeping backups are the most safety-aware people, so the ones less likely to need them for cases like this.

    4. Re:Backups? by Max_W · · Score: 1

      If it was an insider job, then even backups would not help.

      IT guys sit in a small room in a cellar, but more and more it is them who actually run things.

    5. Re:Backups? by Solandri · · Score: 5, Interesting

      A friend of mine runs a multi-million dollar construction supply company and her work computer got hit with a ransomware virus. As she is manager/accountant, it was pretty serious. Fortunately she had a competent IT staff which regularly backed up her system . So they just pulled her computer offline (so it couldn't spread to other systems), and restored everything to a new computer (this is why companies like to buy a bunch of identical Dell systems). And she was back in business the next day.

      Except for one file which she had been working on the day the ransomware hit, and thus hadn't been backed up. As it turned out, the ransomware authors had programmed it to allow the victim to decrypt one file - to prove that it could in fact be decrypted, and hadn't just been deleted. So she of course chose that file to decrypt, and ended up with no data loss. The only loss was she couldn't work for a day.

      That's why you never hear stories of competent IT saving the day. When they do, it's a non-event about as serious as someone calling in sick for a day. It's only when they fail that the problem becomes serious enough to be news-worthy.

    6. Re: Backups? by Anonymous Coward · · Score: 0

      Nothing ironic about that. Backups have been a good idea since way before ransomware.

    7. Re:Backups? by edis · · Score: 1

      There is no simplified mapping between my awareness and danger-exposed user end. We had recently ransomware visit, too. Hi, Russia!
      One should not feed terrorist at any cost.

      --
      Servant of karma
    8. Re:Backups? by m.alessandrini · · Score: 1

      I think the mapping is more evident at the lower end ot the user's spectrum, like people not keeping their systems up-to-date, not telling a ".pdf" from a ".pdf.exe", installing that "download manager" from that cool streaming site, etc, etc

    9. Re:Backups? by edis · · Score: 1

      Not quite so, you oversimplify on your modest experience. Backup storage has limits. Information tends to ever grow. I intentionally skip large multimedia files, like collection of pictures from company parties, for example, from backing - to have vital things on backup media. Thus, when ransomware hits, and you have network share content completely encrypted, you still have stuff to sort, and keep all the share users off bay, until situation is investigated and put back under (some) control. While people really long for vast collection of sentimental pics, that remains encrypted pile of nonsense for a while.
      But do not feed terrorist, this has to be professional determination, made firm and clear.

      --
      Servant of karma
    10. Re:Backups? by queBurro · · Score: 1

      up to the minute backups? or nightly / weekly? how much data are we happy to lose here in a hospital? e.g. Mr Jones has had his chemo on Monday, but the db says he hasn't!

      --
      sag
    11. Re:Backups? by edis · · Score: 1

      You see, everyone is using computers nowadays. Everyone. Which means, that you are actually dealing with the whole spectrum of users, that's given. As an IT administrator, I am given that given, too. Of course, there are some users that are not able to handle one challenge or another, or nearly any sometimes.
      It's us, IT guys, who keep backups for those users (well, best of us do). There is no good mapping in that structure, if it is mature enough to be of structured kind.

      --
      Servant of karma
    12. Re:Backups? by JoeMerchant · · Score: 1

      Here's the key:

      usable backup strategy

      I'd be willing to bet they _thought_ they had one and just got showned how inadequate it is. Of course, patient care was not compromised - that would make them (relatively more) vulnerable to lawsuit from all the bad outcomes that happened during the service outage...

    13. Re:Backups? by JoeMerchant · · Score: 2

      Anyone who has over 1GB of "valuable business information" is either archiving video, or doing it wrong. The age old strategy of hourly backups for 24 hours, daily backups for a week, weekly backups for a month, monthly backups for a year, and annual backups beyond 12 months only requires 45x the storage space of the original, and backups can be compressed.

      A $99 2TB drive should be able to easily store 25GB of valuable data, backed up hourly - for all the hours that matter to anyone.

