back to article This ransomware gang is a right Royal pain in the AES for healthcare orgs

Newish ransomware gang Royal has been spotted targeting the healthcare sector, the US Department of Health and Human Services (HHS) has said. The crew emerged this year, and follows the standard double extortionware playbook: it steals data from infected networks, encrypts those files, and then demands a fee to recover the …

  1. Anonymous Coward
    Anonymous Coward

    Once Upon A Time In America.....

    Quote: "...deleting all volume shadow copies to ensure victims can't easily recover their files...."

    Are "shadow copies" what passes for a backup these days? Has Iron Mountain gone out of business? I think we should be told!!

    1. Lil Endian

      Re: Once Upon A Time In America.....

      Who'd wanna copy The Shadow? It suuuucked!

  2. Version 1.0 Silver badge
    Alert

    We need a malware vaccine environment.

    Normally when healthcare services see infections then we take precautions, so would limiting all users access to websites be like making users wear a face-mask? And making everyone's PC run a full anti-virus check on the disks, every time they open an email while slowing network access down to 1200baud until they are seen as clean, be like getting a vaccine?

    Malware is just like a pandemic. It seems that we're a hell of a lot better handling pandemics than malware these days. Sure, all these suggestions would slow things down but we've already see that happen currently.

    1. doublelayer Silver badge

      Re: We need a malware vaccine environment.

      "would [...] making everyone's PC run a full anti-virus check on the disks, every time they open an email while slowing network access down to 1200baud until they are seen as clean, be like getting a vaccine?"

      No. It might be a good idea for secure environments with some modifications, but it doesn't make sense to use vaccines as an analogy. Vaccines are preventative. Antivirus is reactive. If we're getting very pedantic, the vaccines are causing the immune system to be reactive like the antivirus software would be, but your immune system, if functioning well, doesn't interrupt things until it's pretty sure the antigen is dangerous (those with allergies see that going wrong). My recommendation is that we proceed with cybersecurity recommendations but drop the analogy.

      As for checking every email and dropping the network until it scans clean, that would sometimes help, as would blocking infection vectors of many kinds. There are two general problems that come up. The first is that many organizations don't have admins capable of setting up and administering the systems, which is a bit tricky to fix en masse. The second is that a lot of these organizations operate in such a way that being too secure hampers their productivity. People who, for example, process many attached PDFs won't work as quickly if you take enough actions to be certain that no PDF-based malware is possible, and until you actually get infected, the bosses care more about speed and efficiency of the revenue-generating activities than the security risk described by people like me who are dismissed as paranoid. Those organizations that have admins capable of setting up a secure environment are frequently told that the recommendations are unnecessary and unproductive by people who have the ability to prevent their installation and who don't at all understand the risks.

  3. david1024

    If only

    If only there was a way to keep these sensitive records away from hackers. Oh yeah, paper. In my experience, a doctor in the examination room with me and a paper copy of my records... looks at it. What they don't do is reference my record while in the exam room when the records are digital. I have gotten into the habit of bringing my own paper copies... and they will look at those. Also, nurses that don't have a paper copy staring in their face to reference while they are actively doing things in the hospital room... make more mistakes and I can't see the doctor's orders to help back them up. They often have machines available in the rooms, but don't log into them. Or have a machine they carry with them, but don't use.

    At some point, we need to realize that the medical community doesn't really want computers and they suck at using them.

    1. Lil Endian

      Re: If only

      I agree.

      In defence of those "not using IT correctly", in my experience it's due to them being given tools that are not up to scratch, ie. the tech given to them is not what they needed, required or asked for. This, again in my experience, is down to the administration tiers in between techies and the staff on the ground. Be they in-house bean counters or PHBs, or external political/financial influences, they make decisions that inhibit appropriate IT getting to those that use the tools, resulting in a pile of doo doo that costs cash but is ineffective. How many backhanders to "brothers-in-law" for a contract that never had a chance...?

      Information tech is a solution to a given problem. Impediments between tech and solution are that parts that need cleansing.

    2. veti Silver badge

      Re: If only

      Oh yes, nothing ever goes wrong with paper. Floods and fires don't damage it, it never degrades over time or gets lost or misfiled, and it's always available right where you are. If you need to visit a doctor somewhere other than your usual office, no problem, just get the paper records sent over by a flock of carrier pigeons.

    3. NoneSuch Silver badge
      Boffin

      Re: If only

      "At some point, we need to realize that the medical community doesn't really want computers and they suck at using them."

      My doctor still insists on using fax for business comms. This new fangled "email" is a fad apparently.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like