Technology

59174 readers

3103 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

North Korean charged in ransomware attacks on US hospitals. (www.voanews.com)

submitted 3 months ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 3 months ago* (last edited 3 months ago) (1 children)

They paid and they got their data back. These hackers have a large incentive to return the data otherwise nobody would pay. I feel like $100k is a pretty decent price especially relative to the massive grift in health care/insurance.

Sure, they should have backups and great security and whatnot. But clearly they don't.

Why pay for security when an insurance CEO can get a massive bonus instead?

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago)

Sure, they'll return the data, but why wouldn't they keep a copy? It's not like there's any way to prove that it's not copied. So they could get a $100k payday from the victim, plus whatever they can get on the black market. They'll probably split up the data so it's not as obvious where it came from (don't want to scare away the next victim).

Any data that's ransomed should be assumed to be available to attackers. That means the first people they should contact are the police, because until they pay the ransom, the attackers probably won't leak it (that would reduce the chance that you'd pay the ransom). There's usually a time limit, but they could probably stall until the police get involved. If the police can catch them, there's a chance they could protect their customers from having their private medical data from being sold.

I get it, breaches happen, but there's no excuse for not having off-site backups. 1TB at Backblaze B2 costs $6/month, so assuming that's enough (it probably is), $100k could pay for over 1000 years of backups... And it's probably something they could pay a contractor once to set up and then largely forget about it until they need it. Or if you use AWS, just turn on backups there, it'll probably cost a little more, but it'll be way easier.

The process of should be:

get threatening ransom notice
call the police
patch the leak and restore from backup onto a new machine (can even hire a contractor to do it in <1 week)
delay the ransom person ("I need time to get the money together...")
repeat 4 while operating business as usual as long as you can to buy the police time

Your data will probably get leaked on the dark web regardless, so just accept that at step 1.