    14. Re:Backups? by Anonymous Coward · · Score: 0

      We had a similar encryption attack used against us, 4 computers and one file server were infected. We had backups, and contacted the LEO's. No word on what the LEO's did.

    15. Re:Backups? by Anonymous Coward · · Score: 1

      (this is why companies like to buy a bunch of identical Dell systems)

      I used to work for a small company of around 100 people, mostly engineers. IT would buy every single person a laptop (90 % of them were identical) with a 3-4 year warranty. Those warranties are like $800 and the computers are like $3000 tops. When an engineer had a hardware problem, they would be without their computer for like a week minimum (usually, they would get some ancient loaner, and it could be a few days labor to even update a computer to work with all the different systems anyway).

      Why they didn't just buy all identical computers with about 5-10 extras instead of warranties, I will never know. Hardware issue? Just pull the hard drive, stick it in an identical computer and the engineer would be back to work in less than an hour.

    16. Re:Backups? by edis · · Score: 1

      When you have reality client with the mission on profit, who does not want to spend on new backup equipment before seeing old one definitely die, does not want to spend on outsourced services beyond the utmost necessity, but naturally has ever growing set of files - you have reality looking into your face for some reasonable choices. Then you do the best, you can, but it is not dream come true.

      --
      Servant of karma
    17. Re:Backups? by Chris+Mattern · · Score: 3, Informative

      A common strategy here is to encrypt to files, insert a transparent decryption layer, and then wait a few months before yanking the decryption. Backups are no good because they're encrypted too.

    18. Re:Backups? by Notorious+G · · Score: 1

      I've wondered about law enforcement on events like this. Who would handle it? The local police force is, for the most part, going to be unable to assist. Some larger cities may have computer crimes units with the skill sets to investigate and address these things but jurisdictions are going to be a massive problem - some (most?) of the gangs running these things are international. No way the local PD is going to get any traction there. If it's domestic and a gang that spans multiple states/jurisdictions the local PD will have a similar albeit smaller problem. I can't see many of these getting investigated at all.

      It seems only something like the FBI would have the skills and jurisdictional ability to investigate but I can't imagine they have the staffing to do very many cases at a time.

    19. Re:Backups? by Anonymous Coward · · Score: 1

      Meanwhile you have no idea how hospitals are setup. Sure they have backups, but if their servers are hit that doesn't mean much. Yes you can restore from backups, but only after you've rebuilt everything. That's the key here, rebuilding takes a long time.
      Every hospital is setup with a HIS system (Hospital information system) that controls all patient data, another vendor for controlling radiology orders, another vendor for controlling pharmaceuticals, another for controlling lab results, and yet another just to coordinate all of the systems together.

      You can restore from backups but it's not a simple task and often times it requires the vendor to be called in to work on the system because they're the only ones that can properly setup the system. These vendors will often times charge up to $10,000 just to change an IP (Outrageous, but a fact), let alone a full system restore. Meanwhile, you've got a hospital full of patients that still require care and bills that need to be sent to insurance.

      This is a 434 bed hospital, which means it's a midsized hospital with a moderate IT staff. Probably 3 or 4 full time IT guys. They'd have more, but because of the constant pressure to cut costs in hospitals they can't afford to hire anyone else and instead rely on vendors for the more complex tasks.

      What they experienced is the equivalent to losing a data center with probably 5 racks and 200 hundred machines. Yes you can restore from backups and startover, but not without losing vital patient information and impacting patient care.

      Just because YOU don't understand how complex hospital infrastructure is, DOESN'T mean the people who run the hospital are dipshits.

    20. Re:Backups? by JoeMerchant · · Score: 1

      Clients who waste breath about whether or not $99 is "worthwhile" to spend to safeguard their data deserve what they lose.

    21. Re:Backups? by Anonymous Coward · · Score: 0

      Clearly a pragmatic economic decision. Their systems pointed to a payoff as the cheaper and quicker path to getting back up with minimal downtime or lost data versus a systemwide restore from the latest clean backups. Awareness of their bad strategy and lack of a redundant fall back plan will be the lesson learned. $17K will be recouped in the next celebrity ass lipo procedure.

