back to article Your money or your life! Another hospital goes down to ransomware

Another US hospital has had its records scrambled by ransomware trying to extort money from the sawbones. This time: it's the Methodist Hospital in Kentucky that's been infected. "We've notified the FBI, we're dealing with federal authorities on how to deal with it," the hospital's chief operating officer David Park told local …

  1. jason 7

    Hmm the ransom...

    ...is probably less than one ibuprofen tablet in the US system.

    1. Nigel 11

      Re: Hmm the ransom...

      That's because Ibuprofen is prescription-only in the USA. Pop down to your USA pharmacy for OTC Naproxen instead. Naproxen is prescription-only in the UK. Care to guess where Ibuprofen and Naproxen were invented?

      1. jason 7

        Re: Hmm the ransom...

        No.

      2. David Neil

        Re: Hmm the ransom...

        No it's not, I bought some in a CVS in South Carolina last month

        1. tmTM

          Re: No it's not, I bought some in a CVS in South Carolina last month

          I bought some in CVS last time I was in New York.

      3. Valerion

        That's because Ibuprofen is prescription-only in the USA

        CVS, Walgreens, Walmart etc all sell it in packs of 500.

        1. Nigel 11

          Re: That's because Ibuprofen is prescription-only in the USA

          My knowledge is clearly out of date. So now it's just the UK refusing to sell Naproxen OTC. Ibuprofen was invented in the UK, Naproxen in the US.

        2. Bluto Nash
          WTF?

          Re: That's because Ibuprofen is prescription-only in the USA

          The Motrin(r) variation @ 400mg is prescription only in the US, but you can get 200mg tabs/caps/softgels OTC all day long and just double up. Go figure.

  2. a_yank_lurker

    Predictable

    Given the nature of hospitals with people going in and out all day and legitimate emails with attachments being sent to and fro they a prime target for attack. The surprising part is how long it took for crackers to attack.

  3. LaeMing

    Old saying may be appropriate...

    He who attacks a healer shall thereafter be denied healing.

    1. Aniya
      Meh

      Re: Old saying may be appropriate...

      Indeed. It takes a very special kind of scum to target a healthcare provider. We may not always agree with certain aspects of healthcare (cost being a common complaint) but what those scum are doing could very well result in them committing murder (I was going to say involuntary manslaughter, but what do you fucking expect when you attack a hospital).

      As it stands many hospitals and their staff are severely overworked and the additional time required to retrieve the files of a patient could very well lead to permanent disability or death.

      1. imanidiot Silver badge

        Re: Old saying may be appropriate...

        Find them, break their legs (possibly multiple times for effect), deny medical care until they pay their ransom.

    2. psychonaut

      Re: Old saying may be appropriate...

      naproxen kicks the arse out of ibuprofen. works wonders on my back....dont need ibuprofen anymore...

  4. Anonymous Coward
    Anonymous Coward

    Now that really sucks!

    You'd think God would have protected them!

    Must still be using 'Prayer 1.12', need to upgrade.

    1. Anonymous Coward
      Anonymous Coward

      Re: Now that really sucks!

      I've always wondered why Churches buy fire insurance.

      Maybe it's the large lightning conductors they place on their spires. But why are they cross-shaped?

      /evil

  5. CrossChris
    Linux

    And the moral is.......?

    Rule 1: Critical data? Don't use Windows.

    Rule 2: Always refer to Rule 1.

    When will people finally realise that Windows is a poor proprietary client for a Unix world? It might be OK for casual, domestic use, but it's certainly not suitable for any business situation at all.

    It could be argued that businesses of any kind get what they deserve if they use that vulnerable junk. That said, it's harder to get much lower than attacking a hospital!

    1. hplasm
      Coat

      Re: And the moral is.......?

      "That said, it's harder to get much lower than attacking a hospital!"

      As a Microsoft reseller? True, true...

    2. pPPPP

      Re: And the moral is.......?

      I'm not a Windows fan, far from it in fact, but what's your source for pinning the blame on Windows?

      1. Doctor Syntax Silver badge

        Re: And the moral is.......?

        "what's your source for pinning the blame on Windows?"

        I'm not sure what the OP had in mind but there are a few possibilities. One is the way Windows is normally set up to be "helpful" by hiding file name extensions so as not to confuse the users. As in confusing them into thinking that something labelled, for instance, invoice.jpg.exe might be harmful.

        Then there's the fact that Windows often seems to be run with the user as a local administrator so that anything they've been tricked into running has more privileges than it ought to have.

