Comments

You must log in or register to comment.

WhatTheZuck420 t1_j600vw3 wrote

meanwhile, new ransomware attacks appeard from a group called the jive

15

Fun_Ad_9878 t1_j604nil wrote

I just don't get it. Don't pay them and they will go away. The best defense is good security practices along with regular backups. This is coming from someone who was attack. Use unique random passwords. Block sensitive ports especially rdp. Use a VPN. Regularly backup.

−5

Doktor_Wunderbar t1_j60718s wrote

That's why they attack hospitals. Depending on the systems that are corrupted, lives may depend on resolving the problem as quickly as possible. Many hospitals have adapted by beefing up their IT department, but enough of them have just paid the ransom to make hospitals a profitable target.

18

theanswar t1_j60ab1h wrote

Its a challenge to do, after the fact. Once you're pwned, you can't go back. Many companies, public and private, have put off investing into their security and IT stack (Southwest Airlines) and have to deal with it after-the-fact.

Schools, especially public ones, can't invest in IT. Let's see what the voters and unions would approve: A new backup software or more in teacher salaries and school lunches. It's a losing game for most public school IT departments.

So they get exploited. And now they don't have the infrastructure or processes to restore from backup and start new. So they pay. They have to because it's still cheaper than all of the above.

Plus, what if it's a phish or social engineer? Then the mitigations above will only be partially effective.

It's a multi-dimensional problem, for sure, and technology can help mitigate some of it. But ransomware won't go away, and blaming the victim for paying to keep their organization going (saving lives or teaching kids) isn't the right thing to do either.

11

gordonjames62 t1_j60au5x wrote

When these guys compromise hospitals, they need to be extradited and charged with attempted murder.

I would love to see them extradited it Iran or China or some other country that has "rapid justice"

28

Fun_Ad_9878 t1_j60f4wf wrote

Personally we were idiots. We had very weak passwords that were used on multiple machines and there were rdp ports open. Simply blocking the rdp ports by ip and then moving to a VPN with no ports open was enough. Then we set a different admin on each computer with a unique random password. Imo this is how they break in. They just find the next idiot. We are not talking about investing in security. We are talking about companies that just completely ignore security. We are just talking about basic things.

4

theanswar t1_j60fwt5 wrote

>We are talking about companies that just completely ignore security

Correct, because its costly to even have someone on staff who manages it. Let the IT Admin also be the CISO... and the help desk... and the patch manager... and the hardware department... and software... you get the idea.

Very few school districts could afford a role for a security manager, as the board and parents would prefer the money be allocated to sports, teachers or programs.

3

Stunning_Delay9811 t1_j60t367 wrote

Nah we need to take it one step further. There needs to be "special military operations" conducted to take some of these people out, because the only reason a lot of them aren't receiving justice, is the grey area of international law.

6

Toadipher t1_j62mvts wrote

Why are people stealing from schools and hospitals? Go steal from people worth stealing from.

2