    22. Re:Backups? by Anonymous Coward · · Score: 0

      It is also important to remember that a backup system that is under-maintained (and most of them are) will just backup the encrypted disks over the last snapshot of the non-encrypted disks, or write to the tape that has long flaked off too much magnetic film, will dump the data to a drive that's full, or will lack a restoration plan / policy that the operators can follow under duress. The only good backup is a restored backup; and far, far too many people skip even a random sampling of verification of the backup they "just took".

    23. Re:Backups? by edis · · Score: 1

      Do you realize, that:
      a) content of your $99 investment is going to be encrypted along by ransomware in exactly the same manner?
      b) $99 investment alone, even if you are thinking yourself being one smartass super duper user, is not going to include you professional services of setting proper backup safety net?

      --
      Servant of karma
    24. Re:Backups? by JoeMerchant · · Score: 1

      I do realize that:
      a) The $99 investment is vulnerable when it is mounted, not when it is inaccessible
      b) Attackers are unlikely to dig so deep into the system that they find locally developed backup schema, and then demonstrate the patience to wait for the backup to come online or the creativity to figure out if/how to force backups online for encryption
      c) I've set up two such $99 drives at home to do daily mirror backup of each-other, it took about 2 hours of internet research to learn how to do this "from scratch" and the solution is set-and-forget for the last 3 years. When I put a file on one, it automagically appears on the other the next morning. This isn't exactly the kind of schema I would use for mission-critical business data - physically, one backup copy should be remote-located and multiple versions should be retained incase of accidental corruptions. When I did set such a thing up for a business purpose, it took about 3 hours of research plus 2 hours of testing, and was also set-and-forget for years.

    25. Re:Backups? by edis · · Score: 1

      Cool. But reality hits again: it is set corporately, that this is not what you ought to do. You can do it at home, though.

      --
      Servant of karma
    26. Re:Backups? by Solandri · · Score: 1

      And in case anyone is wondering, no she didn't get the ransomware by clicking on some random email attachment. One of the sales staff got it first, and the ransomware spread itself by using his email to spam people in his address book. She thought she was opening a report sent by one of her salesmen. The employee was honest enough to tell IT about it soon after he realized what was happening, and they got the word out to everyone not to open any email attachments. They managed to stop it at only four computers infected.

    27. Re:Backups? by Anonymous Coward · · Score: 0

      That is the client's problem.

      Be clear and direct about the risks, and the costs. Leave the choice to the client. Walk away if they do not respect your input.

    28. Re:Backups? by Anonymous Coward · · Score: 0

      What a great story! And yep, excellent rescues do come across as non-events unfortunately.

    29. Re:Backups? by Areyoukiddingme · · Score: 1

      Yes. I have backups. You have backups. You're modded down to 0 for a perfectly reasonable question.

      Anonymous Cowards start at 0. There are no negative mods whatsoever on the grandparent post.

    30. Re:Backups? by xiux · · Score: 1

      Which is why it's important to validate backups. The most common story is the proverbial organisation routinely backing up to tape, only to find out the tape was bad when they needed to restore. A random spot check is better than nothing.

      An alternative is to setup version control for each file, and if the delta between changes increases by X%, it should send an alert to the user.

    31. Re:Backups? by JoeMerchant · · Score: 1

      And, I return to the sentiment, if the corporation cares so little for their data (or, perhaps would be happier if it were lost), then they get what they deserve.

      My main point is that backup storage is so ridiculously cheap now, compared to 10 or 20 years ago, and you get "working storage" instead of some flaky, slow tape drive.

    32. Re:Backups? by Anonymous Coward · · Score: 0

      Anyone who has over 1GB of "valuable business information" is either archiving video, or doing it wrong.

      Ever worked for a corporation before? A prestigious law firm I previously worked for had well over 20 million legal documents in their document management system. And that was for only around 300 lawyers for a company that was only about 20 years old. They are tiny compared with other law firms, but went through about 6 LTO-3 tapes for a full backup.

      Did you mean 1TB? Because they were still way over that.

