back to article Here today, gone to Maui: That's your data captured by North Korean ransomware

For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday. Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Treasury Department issued a joint …

  1. M.V. Lipvig Bronze badge
    Holmes

    I wonder why

    the ransomware gangs haven't gone for the big enchilada and hit one of the major cloud providers yet. Considering who the big players are, it would probably be like sandblasting a soup cracker. Unless, perhaps they're waiting for some major players to follow Fedex into going all cloud. Imagine the uproar if some major trading houses went cloudy and the provider was locked up.

    1. Clausewitz4.0
      Devil

      Re: I wonder why

      QUOTE: hit one of the major cloud providers

      If you get to the core of a major cloud provider, source code for the tools or the orchestrating tools itself are a much more valuable target.

      It enables a shy business to deploy REDIS / NOSQL / MongoDB / etc clusters in an amazon-like-way, with a nice control panel - a shy business can potentially become a major player itself.

    2. Anonymous Coward
      Anonymous Coward

      Re: I wonder why

      If you go after the top level, they will (theoretically) be motivated to close vulnerabilities down.

      By going after lower hanging fruit, your choice of targets will never dry up.

      Personally I think the size of the attack surface and insecure-by-design OS features favoured (mandated?) by the NSA and MI6 is a major contributor. It is time to draw a line under and stop using them. Anything worth protecting deserves a proper OS with minimal attack surface - with the possibility to subject it to thorough testing. As opposed to the common-as-muck bloatware that is impossible to test every angle.

      Some moves in the software space to develop "safer-by-design" languages and compilers are welcome.

      Offloading data to clouds is trendy, in much the same way that Mainframe used to be the accepted computing paradigm. The inconveniences of mainframe apply to clouds also; and in fact are worse because you don't even control the hardware.

    3. Anonymous Coward
      Anonymous Coward

      Re: I wonder why

      Going after a single large player would bring a lot of heat.

      Going after many thousands of lesser targets is too complicated and convoluted to get a quickly investigated or flies under the radar so it's largely ignored.

      Same reasons phishing attacks purposely want those with a brain to ignore and delete and ripe targets to click the link, those who are caught out are so embarrassed they won't own up to it or too clueless to notice until it's all gone.

  2. Gene Cash Silver badge

    Name

    They should have called it "Lanai" after the island owned by the other ransomware operator.

  3. Mike 137 Silver badge

    "The initial access vector – the way these threat actors break into organizations – is not known"

    Yet another indication of poor information governance in the healthcare sector. At the very least, network logs should provide some indication. Oh, I forgot - one healthcare place I worked only kept logs for a week "because the disk is too small to keep them for any longer".

    1. Anonymous Coward
      Anonymous Coward

      Cyber security would identify the initial ingress route, not information governance.

      It's more likely an indication of poor understanding of their own infrastructure, lack of forensic capabilities or lack of engagement with third party security vendors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022