Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(CNN)   Jackson Hospital gives a master class in what to do if you get hit by ransomware: "Lock it down and piss people off"   (cnn.com) divider line
    More: Interesting, Health care, Hospital, Patient, Health care provider, Computer, Jamie Hussey, Medicine, emergency room of Jackson Hospital  
•       •       •

3348 clicks; posted to STEM » on 16 Jan 2022 at 6:14 PM (17 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



23 Comments     (+0 »)
View Voting Results: Smartest and Funniest
 
2022-01-16 3:27:37 PM  
I'm really happy that the companies I've worked for never paid a red cent when hit by this stuff. To quote Drew "How about 'jack shiat and go fark yourself'?"
 
2022-01-16 3:49:10 PM  
The company I work for got hit about 3 years ago now.  Some idiot higher up got phished and had the credentials to really fark things over.  It took us over 3 months to fully recover from that mess.  No idea if the company paid anything or not.  On the plus side, it hit only the corporate network, not the test network.  So I could still work.
 
2022-01-16 6:20:26 PM  
I hear he's the leading candidate for president in some island country just east of Africa.
 
2022-01-16 6:40:28 PM  
IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.

- Does Windows have a similar backup utility to Time Machine utility these days?
- Is running regular backups a normal practice for IT administrators?
- Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?
 
2022-01-16 6:47:44 PM  
Feel good story?
 
2022-01-16 6:49:46 PM  
Yeah, paper charting, that works out great... unless you're in radiology. No computers, no pictures. One of my hospitals got hit by ransomware over a year ago and it knocked out all of their imaging for weeks. I think they ended up paying the ransom too.
 
2022-01-16 7:56:57 PM  

Izunbacol: IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.

- Does Windows have a similar backup utility to Time Machine utility these days?
- Is running regular backups a normal practice for IT administrators?
- Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?


Yes, Windows has a function to take regular snapshots of the drive. System Restore is the main program for that, though VSS is also a thing. VSS is not as useful against a ransomware attack.
Regular backups to external storage SHOULD be a normal practice for IT. Heavy emphasis on "should". I've seen places that don't do backups at all, and ive seen places that save their backups on the same machine they do their business on.
I can't give a solid answer on the ransomware question, as I haven't dealt with it yet. It's likely that at least some (if not most) ransomware infects backups. If I were that kind of asshole, I would certainly try to program in at least two different ways to infect or fry backups.
 
2022-01-16 7:58:54 PM  

Izunbacol: IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.


Let's start:

- Does Windows have a similar backup utility to Time Machine utility these days?

Windows has two: File History and Backup/Restore.
File History: only backs up versions of files in your personal Documents/Videos/Music folders every hour, but it lets you revert back to previous versions of those files. It is useless for ransomware
Backup/Restore: Can back up the entire disk, but must be scheduled. Useful for ransomware but more difficult to use.

Izunbacol: - Is running regular backups a normal practice for IT administrators?


On servers? Absolutely. If you aren't running daily backups on a server, you have an incompetent admin, a cheap business unit, or both. On workstations, it is significantly more expensive, so it isn't as common.

Izunbacol: - Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?


Yes. It will usually lie dormant, or even worse create a scheduled task to execute at a time when you wouldn't notice the overhead it uses to encrypt a hard drive. You know, like a reboot. If your reboot takes ten minutes you might think something's wrong, but since you aren't logged in yet you can't even tell.

The holy grail for any ransomware attack is to compromise the backups. Once the disk or filesystem is encrypted a backup is going to write out the encrypted data, so you can't read them. Since storage has gotten so cheap and so large, backups these days are largely done by "snapshots" - which are point in time markers that then track changes to a disk. If you are compromised with ransomware, then your backup includes the disk encryption from the moment it happens, and you can only go back to the time before it happened. However, most companies don't have enough storage for unlimited snapshots, so they start deleting old ones after a week, or two, or maybe a month. If you can mask the compromise for that long, then even the backups won't help you.