    33. Re:Backups? by edis · · Score: 1

      Tape drives are great, just expensive to purchase and of limited capacity. You keep some tapes offsite - probably in your bank, by the way. How will your setup stand flood (now occurring periodically in the buildings I watch) or fire? Arrangement itself is good. You are overly confident in your personal experience.

      --
      Servant of karma
    34. Re:Backups? by JoeMerchant · · Score: 1

      The key component of "my setup" is: internet connectivity.

      My home is not subject to flood, but if I cared enough to protect from fire, burglary, etc. the rsync job would be mirroring to a drive in another location. When I did the "professional" setup, we did just that, the working drive on-site, and the mirror at the President's house connected by VPN.

      If the "corporation" with such limited budget also has only a single, flooding, building in which everyone works and lives, then they really should consider using cloud services if data is important to them. If the data isn't a key component of the business, then print the legally required documents and stick them in a storage facility (like the bank), and forget about the modern world of IT - not everybody needs it.

    35. Re:Backups? by edis · · Score: 1

      It is very large, fast or even fastest in their profile growing corporation, but each unit is stuffed with equipment, very naturally prone to hazards. IT does make forefront of abilities to grow fast, but at the same time each particular unit is set high expectation of profit returns. I hope this enlightens you tiny bit more.

      --
      Servant of karma
    36. Re:Backups? by edis · · Score: 1

      By the way key reliance on Internet connectivity is synonymous to the key exposure to vulnerabilities, that's inevitable.

      --
      Servant of karma
    37. Re:Backups? by JoeMerchant · · Score: 1

      By the way key reliance on Internet connectivity is synonymous to the key exposure to vulnerabilities, that's inevitable.

      Absolutely, though I find it amusing that I have run dozens (maybe hundreds, by now) of computers "internet connected" behind a simple router/firewall and not had a single "intrusion" issue since our first connectivity in 1995 or so, yet other people who take serious precautions with virus scanners, OS level firewalls, etc. experience such problems with security. The key to safety when using any powerful tool is to keep the controls protected from people who might misuse the tool. A point-to-point VPN tunnel presents precious little opportunity for attack, but if the computer at either end of the tunnel is used without appropriate awareness of risks, it can indeed be a problem.

    38. Re:Backups? by JoeMerchant · · Score: 1

      I get the picture, but it's clear that the large growing corporation is having difficulties with priorities. There is an "appropriate level of risk" to each area of a business. The reason leaders are expected to have an "MBA" style education is to give them some insight in to each area of the business so that they can make appropriate judgements as to how much risk should be tolerated in each sector. Great leadership will learn on the job about each area of the business, taking input from the people who do the actual work. It sounds like your IT sector isn't getting enough input to leadership about the importance of IT and the risks that are taken with shoestring budgets. Not faulting IT, great leadership is rare.

    39. Re:Backups? by edis · · Score: 1

      They spend quite a lot, but if you follow corporate strategies closely, you have left no room for local ideas. The thing is: central decisions, high expectations on units' results, local concerns they do have not that much in common. Of course, GMs of the units try to meet ends, but all those constraints differ just by design of the structure. And if you didn't know, it is major challenge for an organization to grow. One of the biggest, I'd say.

      --
      Servant of karma
    40. Re:Backups? by JoeMerchant · · Score: 1

      Growth is challenging, but it's a better problem than lack of revenue, or unpredictable sales.

      Middle management takes the occasional bashing as "useless," but in my experience, bad middle management is indeed useless while good middle management can secure their departments the resources they need and protect them from unreasonable expectations and demands.

    41. Re:Backups? by toddestan · · Score: 1

      I wouldn't count on version control to save you. If the transparent decryption layer sits between the actual data and the version control, everything will look fine... until it isn't. Though it might work if the version control was sending the unencrypted files to a server.

      Probably your best bet is to have regular, multiple backups, and test the backups on another computer. If you find the backup is encrypted, the previous backup should still be okay.

  7. 17K by Anonymous Coward · · Score: 0

    That's like four generic Tylenol and half an Ace bandage.

