Ransomware shutting down vital services -- what's the solution?

Curious, why unfortunately? As a user I don’t like using web-based apps. Have to wait for pages to load, lack of hot keys, and they tend to break under heavy load.

[quote=“Calelari, post:20, topic:143954, full:true”]

Exactly the plot of a Unit 42 episode I watched just last week.

From an end user point of view, locally installed apps are better - they are faster and react better to load, among a long list of other features. But when it comes to having to manage said software, I like it when it’s just a web URL I put a shortcut on someone’s desktop. :)

I have a friend who does all the IT work for several dentists and one of his sites got hit last week with ransomware. His entire back-end is all Linux and if it wasn’t for the hourly backups he does that all save to different systems, he would have been hosed.

Reading up on it, he said the entry point is always people clicking on something that infects their computer and then it installs keyloggers / watching programs and the intruders use this information to get to the back-ends.

So, no amount of IT is going to stop stupid people from clicking on links that display a prompt saying “This is Microsoft, your computer is slow, let us fix it by clicking this button”.

My previous required me to handle emails from partners from all around the world. Tens of thousands of them. A massive percentage of which English was a second language. As you can imagine, the quality of the English was all over the place.

And then IT would send me those test emails to see if I was stupid enough to click on the link. But the problem is that I often had to deal with actual emails just like that from actual partners.

I always failed, and I wanted to explain to IT that it’s a hopeless task.

I always made sure my system was always up to date on patches, including my browser. All you can really do is keep your system fully patched and your antivirus/antimalware shields at maximum.

Killing cryptocurrency makes ransomware infeasible again. Not sure if there’s the appetite for that though.

That’s an interesting approach. If the exchanges were shut down by banking regulators, crypto currency would be worthless.

I hate those tests too. I’d like to see some data to see if they actually lead to positive results or if it’s like our password mess, where someone, years ago, came up with an idea and the end result created a worse problem than it solved.

Nope.

Oh good, we’re still doing this crap after information from 1999, 99!, suggested it does more harm than good. Whelp I guess I’ll just file this into the horrific password situation we’re still in even after, after the people responsible for it basically apologized for inflicting that into the world. Fortunately we are 2 stepping it for the most part; it’s the vendors that still suck.

I’ll talk about this option a bit bit in a more generalized way, not just healthcare related. There are multiple things at play. General employees, high-technical level employees, consultants, partners, C-level employees, dealers, visitors/guests, etc.

As an example (and because we just went through this exercise,) just one -segment- of the company I work for did an application review. That covers about 8000 employees out of a 60K plus employee organization. For that segment, there were over 75 MAJOR applications, and over 100 minor applications, spread between hosted internally at specific locations, hosted in company owned or leased datacenters, shared datacenters, multiple cloud hosting environments, and software as a service offerings. Not counted were any number of single use or ill-defined internet use applications.

To any other option to move to, the problem is: the platform isn’t there yet. It is what it is. We can talk trash about windows, or talk up OSX or Chrome OS or Linux variants, etc. But the problem is that with even the best of those offerings, we could cover about 1/2 to 3/4 of the application list. And then the answer to that is, “well we can just develop our own or look at a different solution for that app.” And every time that happens, thousands, tens of thousands, hundreds of thousands and even millions of dollars need to flow out the door to remedy it. It is a staggering cost and very quickly kicked to the curb by management and directors looking to maximize returns.

It doesn’t mean it couldn’t be done, it just means that large organizations are averse to major change, especially costly change for IT. For smaller, newer, and technically agile companies, it’s a no brainer.

But why not lock things down? Even when you do, ransomware finds a way. I’ll give you two very real examples.

A high level consultant working on manufacturing systems was able to get cleared to use his own laptop because it had the vendor developed tools on it to make adjustments to the systems we use. We put him on a fairly locked down development environment. Didn’t matter, eventually he plugs in to something using an old system’s network cable, one that couldn’t be locked down with newer tools, and boom, now the crap he had that wasn’t profiled or hip checked jumped a layer into the organization and we have a small and thankfully small impact ransomware issue. Ouch.

Next we have a guy working in Europe. All day long all he does is handle shipping and customs. Every shipping vendor, every method of transportation. He has access to multiple systems to update shipping notifications, pull forms needed from various regions, etc. He gets a email that looks familiar: shipping notice from one of the vendors he works with all the time. It was, of course, a click through infecting him with a zero day ransomware that wasn’t blocked. Heuristics caught some of it and block things, but not before he infected and locked file systems across three different regions, requiring a multi-day restoration of data from backup for many internal systems. Oops.

It’s hard. We have really good systems and security to help with this. It’s still hard. Companies that are much higher up the food chain than we are also struggle with this.

I can tell you this, I only WISH it were as easy as just, “use Chromebooks and cloud services.”

EDIT: If I sound weary and bitter @antlers it isn’t at you or your question. It’s that this stuff is tiring and hard for IT to handle and every day there seems to be 3 new things to worry about. It’s going back and forth to the execs and saying, “we don’t have a good answer,” or, “this is going to cost XXXXXX initially and XXXXX yearly going forward and we -think- it will help.” I feel like I’m in a counseling session. Some days I want to scream about it.

We have two step auth at school. It’s all fine and dandy until you’re in a hurry and your phone is drained of juice (or lost) and you have to babysit the damned thing (or buy a new phone). The reliance on a separate physical device is what makes it work, but is also its bane.

Yeah if i lose my phone, in any variety of ways a phone can wind up not working, I will have probably at least one forced day off until they can overnight me another one. It’s a trade-off for sure.

Also, I’ve been using LastPass on my desktop PC a lot, but it is a serious PITA on a phone. I mean, you’re supposed to have a super long and complex password to secure the app, but goddamn these smartphone keyboards!

(AFAIK, LastPass cannot use the fingerprint reader.)

It can, but it still forces you to re-up via password every so often. Which makes it still a huge pain in the ass.