Ransomware attack on one the largest pediatric hospitals in the country. Fuck around find out on this one.
Without a doubt. It is one thing to do that to businesses that you feel are greedy. Doing that to a kids hospital where it could result in harm to children. No punishment is too severe. Track them down and just make them disappear.
Without a doubt. It is one thing to do that to businesses that you feel are greedy. Doing that to a kids hospital where it could result in harm to children. No punishment is too severe. Track them down and just make them disappear.
Nah, the Clockwork Orange treatment is better. 24/7 videos of Travis/Taylor until they lose the will to live.
Track them down and just make them disappear.
Make it loud and public as a message
.
I suspect that pediatric hospitals will be prime targets for ransomware attacks, as the ethical considerations of paying (save the kids) versus not paying (not funding future ransomware attacks) are most likely to favor paying.
That’s why it is crucial that hospitals do NOT pay ransoms. Ransomware is a business - if they are getting a poor return on attacking hospitals, they will take their efforts elsewere to quieter targets.
Hospitals have insurance for this kind of thing (or should). So the insurance pays which props up the market. Hospital can’t really not have insurance or not pay it so if it’s effective the hacker will get paid.
The ransom is paid usually in bitcoin or perahps a different crypto. The hackers put their reputation on the line when they release the system so there is actually a significant honor system at play. This industry has exploded with crypto and the growth of insurance.
Tracking them down would be amazing… but no way on earth a Russian hacker is going down for this. No guarantee it’s russia, but it’s very likely. Putin likely thinks it’s pretty funny. Almost certainly not from a friendly country.
Whilst I don’t disagree with the sentiment, the practicalities are harder.
A lot of cyber attacks originate from mainland China, North Korea, Ukraine or Russia. I have little doubt that even if the attackers don’t have official or express state approval or protection, they probably have little to no state disapproval.
Sending US “kill teams†into those nations (save perhaps Ukraine) on covert missions is problematic.
I suspect that pediatric hospitals will be prime targets for ransomware attacks, as the ethical considerations of paying (save the kids) versus not paying (not funding future ransomware attacks) are most likely to favor paying.
That’s why it is crucial that hospitals do NOT pay ransoms. Ransomware is a business - if they are getting a poor return on attacking hospitals, they will take their efforts elsewere to quieter targets.
And that’s why it is crucial the perpetrators are killed
Whilst I don’t disagree with the sentiment, the practicalities are harder.
A lot of cyber attacks originate from mainland China, North Korea, Ukraine or Russia. I have little doubt that even if the attackers don’t have official or express state approval or protection, they probably have little to no state disapproval.
Sending US “kill teams†into those nations (save perhaps Ukraine) on covert missions is problematic.
Ukraine is easy…Russia have Ukrainians kill them…China embarrass them and they’ll do the executing…NK use as leverage in negotiating
I suspect that pediatric hospitals will be prime targets for ransomware attacks, as the ethical considerations of paying (save the kids) versus not paying (not funding future ransomware attacks) are most likely to favor paying.
That’s why it is crucial that hospitals do NOT pay ransoms. Ransomware is a business - if they are getting a poor return on attacking hospitals, they will take their efforts elsewere to quieter targets.
A company I work with somewhat regularly provides security consulting services to many large organizations. Page 1 of the how to manual is “own bitcoin so you can quickly pay ransoms”. You would be shocked at how many staid vanilla companies have a pile somewhere for this specific purpose. Refusing to pay out of a sense of duty to potential future victims isn’t the right path for almost anyone.
I suspect that pediatric hospitals will be prime targets for ransomware attacks, as the ethical considerations of paying (save the kids) versus not paying (not funding future ransomware attacks) are most likely to favor paying.
That’s why it is crucial that hospitals do NOT pay ransoms. Ransomware is a business - if they are getting a poor return on attacking hospitals, they will take their efforts elsewere to quieter targets.
A company I work with somewhat regularly provides security consulting services to many large organizations. Page 1 of the how to manual is “own bitcoin so you can quickly pay ransoms”. You would be shocked at how many staid vanilla companies have a pile somewhere for this specific purpose. Refusing to pay out of a sense of duty to potential future victims isn’t the right path for almost anyone.