  8. Re: How much is that in commodity medical supplies by Anonymous Coward · · Score: 0

    It's about 10 minutes worth of surgery. They should have racked the hospital along with 1000s of others and every insurance and pharmaceutical company who colludes with the hospitals (read that as every single one of them) to over charge for their services. Medical care is extremely over priced. But then they come back with the shitty argument of what is life worth and continue to rape people.

  9. Trump by Anonymous Coward · · Score: 0

    Would have put up a firewall, and made *them* pay for it.

  10. That's expensive by U2xhc2hkb3QgU3Vja3M · · Score: 1

    Just for shit and giggles I'd like to see someone ask a ransom of 1 million Dogecoins instead.

    1. Re:That's expensive by Anonymous Coward · · Score: 2, Funny

      ef46a09784cd9fe65c547972f916eb2c

      Your post has just been encrypted with an unbreakable MD5 algorithm! Only I have a the key!
      Pay me 1 million Dogecoins to get your post back! My address is DHrB6mgSAgwGiKw3YKn2VrN9PPq3bbHCFx

      Wow
      Such ransom
      Many encryptions
      Wow

  11. Fire the Director of IT by Anonymous Coward · · Score: 0

    This is stupid. Why would a hospital of all companies not have a disaster recovery plane? This type of attack is so trivially preventable it's almost funny.

  12. The solution to ransomware... by davidwr · · Score: 3, Insightful

    ... is for someone to figure out an efficient way of tracing the full transaction history of any given "coin." Yes, I know that "in theory" it's do-able but it's just plain not feasible right now.

    Yes, I know BC "coins" as such don't have a history, but transactions do. If a coin is the "output" of a transaction then its "parent coins" are all the coins that went into the transaction, in proportion to each other. Yes, you can "launder money" but all that does is "spread the dirt around" resulting in "slightly dirty" BC that are considered only as fractionally valuable as their "clean" fraction.

    For example, if a ransomware victim, in cooperation with the police, pays 40BC to crooks, the crooks will of course launder the money immediately, probably several times over. As soon as the keys are recovered and there is no more danger of the crooks "getting revenge," the police issue a notice that all BC whose "transaction history" included this transaction are "tainted by the dirty transaction."

    At this point, reputable companies who trust that particular police authority will only accept "tainted money" based on the "clean" portion of its value. Those who happen to be stuck with the "dirty money" are pretty much out of luck, in much the same way that I am out of luck if a store clerk accepts a very good counterfeit $5 bill from a crook then later innocently hands it to me in change later that day.

    Yes, this setup has many flaws, but it's better than the status quo. Some obvious flaws include:
    * it's currently not feasible
    * there are many police authorities, and people trust them to different degrees, so the BC in your wallet may have a different value depending on who you want to do business with.
    * Whoever has coins "descended" from tainted coins at the time they are announced as tainted will be stuck with the loss
    * There is no built-in appeal for a police authority declaring a particular transaction "illegal" and declaring the coins received in that transaction "tainted". The only deterrent is that if a given police authority gets too sloppy or too abusive, fewer and fewer people will honor its declarations.
    * There are no doubt other flaws, this is just the ones that came to mind immediately.

    Of course, the real solution to ransomware is backups, backups, backups, but we all know that's not going to happen any time soon. Sigh.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:The solution to ransomware... by JoeMerchant · · Score: 1

      The basic problem with tracing bitcoin is that you get to make up your own version of the "government issued ID number" that most banks require, combined with the fact that - even though there are far fewer BTC exchanges than places to trade cash or cash equivalents, they are located in virtually every jurisdiction and non-extradition zone on the planet and inherently accessible within a fraction of a second from anywhere else on the planet.

      As you imply above, any legal crackdown on how BTC operates will require global cooperation.

    2. Re:The solution to ransomware... by Anonymous Coward · · Score: 0

      > At this point, reputable companies who trust that particular police authority will only accept "tainted money" based on the "clean" portion of its value. Those who happen to be stuck with the "dirty money" are pretty much out of luck, in much the same way that I am out of luck if a store clerk accepts a very good counterfeit $5 bill from a crook then later innocently hands it to me in change later that day.

