Ransomware & HSE

blanch152

Can't be bothered reading through 35 pages of this, but can anyone tell me whether it has been identified as Leo's fault yet?

Jeff2

blanch152 wrote: »

Can't be bothered reading through 35 pages of this, but can anyone tell me whether it has been identified as Leo's fault yet?

For sure, go to this thread.

https://touch.boards.ie/thread/2058185902/1

Flinty997

blanch152 wrote: »

Can't be bothered reading through 35 pages of this, but can anyone tell me whether it has been identified as Leo's fault yet?

You should suggest it here...

https://waterfordwhispersnews.com/2021/05/15/whos-responsible-for-the-hse-hack-we-investigate/

suicide_circus

Spend the €16m on hiring some other hackers to track these hackers down and some mercenaries to ahem neutralise them.

markgb

AndrewJRenko wrote: »

What's the cost of retraining 100k users to Linux?

Actually lower than you think since everything is mostly web based these days. Outlook, office, teams, etc, are all the same in chrome on Linux as they are on Windows. But that's kind of a moot point. It's the servers you need to migrate, not the desktops. Running Windows on a server in this day and age is just nuts IMHO.

Idioteque

Burgo wrote: »

Don't know if it has been mentioned yet but looks like a ransom amount has been released; $20 million

https://www.bleepingcomputer.com/news/security/ireland-s-health-services-hit-with-20-million-ransomware-demand/

https://www.businesspost.ie/technology/hackers-of-hse-computer-system-demanded-bitcoin-ransom-worth-150000-242b03ae businesspost reporting they only asked for ~€120K (3 Bitcoin)...source is tenuous though (text file found on hacked system)

Also they might have just asked for that amount from the 1 hospital

markgb

Northernlily wrote: »

Appalling. We have such a post Covid backlog and now this.

As for the Windows v Linux argument. Windows is perfectly fine if you keep on top of the latest cybersecurity updates and the organisation is informed and trained on latest security risks. I wonder did someone click onto a phishing email which allowed them in? Anyone know?

If Windows is perfectly fine then why are all ransomware attacks on Windows machines? Attacks on Linux machines are almost unheard of.

Ash.J.Williams

markgb wrote: »

If Windows is perfectly fine then why are all ransomware attacks on Windows machines? Attacks on Linux machines are almost unheard of.

Not all windows machines are patchable too, in most organisations you would have an exclusion list of servers that can’t be patched , a patch can take down a live system if it’s not compatible

magicbastarder

magicbastarder wrote: »

funny thing - i've been (genuinely) in it for 22 years so at this point, as we're playing pass the parcel, i'll wait for the next person who has been in it 23 years.

I've still only been in it for 14 years. But my bullsh*t-ometer is highly tuned and there's lots on this thread. Not referring to you, but some posts are just... Indescribably stupid.

suicide_circus

suicide_circus wrote: »

Spend the €16m on hiring some other hackers to track these hackers down and some mercenaries to ahem neutralise them.

This wasn't done by a hacker group like Legion of Doom or some solo teenager in his mom's basement. This was an organised crime group. Finding them would be a seriously difficult task if not impossible.

strathspey

Sounds like bloody Russians again...... these people are a scurge!
I'm still wondering when the world id going to demand restitution for the decades of having inflicted communism on the world....that demand should amount to trillions!

JeffKenna

blanch152 wrote: »

Can't be bothered reading through 35 pages of this, but can anyone tell me whether it has been identified as Leo's fault yet?

Your obsession with him is boarding on unhealthy at this stage.

strathspey

strathspey wrote: »

Sounds like bloody Russians again...... these people are a scurge!
I'm still wondering when the world id going to demand restitution for the decades of having inflicted communism on the world....that demand should amount to trillions!

Yes the ideal scapegoats!

ForestFire

blanch152 wrote: »

Can't be bothered reading through 35 pages of this, but can anyone tell me whether it has been identified as Leo's fault yet?