Another trick is the hacked company asks their IT consultancy or their insurance to pay the ransom, and then in turn pay them back, so the company can publicly claim they didn’t pay the ransom, which implies they managed to recover the data on their own. In reality they ran backups, but never tested them or audited them, and there were gaps, and data was indeed lost. Paying the ransom is the only way to get some of the data back.
Edit: send kill teams where? The hackers are overseas. Sometimes they are internet mafia their own government is trying to apprehend, sure. But oftentimes the hackers are at least tolerated if not outright working with or for their government.
Edit: send kill teams where? The hackers are overseas. Sometimes they are internet mafia their own government is trying to apprehend, sure. But oftentimes the hackers are at least tolerated if not outright working with or for their government.
When I was working cybercrimes as part of an ICAC taskforce, a lot of the large scale very bad actors were eastern European, Ukraine imparticular. I’m now out of the that line of work but I’ve heard North Korea is becoming more prevalent.
Discounting the moral question of sending “kill teams,” I’m not sure how you would do it. It was extremely difficult to identify and track criminals. I was on the LE side where we were handcuffed by things like due process, etc; I always wondered about the capabilities of the intel side that didn’t have the same restrictions.
I’m guessing the NSA and CIA have some nasty stuff they could release if they wanted to. I don’t know why we don’t do a cyber counter offensive in these situations. If people on youtube can wreak havoc on overseas scammers, why can’t government agencies?
Edit: send kill teams where? The hackers are overseas. Sometimes they are internet mafia their own government is trying to apprehend, sure. But oftentimes the hackers are at least tolerated if not outright working with or for their government.
When I was working cybercrimes as part of an ICAC taskforce, a lot of the large scale very bad actors were eastern European, Ukraine imparticular. I’m now out of the that line of work but I’ve heard North Korea is becoming more prevalent.
Discounting the moral question of sending “kill teams,” I’m not sure how you would do it. It was extremely difficult to identify and track criminals. I was on the LE side where we were handcuffed by things like due process, etc; I always wondered about the capabilities of the intel side that didn’t have the same restrictions.
Do you think banning crypto would help much? Just wondering how much the existence of crypto allows these criminals to get paid and avoid discovery, where they would be easier to trace with traditional payment systems.
.
Edit: send kill teams where? The hackers are overseas.
You may be surprised to find out that PMCs operate overseas
I’m guessing the NSA and CIA have some nasty stuff they could release if they wanted to. I don’t know why we don’t do a cyber counter offensive in these situations. If people on youtube can wreak havoc on overseas scammers, why can’t government agencies?
Because we don’t want to start a war. However as these fucksticks aren’t part of a foreign government and PMCs are not either no chance for escalation.
I’m guessing the NSA and CIA have some nasty stuff they could release if they wanted to. I don’t know why we don’t do a cyber counter offensive in these situations. If people on youtube can wreak havoc on overseas scammers, why can’t government agencies?
Because we don’t want to start a war. However as these fucksticks aren’t part of a foreign government and PMCs are not either no chance for escalation.
Yeah, because that worked out so well for Russia.
I’m guessing the NSA and CIA have some nasty stuff they could release if they wanted to. I don’t know why we don’t do a cyber counter offensive in these situations. If people on youtube can wreak havoc on overseas scammers, why can’t government agencies?
Because we don’t want to start a war. However as these fucksticks aren’t part of a foreign government and PMCs are not either no chance for escalation.
Yeah, because that worked out so well for Russia.
Because it’s analogous…Eyeroll emoji
I think it would help to track them. Crypto is trackable but it is difficult and it’s not always successful. Tracking blockchain transactions is very labor and computing intensive.
It’s been about five years since I conducted boots on the ground investigations. I am not up to date. I would hesitate to offer much more than a dated opinion.
I do think banning crypto is futile. It would have to be based on global consensus. We can’t even effectively manage quasi-legal banking in the US.
Somehow we survived as a country w/o crypto, what true economic/social value does it add?