Cybercrime: Nonpersonal and Potentially Deadly

Cybercrime: Non-Personal and Potentially Deadly

Guest Post by Oli Thordarson, President/CEO of Alvaka Networks; Intro by Mimi Grant

Mimi’s Intro:

Last Tuesday, I spotted an article headlined, “Red Cross Urges Halt to Cyberattacks on Healthcare Sector Amid COVID-19.” Must admit, my suspicious genes came to attention based on what I’ve been hearing for the past 25 years from ABL Member Oli Thordarson. So, I immediately wrote him: “Oli, hope I’m not being too cynical, but it doesn’t seem likely to me that this will help… What do you think?”

Oli’s immediate reply was so impressive, that I asked him to please elaborate; and here it is. BTW, the hackers’ quotes are unedited; while English is typically not their first language, you’ll get the idea. Mimi

Oli Thordarson, Alvaka NetworksOli’s Post:

My reply is more jaded and cynical than Mimi’s I bet.

I, too, am perhaps jaded. I don’t think this will help one bit. Calling upon international law, etc. is just “blah, blah, blah” to these guys. Even if a few say they won’t hit hospitals, which a few have, why should they be trusted, especially when they get a lucrative hit.

Also, there are hundreds upon hundreds of these gangs. Even if one gang found something and passed, another gang is sure to find the vulnerability. Lastly, most of these hits are automated bots. Once they find a vulnerability the ransomware process starts and the gang doesn’t know until they get a response from the ransomware victim. Sure they can give them the keys for zero dollars, but the ransom is a small portion of the damage and disruption that hurts everyone.

I offered to write a short blog on the topic. I did some quick research to confirm my stance. Sure enough, www.bleepingcomputer.com had good information as they always do. Bleeping Computer contacted several hacking groups and only two replied that they would attack hospitals or nursing homes. I can tell you for a fact that they have done so in the past two months, as Alvaka Networks has worked with affected healthcare providers.

One group replied –

“We never attacked hospitals, orphanages, nursing homes, charitable foundations, and we won’t. commercial pharmaceutical organizations are not suitable for this list; they are the only ones who benefit from the current pandemic.”

Perhaps the attackers were not this particular group, but I can assure you there were many ready to step in their place. By the way, they have been hitting charitable organizations, too. Unfortunately, they don’t care. It is the goal of ransomware hackers to inflict as much pain and suffering as they can. This way they get the maximum payout quickly from their victims.

Another hacking group replied with –

“We always try to avoid hospitals, nursing homes, if it’s some local gov – we always do not touch 911 (only occasionally is possible or due to missconfig in their network). Not only now.

If we do it by mistake – we’ll decrypt for free. But some companies usually try to represent themselves as something other: we have a development company that tried to be small real estate, had another company that tried to be a dog shelter. So if this happens we’ll do double, triple check before releasing decrypt for free to such things. But about pharma – they earn a lot of extra on panic nowadays, we have no wish to support them. While doctors do something, those guys earn.”

Again, I can personally testify that healthcare providers, local governments, and 911 systems are getting hit. We helped a 911 system in the Midwest just last week, but they try to pose as though they have an ethic. They will decrypt healthcare for free…I have not seen it happen yet for any one company. If those hackers sat in my seat and saw the pain, turmoil, and losses I have seen, they will realize that decrypting for free is the least of the pain inflicted. In a real-life story, we recently helped a small chain of non-profit clinics. The CIO contacted Alvaka for our help on a Tuesday. I spoke to him over the next couple of days asking him, “How are you doing… take a deep breath,” like I so often do as I could tell he was maxed stressed. He responded in a different stoic tone, “I am fine.” The following Friday one of his direct reports told me that the CIO was in a coma from a massive stroke he incurred the day before, on his birthday. This gets very personal…and sometimes deadly.

Another one promised only temporary safe harbor –

“We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with the virus.”

Another included schools as safe from ransomware, yet Alvaka is helping a school district recover after thousands of systems were attacked by ransomware demanding a multi-million dollar ransom.

If you want to be safe from ransomware, the time to start preparing is now. There are some basic steps you can take to improve your security posture and recoverability several-fold. Some of those tips are covered in Alvaka blogs and we also do webinars every month. If you want some tips to keep on hand in case you are hit by ransomware, check out our What to Expect During a Ransomware Recovery blog and/or What to expect during a Ransomware Recovery Process – Alvaka NetSecure Team video.

Here is the link to Mimi’s Reuters story – Red Cross urges halt to cyberattacks on healthcare sector amid COVID-19

Here is the Bleeping Computer article – Ransomware Gangs to Stop Attacking Health Orgs During Pandemic