Hacker News new | ask | show | jobs
by throwawaypolicy 2056 days ago
Why hospitals? They have lots of money (same as any big organization) and a very good reason to pay up. It would be far from the first time a hospital was attacked. It wouldn't even by the first time it directly resulted in a death [0]. Unfortunately ransomware operators aren't very ethical.

Considering the timing it could also be geopolitical unfortunately, people dying from a ransomware attack could substantially raise the general tension level in the US.

Lots of high value malware is actually targeted. Things like running phishing campaigns to try and steal credentials from someone inside the institution.

It's substantially less likely, especially if you don't buy the geopolitics angle, but potentially these criminals even have some unpatched vulnerability in a common deployed piece of software, which would allow them to skip the phishing part entirely.

[0] https://www.zdnet.com/article/first-death-reported-following...

Disclaimer: The company I work for is involved in detecting ransomware as a side business.
2 comments
vmception 2056 days ago
I'm not experiencing any surprise that the hospitals are attacked, I know that happens, I am experiencing surprise at three government agencies hanging out in a chatroom where hackers are credibly discussing attacking a bunch of hospitals with ransomware.

My understanding is that the ransomware operators just take a look at computers that are infected, and then negotiate based on who they appear to be.

link
throwawaypolicy 2056 days ago
I get the impression you're taking what you know of attacks against consumers, and just assuming that attacks against large organizations work the same way. They (generally) don't.

With a consumer attack it's get execution on a computer, encrypt some files, and ransom them back. This might earn a few hundred dollars per computer, and isn't worth putting a whole lot of effort into any individual.

At a corporate level it's get some level of access, use that access to get control of a whole lot more access - and also to get control of servers that actually matter instead of users workstations that mostly don't. Maybe try and delete the backups, often exfiltrate a bunch of data, then encrypt things. If you exfiltrated the data the ransom potentially includes not just the offer to decrypt things but also a promise not to distribute the exfiltrated data.

This is all reasonably high touch "work". They've got to figure out how to move laterally inside that specific companies network. They've need to figure out what data is actually important (especially if the goal is to sell it). And so on. Unfortunately it appears to pay well enough to justify the effort. Companies are routinely paying millions of dollars in ransom.

I don't have stats to back this up (internal or otherwise), but my impression is that most successful attacks against enterprise targets are phishing attacks targeting employees to steal credentials.

link
vmception 2056 days ago
Thanks that is insightful
link
anthony_romeo 2056 days ago
> It would be far from the first time a hospital was attacked. It wouldn't even by the first time it directly resulted in a death [0]

Just pointing out that this is a little misleading. The link you're referencing refers to the first ever reported hospital death related to a hospital's ransomware attack, and this article was from just a month ago (I remember, I read it on Hacker News too). But the juxtaposition of these sentences might suggest that death-by-ransomware-in-hospitals has been a common occurrence for quite some time.

link
throwawaypolicy 2055 days ago
It was certainly not my intent to mislead with that, I apologize if it was less than clear.
link