• HOME

  • ABOUT

  • SOLUTIONS

  • PAPERS AND PUBLICATIONS

  • CONTACT

  • Blog

  • More

    washingtoncybercenter.com

    © 2023 by Marketing Solutions. Proudly created with Wix.com

    Cybersecurity, the Holiday Season and the Grinch

    December 6, 2019

    Cybersecurity, Vendors and Stolen Laptops

    December 2, 2019

    Cybersecurity and Dental Services

    November 29, 2019

    Cybersecurity and IT Firms

    November 25, 2019

    Cybersecurity and Small Town Attacks

    November 22, 2019

    Cybersecurity and Online Gaming

    November 18, 2019

    Cybersecurity, Backup Services and Ransomware

    November 15, 2019

    Cybersecurity, PLCs and DoS

    November 4, 2019

    Cybersecurity and Student Loans

    November 1, 2019

    Cybersecurity, Automobiles and Inverter Issues

    October 28, 2019

    Please reload

    Recent Posts

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Featured Posts

    Double face-palm: Paying ransomware with a viable back-up

    February 19, 2018

    |

    Charles Parker, II

    Over the last three years, hospitals and medical offices have been increasingly targeted by attackers. This trend will continue this year and well beyond. Hancock Health, a regional hospital located in Indiana, red-flagged suspicious activities indicative of an attack on January 1 of this year.

     

    The end manifestation of the attack was the employees being locked out of their systems and received a welcoming ransomware. This may not appear to be that debilitating, however when the extent of the encryption was noted, the issue was significant. The target was great than 1400 files. The file extensions were modified to add “.imsorry” at the end of the file. This rather daunting message was met with the hospital paying the ransom to secure the decrypt key. In the environment, this is not the norm. There are a number of significant issues with paying the ransom, including the attacker not providing the decrypt key, leaving behind a bit of special malware to be used later, other access points, and many other reasons not to pay.

     

    The hospital indicated no evidence of their patient information being released or sold. The curious aspect to this was hospital paid $55k to the attackers for the ransom, while they had viable back-ups. This is the anomaly, as it is mostly advised not to pay this. The rationale was the process to restore the back-ups would have cost more than the ransom. This calculation does not seem as if this took into consideration all the germane factors.

     

    The successful attack was not due to a phishing campaign, but through the hospital’s remote access portal, using a third-party vendor’s credentials. The ransomware applied was SamSam or Samas. This provides a lesson for other operators. This could have been avoided or mitigated with training and alert users. Plus, there are a number of programs available for training the users…which should be done throughout the year.

     

    About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

    Share on Facebook
    Share on Twitter
    Please reload

    Follow Us

    I'm busy working on my blog posts. Watch this space!

    Please reload

    Search By Tags

    December 2019 (2)

    November 2019 (7)

    October 2019 (7)

    September 2019 (9)

    August 2019 (10)

    July 2019 (8)

    June 2019 (9)

    May 2019 (10)

    April 2019 (9)

    March 2019 (10)

    February 2019 (8)

    January 2019 (9)

    December 2018 (8)

    November 2018 (9)

    October 2018 (9)

    September 2018 (7)

    August 2018 (9)

    July 2018 (9)

    June 2018 (11)

    May 2018 (6)

    April 2018 (9)

    March 2018 (9)

    February 2018 (8)

    January 2018 (6)

    December 2017 (8)

    November 2017 (7)

    October 2017 (10)

    September 2017 (9)

    August 2017 (10)

    July 2017 (8)

    June 2017 (10)

    May 2017 (8)

    April 2017 (7)

    March 2017 (8)

    February 2017 (7)

    January 2017 (8)

    December 2016 (11)

    November 2016 (14)

    October 2016 (14)

    September 2016 (8)