My wife's hospital will be hitting the news shortly

Ph64
Posts: 2434
Joined: Wed Feb 08, 2017 10:34 pm

Re: My wife's hospital will be hitting the news shortly

Post by Ph64 » Tue Jun 27, 2017 9:30 am

DBTrek wrote:
TheReal_ND wrote:Wannacry has been in the news how long?
Exactly what I was saying this morning.
There's a point where you can no longer save people from themselves.

You know who ISN'T being hit by the latest RansomWare attack?
AWS/Azure.

But all you wannabe network admins keep slaving away at those certs for your soon to be doomed profession.
:twisted:
I dunno what the rules are for HIPAA, but we had a French subsidiary at my last job and it was a headache with EU rules, you can't store EU healthcare data outside the EU, so you can't let AWS migrate load anywhere outside the EU. Not sure what US/HIPAA would say about AWS, never had to look into it.
i wonder how you could even get into AWS to lock somebody out if you don't have the key. You'd probably have to target Amazon somehow.
Well, that depends... What machine(s) locally in the hospital have the key to access AWS. All it takes is for say one secretary to open "Check this out, its HILARIOUS!!" and run the attachment and then it eventually gets to the AWS software developer/admin who has the key and...

..probably not there yet, but a backdoor Trojan that let's someone get that key and they're fucked.

And as I said, like my neighbor who bought his first laptop (heck, first computer, at 63y/o)and within 2 weeks was calling me with a 'ransom' popup on his screen... I said "let me guess, a porn site?" (If its a guy, 98% chance :roll: ) which he sheepishly admitted - I offered to stop over, but his solution was to put it back in the box and AFAIK its still in a box in his house gathering dust 2 years later - no matter what you do, eventually some user will do something stupid.

User avatar
DBTrek
Posts: 12241
Joined: Wed Jan 25, 2017 7:04 pm

Re: My wife's hospital will be hitting the news shortly

Post by DBTrek » Tue Jun 27, 2017 9:35 am

Ph64 wrote:I dunno what the rules are for HIPAA, but we had a French subsidiary at my last job and it was a headache with EU rules, you can't store EU healthcare data outside the EU, so you can't let AWS migrate load anywhere outside the EU. Not sure what US/HIPAA would say about AWS, never had to look into it.
Image

Problem solved. Data stays in Europe.
;)

If the Federal government (including DoD), Goldman Sachs, and Visa can use cloud solutions, I suspect the medical industry can as well. If not - then good news for GCF and Co, there will be a handful of hospitals that need your network skills to run their outdated server closets.
:clap:
"Hey varmints, don't mess with a guy that's riding a buffalo"

User avatar
SuburbanFarmer
Posts: 25279
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: My wife's hospital will be hitting the news shortly

Post by SuburbanFarmer » Tue Jun 27, 2017 10:29 am

DBTrek wrote:
Ph64 wrote:I dunno what the rules are for HIPAA, but we had a French subsidiary at my last job and it was a headache with EU rules, you can't store EU healthcare data outside the EU, so you can't let AWS migrate load anywhere outside the EU. Not sure what US/HIPAA would say about AWS, never had to look into it.
Image

Problem solved. Data stays in Europe.
;)

If the Federal government (including DoD), Goldman Sachs, and Visa can use cloud solutions, I suspect the medical industry can as well. If not - then good news for GCF and Co, there will be a handful of hospitals that need your network skills to run their outdated server closets.
:clap:
Not me specifically. I'm into business systems. But there wI'll always be a need for network infrastructure, regardless of cloud storage or even processing.
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0

User avatar
SilverEagle
Posts: 2421
Joined: Wed Nov 30, 2016 11:07 am

Re: My wife's hospital will be hitting the news shortly

Post by SilverEagle » Tue Jun 27, 2017 10:46 am

There is a time for good men to do bad things.

For fuck sake, 1984 is NOT an instruction manual!

:character-bowser: __________ :character-mario: :character-luigi:

Dand
Posts: 571
Joined: Thu Dec 01, 2016 4:57 pm

Re: My wife's hospital will be hitting the news shortly

Post by Dand » Tue Jun 27, 2017 11:27 am

I'm also feeling the slight effects from today's ransomware. My company isn't hacked but some people we do business with are almost completely offline.

I don't have much sympathy. The companies being held for ransom are not being careful enough.

Ph64
Posts: 2434
Joined: Wed Feb 08, 2017 10:34 pm

Re: My wife's hospital will be hitting the news shortly

Post by Ph64 » Tue Jun 27, 2017 11:39 am

DBTrek wrote:
Ph64 wrote:I dunno what the rules are for HIPAA, but we had a French subsidiary at my last job and it was a headache with EU rules, you can't store EU healthcare data outside the EU, so you can't let AWS migrate load anywhere outside the EU. Not sure what US/HIPAA would say about AWS, never had to look into it.
Image

Problem solved. Data stays in Europe.
;)

If the Federal government (including DoD), Goldman Sachs, and Visa can use cloud solutions, I suspect the medical industry can as well. If not - then good news for GCF and Co, there will be a handful of hospitals that need your network skills to run their outdated server closets.
:clap:
Not necessarily, there's the health privacy part of it too... if the AWS datacenter employees have access to the data (or backups) then it can be a privacy issue as well. There might well some restrictions on that (EU or US), potentially you could have to certify a limited number of AWS Amazon folks that could access it.

