Hollywood Hospital Becomes Ransomware Victim

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
To be honest, I'm actually kind of surprised stuff like this doesn't happen more often than it does. Knowing that this happened in Hollywood, you can bet there will be a movie or TV show made about the whole incident. :(

An unnamed doctor at the hospital said that the system was hacked and "held for ransom," which suggests ransomware was put into play. This particular breed of malware, usually spread through phishing campaigns and malicious downloads, installs itself on victim machines in order to encrypt system files.
 
All of the software in the world can't fix pebkac. The best network security is still training, but so many people still think a computer of any kind is powered by eye of newt and unicorn shit.
 
I'm going to guess they have un-patched systems and no shortage of employees who open emails that say "a new fax has arrived, please unzip and run"
 
It happens a lot still...

Most companies just retrieve files from backup.
 
Ransomeware is only a minor inconvenience if you're doing your job right...

If you secure your network, i.e. "don't let your users have write permissions to anything beyond their home folders" and have a working backup solution, Ransomware becomes a moot point.

At the first sign of ransomware, our company implemented an Archival backup plan to keep ~3 years of backups (onsite) via several secured NAS storage devices. That way, if company files become corrupted by Ransomware and go unnoticed, we will still have the ability to recover them from an old backup. The backups have also come in handy for a few other things.
 
I had ransomware try to encrypt my HDD but I run with a limited user account in Win8.1 so all it was able to do was change my homepage. I did install CryptoPrevent after that though, and of course this happened when browsing for porn sites but I'm not going to stop doing that anyway.
 
OregonLAN said:
Ransomeware is only a minor inconvenience if you're doing your job right...

If you secure your network, i.e. "don't let your users have write permissions to anything beyond their home folders" and have a working backup solution, Ransomware becomes a moot point.

At the first sign of ransomware, our company implemented an Archival backup plan to keep ~3 years of backups (onsite) via several secured NAS storage devices. That way, if company files become corrupted by Ransomware and go unnoticed, we will still have the ability to recover them from an old backup. The backups have also come in handy for a few other things.
Click to expand...

Yeah but in the real world of many small businesses that don't have a IT team on hand to monitor and more importantly enforce, you sometimes just have to do the best you can.

I personally wouldn't risk have connected secure NAS backups if you are truly wanting to be secure from ransomeware. I'd have at least a weekly tape stored away somewhere. That would cover most of my small business folks fine.
 
Tape? I stopped using tape back in the 90s, very slow and unreliable. Now I use AOMEI free backup and an external HDD.
 
dandirk said:
It happens a lot still...

Most companies just retrieve files from backup.
Click to expand...

This...

We got hit with this one time, and once I tracked down and cleaned the users laptop, I just restored the network folder that was encrypted.
 
rezerekted said:
Tape? I stopped using tape back in the 90s, very slow and unreliable. Now I use AOMEI free backup and an external HDD.
Click to expand...

Slow and unreliable? You must not have used any higher end tape drives, or you must not have much to backup.

If your backup can fit on a single drive, then an external USB drive makes sense. (hopefully you have more than one and keep one off-site)

For many businesses it's a different story.

I currently use an LTO-6 drive (in a 24 tape changer). Native write speed is 160MB/sec. They just released LTO-7 drives that write at 300MB/sec. You can double those numbers with compression. I don't know of any USB drives that can come close to that speed.

Plus, LTO-6 stores 2.5TB (5TB with compression) and LTO-7 is 6TB (12TB with compression)

I'm currently backing up over 20TB at both offices I support (20TB each office), I'd really hate to try an manage multiple backups of 20TB with USB drives.
 
OregonLAN said:
Ransomeware is only a minor inconvenience if you're doing your job right...

If you secure your network, i.e. "don't let your users have write permissions to anything beyond their home folders" and have a working backup solution, Ransomware becomes a moot point.

At the first sign of ransomware, our company implemented an Archival backup plan to keep ~3 years of backups (onsite) via several secured NAS storage devices. That way, if company files become corrupted by Ransomware and go unnoticed, we will still have the ability to recover them from an old backup. The backups have also come in handy for a few other things.
Click to expand...

You make a pretty big assumption that the ransomware can't escalate privileges. Many hospitals use ancient systems especially in the embedded role.
 
Tapes are bad! They are slow and very unreliable. At the very least, get yourself a couple removable HDDs and use VeriCrypt to encrypt them for offline backups.

FWIW, Our SANs are completely isolated from the domain/network using encryption and VLANs. Only a single VM, with special permissions and limited domain access, has the ability to connect to the SAN and create backups on it; that's the sole purpose of the VM. Unless a virus was custom tailored for our environment, it would be virtually impossible for any "generic" virus to replicate onto our SANs from a user's computer.
 