      Except that the extorted bitcoins are not counterfeit. What you are suggesting is declaring all money that was once involved in a crime worthless. It was in the news a few years ago that about 90% of all US bills had trace amounts of cocaine on them, and possession of cocaine is a crime. So all of that money is tainted. How about you withdraw all of your money right now and burn 90% of it? No? I didn't think so.

  13. And so it begins by Ol+Olsoc · · Score: 1

    The true business model of the Internet of Things.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  14. weird by MobileTatsu-NJG · · Score: 1

    Is it just me or has Slashdot been recovering news in a timely fashion lately?

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    1. Re:weird by MobileTatsu-NJG · · Score: 1

      Err I meant 'covering'... I guess even subconsciously I associate Slashdot with dupes.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    2. Re:weird by Anonymous Coward · · Score: 0

      Nah, it's just a dupe you haven't read yet. Still, guess that's an improvement. :)

  15. this should be illegal by slashmydots · · Score: 1

    What a bunch of selfish, moronic, incompetent, irresponsible assholes. It should be a federal law that is it completely illegal to pay any sort of ransom of this sort.

    1. Re:this should be illegal by Anonymous Coward · · Score: 0

      how is this different from all states that pay everytime a national with some connections is kidnapped in crappystan, do you really think everytime an american is kidnapped they send steven seagull to rescue that person?

      the dont negotiate with terrorists is just a movie sentence

    2. Re:this should be illegal by JoeMerchant · · Score: 1

      how is this different from all states that pay everytime a national with some connections is kidnapped in crappystan, do you really think everytime an american is kidnapped they send steven seagull to rescue that person?

      the dont negotiate with terrorists is just a movie sentence

      It goes beyond movies to most media outlets - it's the repeated mantra, even though it's not 100% followed.

  16. Sorry by Anonymous Coward · · Score: 0

    Look I know this will sound fucked up, but $17k costs less than keeping good backups of a hospital's data...

  17. HIPAA? other hospitals? by Anonymous Coward · · Score: 0

    This sounds like one huge HIPAA violation to me. Presumably the hospital is on the hook for disclosing sensitive patient data without permission?

    One wonders how many other facilities are "silently" infiltrated.

  18. I've said it before, and I'll say it again: by williamyf · · Score: 1

    If you need your PHB to approve the funds for a project like this, point him to this article, and to: Harvard Business Review, Oct 2009, page 38.

    Then tell him that almost 7 years later, the CIO/CISO from the hollywood hospital did not learn the lesson, and got eggfaced, would you, my dear PHB would like the same? no? Then approve project and funds!!!!

    --
    *** Suerte a todos y Feliz dia!
    1. Re:I've said it before, and I'll say it again: by Kardos · · Score: 2

      Link for the lazy: https://hbr.org/2009/10/when-h...

  19. So they paid the danegeld... by Anonymous Coward · · Score: 0

    I thought it was generally accepted to be a bad idea.
    see https://en.wikipedia.org/wiki/Danegeld

  20. NO WAY! by tlambert · · Score: 1

    NO WAY! You mean that if I compromise a system with access to ANOTHER system, that I can compromise the second system?!?!?

    That's fucking magic! ...Or so i am led to believe...

    1. Re:NO WAY! by Anonymous Coward · · Score: 0

      I'm only adding this 'cause you're a smart ass and might miss it. ;-)

      As I mentioned above, it's not all that and a bag of chips. At least not the two that I've seen online. There was one on PasteBin and one on GitHub. Google will show the way if anyone's interested. There's a few copies on the 'darknet' if one wants to go dig 'em out. I haven't checked those.

      Anyhow, nah... By itself, it's a simple thing. There's no remote control other than putting a message up on the screen and some not-so-refined choices for encrypting. It looks like the more complex of the two allows one to automatically encrypt any attached device *after* the initial encryption. In other words, once they've pulled the trigger they can automatically encrypt anything that's plugged in and mounted automatically.

      Keep in mind, they can't just encrypt everything. If they did that, the computer would not work. Anything that the user has for permissions, it has for permissions. There's nothing fancy. It's not doing remote controls, it's not looking for additional exploits. It appears to be really damned basic.

