Announcement

**ursus arctos** · 04-08-2021, 19:08

Has been a plague in the US for some time

**KingsburySaint** · 04-08-2021, 19:13

The Scottish Environment Protection Agency is only just getting back on track having been attacked last Christmas Eve. They lost everything bar thier website at one point. They were largely uncontactable until about March

**ursus arctos** · 04-08-2021, 19:21

There have been a number of horrifying stories coming out of hospitals

92 individual ransomware attacks on healthcare organizations – a 60 percent increase from 2019
Over 600 separate hospitals, clinics, and organizations potentially affected (plus a further 100 in the Blackbaud attack)
18,069,012 individual patients/records affected – a 470 percent increase from 2019
Almost 50% of Maine’s population was impacted by ransomware attacks in 2020
Ransomware amounts varied from $300,000 to $1.14m
Downtime varied from minimal impact due to frequent data backups to weeks or months of paper-only systems. One healthcare organization even lost all of the patient records involved in its attack
Based on the average ransom demand in 2020 being $169,446 (according to the average across all of the quarterly reports from Coveware data), hackers demanded an estimated $15.6m in ransoms
Hackers received at least $2,112,744 in ransom payments (plus the undisclosed amount paid by Blackbaud and several other attacks)
The overall cost of these attacks is estimated at around $20.8 billion

.

**Stumpy Pepys** · 04-08-2021, 19:26

A lot of UK hospitals who were attacked in the last few years were still running Windows XP.

**Snake Plissken** · 04-08-2021, 21:07

Yes, this is largely a case of underinvestment chickens coming home to roost. I have little doubt that it is largely deliberate in the case of Government.

The problem is that, fundamentally, just about every organisation is based on it's IT first and foremost (as an example, what is an airline except an IT company that decides to shuttle planes about, or a supermarket is an IT company that decides how many apples it wants to put somewhere that day) but very few of them recognise it as such until too late.

**Lang Spoon** · 04-08-2021, 21:31

The HSE in Ireland is still limping back to operational effectiveness after being completely fucked by a ransomware attack earlier in the summer. Having learnt nothing from attacks on NHS hospitals, there was almost no investment in security, cos IT security ain't sexy and doesn't Save Lives in a "Minister opens new ward" type headline generating way. Also almost their entire infrastructure was on prem with no network segmentation. Every single hospital, all administration staff banjaxed. For weeks, and still their mail doesn't have DMARC back on.

Top Genius CEO Paul Reid had previously decided any cloud migration or duplication of data or services was "too risky". One of the few parts of the HSE that remained unaffected was the vaccination portal, which is of course cloud hosted. So wot Snake said.

**ursus arctos** · 06-08-2021, 01:53

https://twitter.com/shanvav/status/1423450268537032714?s=21

**Snake Plissken** · 06-08-2021, 07:59

If there were gangs roaming around the country in Transit vans physically going after banks, hospitals and council offices there would be police manhunts all over the place. This just gets shrugged off.

**Lang Spoon** · 06-08-2021, 08:03

The head of the National Cyber Security Centre in Ireland gets the same pay as the long service end of the scale for the lowest rung of senior management in the civil service. Private sector Head of Security equivalents would be getting paid multiples of 80k. Unsurprisingly, the position remains vacant.

**Snake Plissken** · 06-08-2021, 08:59

Meanwhile Russia, China and North Korea just walk through open doors.

Announcement

Ransomware in Hackney (and anywhere else)

Ransomware in Hackney (and anywhere else)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment