Uncle Sam urges action after Black Basta ransomware infects Ascension US information security agencies have published advisories on how to detect and thwart the Black Basta ransomware gang – after the crew claimed responsibility for the recent attack on US healthcare provider Ascension. Both CISA and Health-ISAC shared bulletins on Black Basta within hours of El Reg sources saying ransomware was …
Seld-defence, in the form of offensive action (reactively or proactively) is an acceptable response in law.
How long before coerporations realise that and conduct offensive operations. Or before Uncle Sam decides that a Helfire ATGM is a proportional level of response, to an attack that can cripple CNI...
Anonymous to protect the sources.
In the US, that's untrue. Unfortunately.
I've had the honor of working with some of the best incident response people in the US, and I've been told most "advanced" cyber criminals are NOT very good at security themselves, and counter-attacks were not only possible, but trivial. The problem is -- and this is from the company lawyers -- counter-attacks were clearly illegal under US law.
That's not entirely out of line with other "self defense" laws in the US. Response has to be proportional to the attack. You can't shoot someone for stealing a package off your porch. You can't even shoot someone if they steal your car without providing a credible indication that your life is at risk. If you can stop an attacker with less than deadly force, you must do that, and your property loss is less important than the perpetrator's life (i.e., in many jurisdictions, you basically can't stop a non-violent theft). Unfortunately, a cyber attack -- if spotted -- is easy to stop real-time, so a counter-attack is very difficult to legally justify. After-the-fact retaliation is even harder to defend. Unfortunately.
Personally,... I'm of the opinion that the C-levels who implement policies that enable and encourage cyber attacks should be fed through the same meat grinder (slowly) as the attackers.
I happen to know that Ascension Health Care had Windows 2012 servers (out of support, and thus unpatched, for over a year) still in production as recently as April. So as much as I despise the attackers...it's like walking around with big denomination bills hanging out of your pocket and being shocked you were mugged.
Ascension is a huge organization made by (poorly) mashing together a bunch of other big organizations. They have a lot of poorly managed and redundant systems -- they've been particularly bad about actually consolidating their IT operations among all their acquisitions, they just keep running systems in parallel (that is based on reports from people I know who work for Ascension). I suspect they don't spend money maintaining old systems because they will "soon" be eliminated, but they aren't succeeding in actually consolidating these disparate systems into one maintainable system (this is speculation on my part based on seeing how things happen, and working for a similar mess of a company created by combining multiple poorly run companies into a big poorly run company).
Nothing surprising about this attack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