B00nie said:
You make a pretty big assumption that the ransomware can't escalate privileges. Many hospitals use ancient systems especially in the embedded role.
Click to expand...

Even if the virus managed to escalate itself to a "Domain Administrator", it would still be unable to connect to the SAN and replicate itself.
 
drescherjm said:
Does not work well when your dataset is 50TB+.
Click to expand...

I was quoting the poster that's using a consumer grade tape device to backup his system because he can't afford an IT staff. If your company needs to backup TBs of data every night for off-site storage, you probably have enterprise grade equipment with deduplication and an IT staff. I use to work in the data center for HP, we had teams of people employed (from outsource companies) to manage our backups.
 
nutzo said:
Slow and unreliable? You must not have used any higher end tape drives, or you must not have much to backup.

If your backup can fit on a single drive, then an external USB drive makes sense. (hopefully you have more than one and keep one off-site)

For many businesses it's a different story.

I currently use an LTO-6 drive (in a 24 tape changer). Native write speed is 160MB/sec. They just released LTO-7 drives that write at 300MB/sec. You can double those numbers with compression. I don't know of any USB drives that can come close to that speed.

Plus, LTO-6 stores 2.5TB (5TB with compression) and LTO-7 is 6TB (12TB with compression)

I'm currently backing up over 20TB at both offices I support (20TB each office), I'd really hate to try an manage multiple backups of 20TB with USB drives.
Click to expand...

My experience with LTO drives was that they had the reliability of a Yugo. And they cost a shitload of money to replace. In addition, your tape format becomes obsolete and unreadable by newer tape drives in only a few years. The fact that tape drives all require SCSI or SAS because tape drive manufacturers have apparently never discovered USB 3.0/3.1 doesn't help in the cost department (and it makes it very difficult to restore anything on the go).
 
Twisted Kidney said:
All of the software in the world can't fix pebkac. The best network security is still training, but so many people still think a computer of any kind is powered by eye of newt and unicorn shit.
Click to expand...

This... Really I also just find reminding people to think.

User: "Well I thought it said it was a shipping receipt from FedEx"
Me: "Well billing isn't the shipping department..."
User: "Ohhhhhhhhh... Yeah, that makes sense."

Even just those silly, simple exchanges have helped out so much. User at least will write an email now saying, "Hey, I got an email which is weird can you take a look?" So much easier than me sprinting across the office and tearing the network cable out of the pc.
 
damicatz said:
My experience with LTO drives was that they had the reliability of a Yugo. And they cost a shitload of money to replace.
Click to expand...

At work I have had a single LTO tape fail out of 200 plus with my older tapes purchased in 2006 along with my Exabyte Magnum 224 with dual LTO2 drives (I am trying to get a budget to replace that with a single LTO7 drive). Neither of the drives or the changer have failed either out of the 37156 backup jobs run.
 
OregonLAN said:
I was quoting the poster that's using a consumer grade tape device to backup his system because he can't afford an IT staff. If your company needs to backup TBs of data every night for off-site storage, you probably have enterprise grade equipment with deduplication and an IT staff. I use to work in the data center for HP, we had teams of people employed (from outsource companies) to manage our backups.
Click to expand...

Understood. For small backups multiple hard drives will be more economical and practical.
 
damicatz said:
My experience with LTO drives was that they had the reliability of a Yugo. And they cost a shitload of money to replace. In addition, your tape format becomes obsolete and unreadable by newer tape drives in only a few years. The fact that tape drives all require SCSI or SAS because tape drive manufacturers have apparently never discovered USB 3.0/3.1 doesn't help in the cost department (and it makes it very difficult to restore anything on the go).
Click to expand...

I've been using Dell/IBM LTO Drives, and they have been very reliable, just need an occasional cleaning.

As for backwards compatibility, LTO allow reads from 2 generations back.
I started with LTO-3 (400GB), and once the weekly backups grew to 12 tapes, we upgraded to LTO-6 (2.5TB). By this point the LTO-3 Drive was several years old, so needed to be replaced anyways. We don't have any long term archive needs, so no need for the old drive/tapes after a few months.
I'll probably look at an LTO-8 or LTO-9 once I need to backup over 50TB. I'll also need to upgrade to 10GB Ethernet too :)


As for USB 3.0, my servers only have USB 2 ports. Considering the cost of the drive and the 24 tape changer, the cost of a SAS card doesn't add that much.
 
We have run into this a few times, We ended up using Applocker(Enterprise PCs) and SRP (Pro PCs) to prevent un-authorized apps from running out of the user folders.
 
You must log in or register to reply here.
Back
Top