This is why multi-tier backups are a good idea. At my last company, they'd keep snapshots/backups on a rolling basis: two weeks with daily snapshots, once a month snapshots, once a month full backup, every three months full backup, and finally once a year full backups. So worst case scenario, we had up to a year to discover a ransomware infection, which was a reasonable balance between cost and data protection.
 
2022-01-16 8:06:03 PM  

northernmanor: Feel good story?


not IMHO. but i do like the mention of common sense pen and paper. the US gov't still runs many operations the 1957 way. they don't get fooled again.
 
2022-01-16 8:18:33 PM  

Izunbacol: IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.

- Does Windows have a similar backup utility to Time Machine utility these days?
- Is running regular backups a normal practice for IT administrators?
- Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?


In addition to previous answers Windows 10 has a specific Ransomeware Protection which restricts access to selected folders (your important stuff) and hopefully keeps it out of react to ransomeware.
🔒 Windows Defender vs Ransomware: PROTECT Windows 10 Using Controlled Folder Access
Youtube rcd01EvpDmg


In the NHS ransomeware attack a few years ago most of the hit machines were still on XP or Vista.
 
2022-01-16 10:39:58 PM  
He was trying to figure out if the hackers had stolen any hospital data, and if they might need to be paid off to get it back.

The reporter doesn't have a goddamn clue how this works.
 
2022-01-16 10:41:24 PM  

Carter Pewterschmidt: Izunbacol: IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.

- Does Windows have a similar backup utility to Time Machine utility these days?
- Is running regular backups a normal practice for IT administrators?
- Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?

In addition to previous answers Windows 10 has a specific Ransomeware Protection which restricts access to selected folders (your important stuff) and hopefully keeps it out of react to ransomeware.
[YouTube video: 🔒 Windows Defender vs Ransomware: PROTECT Windows 10 Using Controlled Folder Access]

In the NHS ransomeware attack a few years ago most of the hit machines were still on XP or Vista.


Controlled folder access is a gigantic pain in the ass with more bugs than the Amazon jungle.
 
2022-01-16 11:23:46 PM  
This one deserves the Hero tag for quick action and good planning.
 
2022-01-17 3:18:05 AM  

Lsherm: Izunbacol: IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.

Let's start:

- Does Windows have a similar backup utility to Time Machine utility these days?

Windows has two: File History and Backup/Restore.
File History: only backs up versions of files in your personal Documents/Videos/Music folders every hour, but it lets you revert back to previous versions of those files. It is useless for ransomware
Backup/Restore: Can back up the entire disk, but must be scheduled. Useful for ransomware but more difficult to use.

Izunbacol: - Is running regular backups a normal practice for IT administrators?

On servers? Absolutely. If you aren't running daily backups on a server, you have an incompetent admin, a cheap business unit, or both. On workstations, it is significantly more expensive, so it isn't as common.

Izunbacol: - Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?

Yes. It will usually lie dormant, or even worse create a scheduled task to execute at a time when you wouldn't notice the overhead it uses to encrypt a hard drive. You know, like a reboot. If your reboot takes ten minutes you might think something's wrong, but since you aren't logged in yet you can't even tell.

The holy grail for any ransomware attack is to compromise the backups. Once the disk or filesystem is encrypted a backup is going to write out the encrypted data, so you can't read them. Since storage has gotten so cheap and so large, backups these days are largely done by "snapshots" - which are point in time markers that then track changes to a disk. If you are compromised with ransomware, then your backup includes the disk encryption from the moment it happens, and you can only go back to the time before it happened. However, most companies don't have enough storage for unlimited snapshots, so they start deleting old ones after a week, or two, or maybe a month. If you can mask the compromise for that long, then even the backups won't help you.

This is why multi-tier backups are a good idea. At my last company, they'd keep snapshots/backups on a rolling basis: two weeks with daily snapshots, once a month snapshots, once a month full backup, every three months full backup, and finally once a year full backups. So worst case scenario, we had up to a year to discover a ransomware infection, which was a reasonable balance between cost and data protection.


For my little, not so important newspaper files I keep a weekly and a monthly back up. The weekly goes to one drive, the monthly goes to two additional drives. One of which is at my house the other at the office on a portable drive.