Why would you think it's Leo's fault?

The data has been encrypted and locked away form anyone to access it........


...........the exact opposite of a Leo leak ;-)

magicbastarder

markgb wrote: »

If Windows is perfectly fine then why are all ransomware attacks on Windows machines? Attacks on Linux machines are almost unheard of.

i'm no linux expert, but linux counts for a reported 2% of desktop/laptop operating systems - so if you want to write malware to extort money from people, you've a 40x greater pool of potential 'clients' by going for windows.
also, linux users would tend to be more technical and are probably better at keeping their systems up to date.
so cost/benefit is skewed vastly in favour of targetting windows.

magicbastarder

magicbastarder wrote: »

i'm no linux expert, but linux counts for a reported 2% of desktop/laptop operating systems - so if you want to write malware to extort money from people, you've a 40x greater pool of potential 'clients' by going for windows.
also, linux users would tend to be more technical and are probably better at keeping their systems up to date.
so cost/benefit is skewed vastly in favour of targetting windows.

True on the desktop front but the majority of servers tend to be nix based.

From a hacking point of view, outside of the social engineering side of things, you need to able to target unix and linux based systems as.well as windows.

A lot of civil service departments, the majority of their application and database servers are nix based.

magicbastarder

true, but they'd be much better protected and in theory, backed up. much harder to get the ransomware onto in the first place, you'd like to think.

timeToLive

I know this is a weird take for a lot of people and I know a lot of people are really invested in computers so I expect backlash.

I think computers are half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these computers plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

markgb

political analyst wrote: »

Why would Russian hackers have any interest in the IT system of the Irish public healthcare system anyway?

They don't. They're just interested in the $20M they can extract from it.

markgb

seamus wrote: »

This is known as Spear Phishing and it's insanely effective. All it takes really is one distracted employee and a decently crafted mail and you're in.

I got a LinkedIn message recently from a direct connection asking me if I'd like to quote for some work they needed doing. Naturally, I was thrilled and clicked the link in the message to see what they wanted. It didn't immediately strike me as off that the page asked for my Microsoft login credentials, but then I paused and closed the tab and asked the contact to send me a PDF instead. They said they couldn't and I needed to fill out the online form instead so I dropped the conversation. A few hours later the contact mailed me again to say they had been hacked and I should delete all messages.

I'm decades in the game and I nearly fell for this one. You're absolutely right, it isn't just Nigerian prince emails - they are a lot more sophisticated than that.

Infini

timeToLive wrote: »

I know this is a weird take for a lot of people and I know a lot of people are really invested in computers so I expect backlash.

I think computers are half the problem here, it facilitates these criminals. I understand there is little governments can do about them though, banning doesn't really have any effect. If the value of all these computers plummeted though, I think ransomware attacks would be far less lucrative. Pipe dream though I understand.

The thing though is technology is heading that way no matter what and it's just one of those things that's become a risk in modern day life. What incidents like this prove though is you need to have competent computer technicians on hand and to be smart enough to have backup systems as well as backed up data thats held offline or in a closed network to fall back on. Besides the fact that you need to basically have up to date systems themselves and should not be using any outdated OS except Windows 10 etc any system with important data should at the very least have a separate closed system not connected to the wider internet to limit damage.

magicbastarder

magicbastarder wrote: »

true, but they'd be much better protected and in theory, backed up. much harder to get the ransomware onto in the first place, you'd like to think.

Linux ransomware certainly exists it's seen as a Windows only issue, but not the case anymore. Once you have a foot in the door just a matter of luck and skill.

irishgeo

markgb wrote: »

I got a LinkedIn message recently from a direct connection asking me if I'd like to quote for some work they needed doing. Naturally, I was thrilled and clicked the link in the message to see what they wanted. It didn't immediately strike me as off that the page asked for my Microsoft login credentials, but then I paused and closed the tab and asked the contact to send me a PDF instead. They said they couldn't and I needed to fill out the online form instead so I dropped the conversation. A few hours later the contact mailed me again to say they had been hacked and I should delete all messages.