        Taken together those make Windows users more vulnerable than they should be. Add to this that, being the most widespread platform it's a major target but make no mistake, if Linux was common enough to be worthwhile it too would be targeted. In fact, malicious Javascript could attack any browser of client that doesn't run with scripts blocked. The dependence of the modern web on JS makes such blocking inconvenient but that's a different complaint.

        But Windows itself really isn't the problem.

        One problem is the nature of email: it's too easily forged. The From: line can say anything and there's no way of even attempting to check without the time and skill to delve into the headers, two resources which a busy office worker probably doesn't have. A big improvement would be an email system which requires signing so that the signature could be checked against the public key of the alleged sender and bounced if it failed.

        Another is that every operating system allows any program to write to any file based on user privileges only. If, for instance, only your office suite was allowed to write to word processor files and spreadsheets a random encryption program couldn't touch them (I exclude powerpoint files - encryption might be an improvement).

        A third is that file systems generally don't have separate permissions for deletion or versioning so it's possible for malware to delete the old file if it applies a new suffix to the encrypted file or to overwrite the old one if it doesn't.

        We need to design systems on the basis that they will be under attach - at present everything assumes well-intentioned and well-trained users in a benign environment. We're not there any more.

        1. Jimbo 6
          Facepalm

          Re: And the moral is.......?

          Definite upvote for "hiding file name extensions". It's the sort of 'helpfulness' that makes me start chewing my desk.

          See also : folder views defaulting to "Fisher-Price" style icons, like we're all still in fr'k'n kindergarten.

        2. Sven Coenye

          Re: And the moral is.......?

          The problem in this case is allowing executables to run out of user writable locations. Windows exacerbates that by having holes in areas that you think are locked down (e.g. inside the c:\windows branch). Linux is not going to save you from that either, but at least most client programs are not as braindead as their Windows counterparts in running stuff sight unseen.

          On Windows, we have switched to running executables out of whitelisted locations only in YAN attempt to harden the target. (And turned off runas, and require a local admin account to install things, ...)

          1. psychonaut

            Re: And the moral is.......?

            "Then there's the fact that Windows often seems to be run with the user as a local administrator so that anything they've been tricked into running has more privileges than it ought to have."

            only if your IT staff are fucking morons. even my home users dont get admin privildges in their day to day account.

            hiding file extentions....yes, fine i get it, but doris the 50 year old secretary doesnt and bnever will.

            if a file was called "imgoingtofuckyourcomputer.jpg.horriblevirus.exe" she would still open it.

            1. Doctor Syntax Silver badge

              Re: And the moral is.......?

              "iding file extentions....yes, fine i get it, but doris the 50 year old secretary doesnt and bnever will."

              That's another thing your IT dept needs to do: training. Include a little testing - like a phishing email that will check whether she's still falling for it.

              If she proves untrainable then maybe it's time to think of moving her somewhere where she can't damage things. The security of your business is worth more than your secretary's feelings, especially if it's a hospital where life & limb could be at stake.

              1. psychonaut

                Re: And the moral is.......?

                "If she proves untrainable then maybe it's time to think of moving her somewhere where she can't damage things. "

                people dont do this, especially in the small business world, doris has probably been there for 20 years, is the backbone of the company and is pretty much irreplaceable.

                Doris may even be the owner of the business.

                users do not care. they do not look at things like this. it gives them a headache. they just click stuff. its irrelevant what the file is called or if they can see the extension. it doesnt matter how many times you tell them to think about what they are doing. you cant train most of them because its all just a fuzz. as soon as they have to think about computers their brains just shut down. i get people who call me and iask them what make and model the computer is and they say "windows". its not like any other industry. if you asked someone what make their car is, they would either know or go and look at the badge on the back of the car and find out. with IT its different, they just go ....aaaargh i cant cope with it, id better say something.....err, is it an internet explorer?

                i had the owner of a medium sized accounting firm allow someone "who called from microsoft with an indian accent" remote her pc the other week. Shes clever, runs a business with 15 emplyees,is a highly qualified accountant, built her company from scratch and she still let them onto her machine. luckily she called me whilst the call was going on, and nothing really bad happened.

                1. Triggerfish

                  Re: And the moral is.......?

                  Oh god this. I don't know why people go blind with PC's worked with some highly intelligent people, I have seen someone build a carding machine for a new type of fibre, out of seeming scrap left over in the factory, with a few notes written on the back of a fag packet. I've worked for multi-millionaires who earnt it all starting from the bottom, PHD researchers, etc show them a computer and they instantly become dumb as rocks, it's almost willfull blindness you cannot even explain it to people they just have an almost aversion to hearing anything techy about PC's doesn't even matter how simply you explain it. I swear there must be something Psychogical about it.