At my last job we had a team off offshore Indian guys, but certain servers with sensitive HR info they weren't allowed on - us onshore people had to send HR copies of our birth certificate/drivers license or passport (photo proof of citizenship) to be classed as "export controlled certified" to be able to work on those systems.

Possible, again I dunno what all the rules are, but I do remember that even applying patches to HIPAA servers had to be done with documentation on what patches were applied, software updates the same thing - all had to have a well documented "paper trail" to conform with the rules, you couldn't just push out changes "whenever". And that could be a problem with something like AWS, Amazon couldn't just push out some underlying code change at random, or move you between servers if all the servers involved weren't strictly controlled/documented.

If you want to move your online office supply ordering server to AWS, no problem... anything with HIPAA data is an entirely different ball of wax because of the rules.
Last edited by Ph64 on Tue Jun 27, 2017 11:50 am, edited 2 times in total.

User avatar
SilverEagle
Posts: 2421
Joined: Wed Nov 30, 2016 11:07 am

Re: My wife's hospital will be hitting the news shortly

Post by SilverEagle » Tue Jun 27, 2017 11:41 am

Dand wrote:I'm also feeling the slight effects from today's ransomware. My company isn't hacked but some people we do business with are almost completely offline.

I don't have much sympathy. The companies being held for ransom are not being careful enough.
When its hospitals being attacked people can die. What kind of sick fuck are you?!
There is a time for good men to do bad things.

For fuck sake, 1984 is NOT an instruction manual!

:character-bowser: __________ :character-mario: :character-luigi:

User avatar
Speaker to Animals
Posts: 38685
Joined: Wed Nov 30, 2016 5:59 pm

Re: My wife's hospital will be hitting the news shortly

Post by Speaker to Animals » Tue Jun 27, 2017 11:48 am

Targeting a hospital makes me want to kill the people responsible. At least cut their legs off. That's actually really dangerous.

Ph64
Posts: 2434
Joined: Wed Feb 08, 2017 10:34 pm

Re: My wife's hospital will be hitting the news shortly

Post by Ph64 » Tue Jun 27, 2017 11:53 am

Speaker to Animals wrote:Targeting a hospital makes me want to kill the people responsible. At least cut their legs off. That's actually really dangerous.
I highly doubt they "targeted" the hospital specifically, they probably just bulk emailed their virus to a slew of email addresses obtained somewhere.

User avatar
SuburbanFarmer
Posts: 25279
Joined: Wed Nov 30, 2016 6:50 am
Location: Ohio

Re: My wife's hospital will be hitting the news shortly

Post by SuburbanFarmer » Tue Jun 27, 2017 11:59 am

Detail on the attack. It's the same guys, and I'm sure they won't be put off by a silly domain name this time.

Side Note: It seems that Microsoft already released a patch to resolve this, so the only people affected are the ones that didn't pay attention the first time.



[ALERT] Looks Like A New Worldwide Ransomware Outbreak
It's using the same NSA EternalBlue Exploit as WannaCry


Motherboard reported: "A quickly-spreading, world-wide ransomware outbreak has reportedly hit targets in Spain, France, Ukraine, Russia, and other countries." We hope we are wrong, but this could be another WannaCry.

On Tuesday, a wide range of private businesses reportedly suffered ransomware attacks. Although it is not clear if every case is connected, at least several of them appear to be related to the same strain of malware."
Motherboard continued: "The attacks are similar to the recent WannaCry outbreak, and motherboard has seen several reports of infections shared by victims on Twitter. We were not able to immediately confirm the veracity of the reports, but several security researchers and firms also reported the attacks.

"We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat.
Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin.
"If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

Raiu believes the ransomware strain is known as Petya or Petrwrap, a well-known highly advanced ransomware strain that also encrypts the Master File Table. According to a tweet from anti-virus company Avira, the Petya attacks were taking advantage of the EternalBlue exploit previously leaked by the group known as The Shadow Brokers (Motherboard could not independently confirm this at the time of writing).
EternalBlue is the same exploit used in the WannaCry attacks; it takes advantage of a vulnerability in the SMB data-transfer protocol, and Microsoft has since patched the issue. However, whether customers apply that patch is another matter.
Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others. Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.
If You Have Not Done So Yet, Apply This Patch Immediately.
From what we have been able to learn, this new worm spreads through SMB just like WannaCry so when we're talking about machines behind firewalls being impacted, it implies ports 139 and 445 being open and at-risk hosts listening to inbound connections. It'd only take one machine behind the firewall to become infected to then put all other workstations and servers at risk due to it being a true worm.
In the meantime, harden yourselves against this Windows Network Share vulnerability and ensure that all systems are fully patched with the "MS17-010" security update (link below) and remind all staff to Think Before They Click when they receive any out of the ordinary emails. https://technet.microsoft.com/en-us/lib ... 7-010.aspx
Note, the patch is included in the Monthly Quality rollups.
________________________________________
SJWs are a natural consequence of corporatism.

Formerly GrumpyCatFace

https://youtu.be/CYbT8-rSqo0