      Obviously, this can be daisy-chained with other exploits so they could just as easily be patching it with a VNC/RD client or something. They could patch it into all sorts of malware - but, by itself, it doesn't really do much more than let you encrypt folders and attached shares and things like that. There's no way to just encrypt *.doc or .exe files. I didn't see any way to just encrypt a few things on a share either - in other words, as near as I can tell, if they elect to encrypt shared storage or network attached storage - it encrypted all of it. Nothing fancy.

      I wrote the details out in a post just a few minutes ago. I figure you won't refresh and see it on your own. You wise ass. ;-)

      Meh, Slashdot's bitching at me. 50 posts per day is the limit. I'll get more post in a few minutes anyhow but I'll fire this off as an AC. 'Tis KGIII.

  21. Why by Anonymous Coward · · Score: 0

    I never understand why sensitive businesses never airgap their networks. The IT department's should be sacked for not standing up to the higher management by insisting there should be airgap systems.

    Now every tom and dick will come to infect the hospital as it now shows that they pay up..

  22. Correct by Zontar_Thing_From_Ve · · Score: 1

    What Shadow99_1 says is on the mark. Plus note that the medical field almost always uses Windows and I don't have to tell people here the security "fun" that decision leads to. The medical field in general doesn't understand much about IT and I get the impression that the very few IT providers there do a pretty crappy job in general with their Windows-centric solutions. The idea that this hospital would now do serious work to tighten up their security is just laughable. I'm 99% sure that going forward they won't have anything more powerful than hope that they get left alone now that they paid off the bad guys. I work in IT and I occasionally have to talk to a customer's IT staff about technical issues they have with us and one of the things I see a lot is that a lot of smaller sized companies definitely don't value IT work at all and are trying to get by with as few (overworked) IT employees as they possibly can, so I totally believe that a hospital might only have 2 people as their entire IT staff.

    1. Re:Correct by Anonymous Coward · · Score: 0

      going forward they won't have anything more powerful than hope that they get left alone now that they paid off the bad guys...I see a lot is that a lot of smaller sized companies definitely don't value IT work at all and are trying to get by with as few (overworked) IT employees as they possibly can, so I totally believe that a hospital might only have 2 people as their entire IT staff.

      I hope they get hacked again and have to pay again. In a way, this was poetic justice for their disrespecting of us IT workers, ignoring our advice and refusing to pay us what we're worth. Plus, we Americans are constantly being ripped off by hospitals anyway so it's nice to see somebody stick it to those bastards and give them a taste of their own medicine.

    2. Re: Correct by Billly+Gates · · Score: 1

      Nope. IT department got the blame and will probably be axed for an Indian team. Seen it before

      --
      http://saveie6.com/
    3. Re:Correct by ai4px · · Score: 1

      I work in a major paper manufacturer. We had a small UNIX box that translated between two machines speaking different protocols for process control. The box was obsolete, so they hired a vendor to replace it. The vendor installed Linux on a modern PC and moved the code over. The corporate IT department's policy was that all boxes on the network must be windows and run A/V. So the vendor installed CYGWIN on top of windows. Several months later, Norton AV did an update and suddenly began a scan at 6am on Wednesday morning consuming all CPU resources. Our process control link failed for approx 5 minutes. After 3 weeks of this, we finally came it early to see what was going on and discovered the problem.
      I just LOVE IT departments that have inane policies.

  23. I'd love to see the post-mortem on this one by zerofoo · · Score: 1

    I'm willing to bet that these were windows machines - and probably woefully out of date.

    I wonder just how many hospitals are still running windows XP or some other relic thinking it will save them money.

    Maybe the California Department of Health needs to start auditing hospital networks?

  24. airgapping does jack by Anonymous Coward · · Score: 0

    Short sighted from an industry view, probably not from the hospitals view. You would hope they have air gapped their network from the internet at this stage while they reappraise their security and plug holes.

    As Stuxnet (and others have shown), air gapping does jack.

    We got hit in a segregated network with some ransomware as well recently. The vector? A vendor came in to work on a DNA/gene sequencer and had to update the firmware. The malicious code was on his USB key. We have scanning software everywhere... except on machines connected to lab machines, because scanning messes up the interface software.