        3. Vic

          Re: And the moral is.......?

          Another is that every operating system allows any program to write to any file based on user privileges only. If, for instance, only your office suite was allowed to write to word processor files and spreadsheets a random encryption program couldn't touch them

          SELinux provides exactly that protection...

          Vic.

          1. psychonaut

            Re: And the moral is.......?

            yes, but does it run all the sage software? if not then no use to my accountancy practice customer.

            all the cloud offerings for accounts software (xero excepted maybe) are shit. all the accountants use sage anyway ( or quickbooks maybe). this maybe changing slowly. but for now the accountancy practices use sage. no windows, no business for the accountants. if you dont use what your accountant does, then your end user business cant do accounts. no win again.

            i mean sage is a piece of crap anyway (try getting it to run properly/speedily on a network...the only real way is to use terminal services for any more than users > 1)

            thats the problem.

            1. psychonaut

              Re: And the moral is.......?

              and by "all the sage software" i mean about 6 or 7 different products. payroll, accounts, corp tax, p11d etc etc.

              most of those barely run on windows.

    3. Halfmad

      Re: And the moral is.......?

      Whilst I agree with the idea of not using Windows, what alternatives do we have that are both friendly for the end user and common knowledge to IT analysts/engineers/tech (whatever they're called this week) ?

      None.

      Oh yeah I get it - Linux is great, hell I use it at home but 95% of my IT staff have never, ever used it outside of booting off a live linux CD to remover files from a borked HDD.

      Blaming Windows is pointless, the bigger issue is management not pushing staff towards alternate operating systems, without staff to support it, we can't make the change even if we got all our users on side.

  6. David Roberts
    Windows

    Sigh. Windows vs Linux again.

    I'm struggling with this at the moment.

    I've bought a new HP colour laser printer (Ethernet connected) and I'm trying to get it to work with Mint.

    Despite the support being added to the generic HP printer support software the version in Mint is two releases behind. Denied that there was an HP printer on the network.

    I've hand upgraded to the latest version via the command line complete with warnings that my version of Mint is not on the suported list so it may not work. The software now admits that there is a printer there, but can't print to it. I will soldier on because it is a challenge.

    [Note that I had the same issue with an older version of Ubuntu I played with briefly before wiping, so it is not a problem specific to Mint.]

    Under Windows (7 and 8.1) IT JUST FUCKING WORKS!!!

    Now I don't hold evangelistic views over which OS is better, more moral etc. but until you can take common hardware and just have it work with Linux then most large organisations are likely to opt for Windows because it is the first (and often only) OS that equipment suppliers implement against.

    I am a long term Unix and Linux user and it is a good choice for many implementations.

    However Linux will never become a leader on the home user desktop unless/until GUI based support for consumer hardware is supplied at the time of hardware launch.

    It will never take over in complex environments like hospitals until manufacturers of specialist equipment include Linux support. Which may never happen given that some kit won't even work with Windows later than XP.

    Now thoroughly depressed.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sigh. Windows vs Linux again.

      May be HP. Work got no response from a HP printer over the Windows network. However, I am no expert with Networks. If it's not a cable connection, I doubt it will print (seen too many conflicts with poor ISP routers/modems and poor wifi printers).

    2. jason 7

      Re: Sigh. Windows vs Linux again.

      If I decided to switch my 200 user company over to Linux....where do I get professional hands on service and support for users and infrastructure? I know half a dozen local companies that can do Windows till the cows come home.

      Linux...not so much.

      1. Doctor Syntax Silver badge

        Re: Sigh. Windows vs Linux again.

        "If I decided to switch my 200 user company over to Linux....where do I get professional hands on service and support for users and infrastructure?"

        How should we know, we don't even know where you live? But you could start by looking. You could well find that there are half a dozen local Unix freelancers who are looking for the opportunity to add another line of business. Maybe some of them are even reading these comments.

    3. Doctor Syntax Silver badge

      Re: Sigh. Windows vs Linux again.

      "I've bought a new HP colour laser printer (Ethernet connected) and I'm trying to get it to work with Mint."

      It's just the old device/ driver/OS issue. It can affect any OS. I've never had problems with Linux and HP. OTOH when I tried the preview of W10 it wouldn't recognise the HP printer I've been using for years. It's more the attitudes of the device manufacturers than anything else.

      1. psychonaut

        Re: Sigh. Windows vs Linux again.

        your problem is not linux or windows. its HP.

        never buy a HP printer.

        1. jason 7

          Re: Sigh. Windows vs Linux again.

          Now you see I'd say never buy a Brother printer.

          I'm sure someone else will say Lexmark...Canon...Oki...