I'm decades in the game and I nearly fell for this one. You're absolutely right, it isn't just Nigerian prince emails - they are a lot more sophisticated than that.

This is why we need to get rid of passwords.

ressem

markgb wrote: »

I'm decades in the game and I nearly fell for this one. It isn't just Nigerian prince emails - they are a lot more sophisticated than that.

Yep, it's not just dumb mail anymore, it can appear to be a continuation of a previous email conversation, with the newest revision of a contract.
Even our small business gets files that require submitting to Symantec as they're not recognised yet. So they can't be that expensive.
(A few hours later we'll get a mail like)

symantec wrote:

Determination: New Threat
Submission Detail: This file is detected as Trojan Horse with our existing Rapid Release definition set. Protection is available in Rapid Release definitions with a sequence number of XXXXX or greater.
Signature Protection Name: Trojan Horse

And a few hours later, a nice techie PDF with a full breakdown of the registry and file accesses that it would try to make. Better hope it's been trapped / spotted by other means.
"Rapid Release definitions undergo basic quality assurance tests by Symantec Security Response. ... However, they do not undergo the intense testing that is required for a LiveUpdate release."

DubInMeath wrote:

True on the desktop front but the majority of servers tend to be nix based.

From a hacking point of view, outside of the social engineering side of things, you need to able to target unix and linux based systems as.well as windows.

A lot of civil service departments, the majority of their application and database servers are nix based.

In the case of the Brenntag Chemicals ransomware, the encryptor was run on the underlying ESXi hypervisor upon which the servers sit. (Originally derived from a linux based OS)

The attackers claim that they just bought the credentials and applied this.

The MS operating systems can be configured to do a lot better, but it's seen as against their business interests to provide a straightforward secure mode.

Is there anyone that uses MS Edge's new Appguard mode as their main browser? Which doesn't allow copy-paste, and downloads to a folder in a virtual machine.
There ought to be the same for Outlook and similar that doesn't require paying 50 per person per month for E5 licenses.

If there's anyone else worrying that their bosses will start demanding plans and strategies on Monday morning there's sites like.
https://www.nccoe.nist.gov/projects/building-blocks/data-security
as a starting point to cut and reformat to our own cases; before the consultants take us to the cleaners.

dubrov

irishgeo wrote:

This is why we need to get rid of passwords.

I don't see how other forms of authentication are any more secure.

Two factor authentication is obviously a lot more secure though

dubrov

dubrov wrote: »

I don't see how other forms of authentication are any more secure.

Two factor authentication is obviously a lot more secure though

Security key or biometrics are far more secure than passwords

dubrov

Badly fukt wrote:

Security key or biometrics are far more secure than passwords

Security key is effectively a password but I guess human made passwords are more guessable.

Unfortunately they are much harder to remember as well so tend to be written down a lot more.

Biometrics can also be copied and cannot be changed later unlike passwords.

dubrov

dubrov wrote: »

Security key is effectively a password but I guess human made passwords are more guessable.

Unfortunately they are much harder to remember as well so tend to be written down a lot more.

Biometrics can also be copied and cannot be changed later unlike passwords.

They are still more secure than passwords, my point stands!

Man Vs ManUre

You can have back your computery thingamajigs if you pay me ................ One Million dollars.

Donald Trump

magicbastarder wrote: »

i'm no linux expert, but linux counts for a reported 2% of desktop/laptop operating systems - so if you want to write malware to extort money from people, you've a 40x greater pool of potential 'clients' by going for windows.
also, linux users would tend to be more technical and are probably better at keeping their systems up to date.
so cost/benefit is skewed vastly in favour of targetting windows.

Or write the malware in cross platform language such as java.


You could also run ELF binaries under WSL if you wanted to go that way I guess. I don't know whether that is done in practice for malware. I've never used WSL, am just aware if it