I've also got the really critical files like templates, design libraries and our permanent art file on another drive that never gets touched other than to occasionally make sure it's still working. We have the most recent editions as PDFs on Adobe's Cloud too. From the deep storage, and the recent PDFs I could rebuild everything.

The full history of the company from shortly after we swapped to Macs back in 2002 or so is in all three of those back ups.

I also an drifty so sometimes I forget to grab the office drive for weeks at a time so it is some times more like  bi-monthly back up.
 
2022-01-17 4:46:53 AM  
Our payroll company (3rd party) was hit back in November. Didn't have a decent paycheck since then, as they only estimated our payroll.

I'm also pissed I got left out of spark money because of it as well.
 
2022-01-17 5:16:47 AM  

Izunbacol: IT folks - question for you.

I get a little itchy if I don't do a full HD backup at least once a month, and generally do it once a week.  That said, it's on my MacBook, and the act of doing a backup is basically "I get a reminder that' it's been X days, and I plug the portable HD into the USB port before I go to bed" and it does it all.  Even without the drive, I can always revert back to a state a few hours before just using the saved states in Time Machine.

- Does Windows have a similar backup utility to Time Machine utility these days?
- Is running regular backups a normal practice for IT administrators?
- Is ransomware designed so that it lies dormant after initial infection and executes at a specific date or on a specific command to counteract backups?



Backups are indeed a normal practice for anyone who wants to avoid any type of loss.

I like Apple's Time Machine and have also endeavoured to find something as close as possible for PC.  Macrium Reflect is free, well regarded, and as close as I can find in features.

Unlike Time Machine's entirely transparent set and forget system, you do have to manage how often full backups and differential backups occur.  I set for a complete new backup once a month, and differentials daily.

You may then explore and access any individual files contained within the backup set or use them to re-image the C: drive, which I have done on many occasions with ease.

If you target a properly configured NAS with your backups, any attempt to encrypt the NAS would ultimately end with the drive running out of storage.  After taking your infected PC offline, you can then delete all of the newly encrypted files on the NAS, and then restore the deleted originals to get you into a position to restore your PC.
 
2022-01-17 8:23:51 AM  
"Lock it down and piss people off," Hussey, who has worked at Jackson for over 25 years, said in a Southern drawl. "It's what you have to do just to secure your network."


Same strategy works for other virus as well.
 
2022-01-17 8:27:25 AM  
I use backblaze for an offsite backup. It runs continuously in the background and saves things as long as the internet is on.

It really really helped me when my hard drive crashed and computer died (I'm too lazy to provide specifics, but the computer was totaled) - I was able to recover everything and transfer to a new computer with pretty minimal effort.

It costs about $100 a year, but worth it in my opinion. I'm sure there are other similar services, but for me an off-site backup made more sense than either an additional internal or external drive with infrequent backups.
 
2022-01-17 10:54:48 AM  
This is something the government should be going after.
 
2022-01-17 12:55:36 PM  

mjbok: This is something the government should be going after.


Take a couple minutes and reflect on this. Who would be behind an attack on our health care industry?  Who would think it was a good idea to put people's lives at risk by compromising  critical systems, and is not worried about any repercussions?

The answer should come to you pretty quickly.
 
2022-01-17 2:02:45 PM  

leviosaurus: Take a couple minutes and reflect on this. Who would be behind an attack on our health care industry?


I'm not talking about this specific instance, I am talking about it in general.
 
2022-01-17 3:02:23 PM  

mjbok: leviosaurus: Take a couple minutes and reflect on this. Who would be behind an attack on our health care industry?

I'm not talking about this specific instance, I am talking about it in general.


Still applies. Same people in most cases.
 
2022-01-17 3:26:00 PM  
So my question: for larger hospitals that has EMR/EHRs from giants like Epic, Cerner, or Allscripts, if they get hit with ransomware, do those vendors step in to help or are the hospitals on their own.

Even small vendors like MedFusion, what role do they play in helping their clients?
 
Displayed 23 of 23 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking




On Twitter


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.