          1. psychonaut

            Re: Sigh. Windows vs Linux again.

            lexmark...jesus christ, no way.

            hp - 10 years ago, yes, dont buy anything else.

            since then they seem to have been on a mission to cram as much shit as possible into their drivers. some of the printer install drivers are 300mb. for a fucking printer driver. it can take over half an hour to remove and reinstall a failing hp printer driver, and they fail quite a lot, particularly the network ones.

            i rarely see problems with canon.

            oki produce some amazing colour led laser printers for £150 ish with a free 3 year next day onsite warranty, i have to say they are fantastic and cheap to run - ive been recommending them to my customers by the boatload

            1. Mark Exclamation
              Headmaster

              Re: Sigh. Windows vs Linux again.

              Just wondering if you need a new keyboard? Your shift key doesn't seem to work!

          2. Bluto Nash

            Re: Sigh. Windows vs Linux again.

            As relatively n00b Mint user (still working on the transition), I was able to muddle through Brother's installation instructions for my recent wired network MFP purchase without too much trouble. Works fine. As did the HP 4600 it replaced, but that's older hardware, so there's that. It would be really, REALLY nice if manufacturers would actually acknowledge that there are other machines aside from Windows and put together support for a generic Linux installation for their devices. Brother's a step ahead on that front IMO - at least they provide something, so hopefully others will follow suit.

  7. Palpy

    OSes in the business-critical enviro?

    It seems I've read that most ransomware attacks are initiated through phishing campaigns, using infected email attachments. Often MS Office files with malicious VBA?

    As a casual observer, it would seem that configuring most workstations able to access email and the Internets as hardened Linux or BSD machines would raise the bar for hackers. I run Qubes on my travel laptop, and the OS makes installing guest OSes to virtual machines relatively painless. Starting them and running applications is easier than finding line-spacing defaults on the MS Word ribbon.

    I suppose I think about the future this way: Yes, it will require effort from IT staff and network admins to transition to and maintain a more hardened system. Does it require more effort than periodically -- or continually -- recovering Windows machines borked by a dodgy download or a drive-by script? More effort than trying to train harried and overworked nurse practitioners (for example) to become IT-aware enough to avoid the email from Dr. Slicer because it includes a "patient update" and runs a VBA macro? Or to access the Interwebs with Javascript disabled because the Pfizer drug reference site may have been compromised?

    Sure you run Windows where it's needed. Either on a carefully isolated machine, or inside a restricted virtual environment.

    I don't know that, in the long run, using incrementally-implemented increases in security along with reactive anti-malware techniques are going to stay ahead of the innovative criminal community. OK, well, obviously not. Those techniques are failing already.

    Wouldn't tickle my surprise-buttons at all if many more providers started offering non-Windows systems off the shelf -- see the Purism laptop https://puri.sm/ for example. (Too spendy for me, I use a second-hand Thinkpad for Qubes).

    And a final dumb thought -- the way to co-evolve a predator-prey system is to make incremental changes. That's how you end up with super-predators. The way to circumvent that co-evolution is to make radical changes. Raise the bar radically. Rather than "OK, now all we have to do is figure out how to sneak the VBA past the filter, and then we're into their network" we make it "OK, now VBA won't run on the OS they're using for email; and we're also stuck in a VM that can't access anything outside its own local filesystem; and how the hell do you get to root, because it's protected from the VM. Etc.

    Just some random rambling. Please do tear it apart, I look forward to learning new things.

    1. Doctor Syntax Silver badge

      Re: OSes in the business-critical enviro?

      "Starting them and running applications is easier than finding line-spacing defaults on the MS Word ribbon."

      As bad as that?

      1. Palpy

        Re: Dr. Syntax... yes, well

        Maybe I should have written "much, much, much easier"?

        Odd thing, though, you know, people have opposing perceptions of easy. Some office guys I know would say, "Jesus, it's easy -- you just click the 'format' menu, find the 'runcible text' option, hold down ctrl-T and press F4! There you go! Now that's superscript. Subscript is different." But the same guy would say "I have to click on the VM icon and choose 'start VM' -- EVERY time I want to start the VM? Arf that! Could you make it any more difficult for me to get work done? You BARSTID and your wretched security-oriented system!!"

        C'est la vie d'aujourd'hui.

  8. Zebo-the-Fat

    Confused!

    Am I missing something here?

    The bad guys scramble your PC and demand a ransom to fix it, so just re format, re install and restore from your off site backup (if you don't have that you shouldn't be running a business in the first place)

  9. Steve Button Silver badge

    Wanker on TWiT

    Love how you got wanker and bollocks into twit this week.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like