Comments
Fun_Ad_9878 t1_j604nil wrote
I just don't get it. Don't pay them and they will go away. The best defense is good security practices along with regular backups. This is coming from someone who was attack. Use unique random passwords. Block sensitive ports especially rdp. Use a VPN. Regularly backup.
Doktor_Wunderbar t1_j60718s wrote
That's why they attack hospitals. Depending on the systems that are corrupted, lives may depend on resolving the problem as quickly as possible. Many hospitals have adapted by beefing up their IT department, but enough of them have just paid the ransom to make hospitals a profitable target.
theanswar t1_j60ab1h wrote
Its a challenge to do, after the fact. Once you're pwned, you can't go back. Many companies, public and private, have put off investing into their security and IT stack (Southwest Airlines) and have to deal with it after-the-fact.
Schools, especially public ones, can't invest in IT. Let's see what the voters and unions would approve: A new backup software or more in teacher salaries and school lunches. It's a losing game for most public school IT departments.
So they get exploited. And now they don't have the infrastructure or processes to restore from backup and start new. So they pay. They have to because it's still cheaper than all of the above.
Plus, what if it's a phish or social engineer? Then the mitigations above will only be partially effective.
It's a multi-dimensional problem, for sure, and technology can help mitigate some of it. But ransomware won't go away, and blaming the victim for paying to keep their organization going (saving lives or teaching kids) isn't the right thing to do either.
gordonjames62 t1_j60au5x wrote
When these guys compromise hospitals, they need to be extradited and charged with attempted murder.
I would love to see them extradited it Iran or China or some other country that has "rapid justice"
Fun_Ad_9878 t1_j60f4wf wrote
Personally we were idiots. We had very weak passwords that were used on multiple machines and there were rdp ports open. Simply blocking the rdp ports by ip and then moving to a VPN with no ports open was enough. Then we set a different admin on each computer with a unique random password. Imo this is how they break in. They just find the next idiot. We are not talking about investing in security. We are talking about companies that just completely ignore security. We are just talking about basic things.
theanswar t1_j60fwt5 wrote
>We are talking about companies that just completely ignore security
Correct, because its costly to even have someone on staff who manages it. Let the IT Admin also be the CISO... and the help desk... and the patch manager... and the hardware department... and software... you get the idea.
Very few school districts could afford a role for a security manager, as the board and parents would prefer the money be allocated to sports, teachers or programs.
codinginacrown t1_j60g06h wrote
Some hospitals have insurance that will cover the ransom too. Time is more important than the money.
Stunning_Delay9811 t1_j60t367 wrote
Nah we need to take it one step further. There needs to be "special military operations" conducted to take some of these people out, because the only reason a lot of them aren't receiving justice, is the grey area of international law.
drekmonger t1_j610gg3 wrote
I mean, they're mostly in China and Russia to begin with. If you send them to Iran, they'll get recruited.
[deleted] t1_j610qbc wrote
[deleted]
[deleted] t1_j61hnt4 wrote
[removed]
snarkshsha t1_j61y7rg wrote
Many are state sponsored. Bet.
Toadipher t1_j62mvts wrote
Why are people stealing from schools and hospitals? Go steal from people worth stealing from.
Zeraru t1_j632g4d wrote
Easy targets. And the perpetrators either have no moral bone in their body or make um some bullshit rationalization for themselves.
JasonP27 t1_j6374ap wrote
The hospital I work at was affected by a ransomware attack over a year ago. It affected many companies at the same time. We didn't get paid properly for months.
A-Do-Gooder OP t1_j64or4g wrote
Thieves aren't known to be virtuous. They take it anywhere they can get it, despite of the impact of those they take it from.
WhatTheZuck420 t1_j600vw3 wrote
meanwhile, new ransomware attacks appeard from a group called the jive