    Of course our file server has daily snapshots, so we were able to roll back. That's why I'm a bit surprised about this: not that they got hit, but that they couldn't restore/roll back.

    You're going to get hit in a way you don't expect at some point, so in addition to defence, you need to look at contingencies. It's the latter part that the hospital was weak in.

  25. By Neruos by Anonymous Coward · · Score: 0

    This has to be the most ridicules thing ever. This is why corporations have standard images of everything.

    1. all data must be backed up to shared locations
    2. all computers must have a core image
    3. design architecture in a module, segregate way
    4. have a DR plan, and in it, ransom-ware, spy-ware, hacking, trojan, backdoors should be a clause

    if you follow those 4, you can never be taken over for to long and not entirely, sure your data could be stolen, but that is a different topic, but taken over, never as long as you have physical access to the hardware, period.

  26. I hope the FBI does their job by whitroth · · Score: 1

    I hope they find these scum, take everything they own (it was involved in a felony), and gets each of them 20 years with no parole.

    They're almost on par with the scum who cracked Goodwill, and stole customers' card info....

                  mark

    1. Re:I hope the FBI does their job by Anonymous Coward · · Score: 0

      By "these scum" you mean the hospital administrators who gave their patients' money away to criminals? Yes, they should definitely be punished.

  27. and now, airgap the hospital by swschrad · · Score: 1

    take it off the web.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  28. What other point of view? by Anonymous Coward · · Score: 0

    "(successful from the thieves' point of view, that is)"

    Why does this need to be clarified, for whom else could it have been called "successful"?

  29. Worth less, not worthless by davidwr · · Score: 1

    It's the moral equivalent of declaring all money that is used in a crime the equivalent of an impurity that taints anything it touches, forever and ever, but with ever-decreasing effects.

    Think of it this way: If we were in the age of only gold coins and no paper money (and for the sake of simplicity, no silver or copper coins), it would be like if a particular coin was used in a crime, it would magically turn into base metal but nobody would know it for several hours after the crime occurred. If you put this coin in your purse, all coins in that purse would suddenly take on the average metal content of the entire purse. So, if you had 9 "clean" coins of equal value in your purse and dropped in one "base metal" coin of the same value into the purse, all of the coins would suddenly be 90% of the the value of a "clean" coin. Anyone who was holding any coin that had been "co-mingled" with the bad coin since the time of the crime would have partially-de-valued money, in a viral way.

    Now, as I said above, since it's not feasible to know the complete history of a coin, such a system isn't practical, at least not right now.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Worth less, not worthless by Thiez · · Score: 1

      And why would anyone cooperate with this crazy scheme? Perhaps you are willing to say that (using the numbers from your example) a bitcoin tainted by a particular crime is worth only 90% of its former value. The rest of the world might not agree that the value has reduced and pay full price (well, not to you of course, since you'll accept 90% of full price), but among one another. At the end of the day a bitcoin is only worth what others are willing to trade for it, and unless you manage to get most of the world on board with your scheme, it's just not going to happen.

    2. Re:Worth less, not worthless by Anonymous Coward · · Score: 0

      I am not that AC that you were replying to. I will say that it's a very clever idea but would kind of suck for some innocent people - potentially. One way to clear it up could be that it's not just the retailers but potential recipients of any kind could have the "block-list" or "tainted-list" and have it all automated.

    3. Re:Worth less, not worthless by Thiez · · Score: 1

      It's not a clever idea at all. Criminals will simply exchange their bitcoins for another currency, possibly multiple times, immediately after committing their crimes. Unless you think the right response after a theft of $X is grabbing some random people from the street, taking a total of $X from them, and then burning it is the correct way to stop crime?

  30. A shot across the bow? by ai4px · · Score: 1
    $17,000 for a hospital? A school district in Myrtle Beach SC was hit up for $8,000. For organizations this size, it is a small amount of money. So I have to ask: Is this priced low to scare management into doing what IT has been asking for, or is it simply priced low so they'll just pay up?

    My gut tells me this is likely a white hat thing.