Blog / Ransomware meets WikiLeaks!
RANSOMWARE MEETS WIKILEAKS: ONTARIO HEALTHCARE PROVIDER ATTACKED BY RANSOMWARE; HACKERS GO PUBLIC!!
It was bound to happen sooner or later – the Cyber Criminals are now threatening public exposure of Ransomware data if the Ransom is not paid. Earlier this June, CarePartners – an Ontario-based Home-Care Medical Services provider was hit with a Ransomware Attack on it’s server. This is nothing new; it happens thousands of times a day in many countries. What is new is the demand: pay up or risk having your Patient records exposed to the Public. This used to be the cry of a WikiLeaks Whistle Blower.
While it’s not clear, you have to assume the Ransom was not paid, because the story is now very public. According to news reports, the Hackers even offered to tell the IT Professionals at CarePartners how to prevent a future hack, as a good Samaritan Public Service. How thoughtful.
Whether CarePartners should have paid the Ransom or not is beside the point (for the record, TRINUS never recommends paying the ransom.) But there are two very worrying aspects to this story:
First, there is a level of market-savvy sophistication in the tactics employed by these criminals, that is scary. This is not some pock-marked teenager collecting Bitcoins in his Russian basement. This speaks of a Team of Professionals who know the value of the stolen information and how to maximize its’ value; every bit of it is Organized Crime. They performed the hack, carefully analyzed the data, made their Ransom demand complete with offer to fix the Security hole, and when rebuffed by CarePartners, contacted a National News organization – CBC – to blow the whistle on their victim. In their dialog with CBC, they appeared calm, deliberate, and professional.
Second is CBC‘s response to the Hacker contact. They launched a Full-Court-Press Investigation by three Reporters. They’ve talked with the Hackers – it appears more than once, detailed the demands, looked at sample records, contacted Patients and Employees, and printed their responses complete with pictures. It’s a very comprehensive and professional job. But was it ethical?
No doubt CBC will claim the Public‘s right to know – it’s a common defense against questionable reporting activity. But in their zeal to be first-to-press with the story, CBC have played right into the Cyber Criminals’ hands. The Hackers couldn’t have asked for a more perfect response. By choosing to follow their nose, the CBC story has raised the bar – and Ransom demands – for future attacks. Imagine the threat imposed by future Hackers: now it’s pay up or have your data on the front page for public shaming.
I wonder if CBC would be so zealous in reporting this type of story if it was their systems that were hacked. I wonder if they have ever been hacked?
To be sure, there is a ethical and legal responsibility for CarePartners to report the Breach – and they did so to the correct authorities. Most Canadian provinces have this legislation and it’s taken seriously. But Ransomware Attacks seldom make the front page, unless it’s a big fish like Facebook or EQUIFAX that are caught in the net.
The ultimate line of defense against a Ransomware Attack used to be bulletproof backups that have been verified and tested. You had the satisfaction and comfort of being able to tell the Hackers to buzz off, as you restored your systems from the last good backup. It was inconvenient – and you might loose a day’s worth of work, but it was better than going to the corner Bitcoin machine.
Now, more attention needs to be paid to prevention; robust firewalls, up-to-date Anti-Virus software, hardware updates, Email filers, User Education against Phishing Attacks; the list goes on. It seems we spend more effort implementing Cyber Security Countermeasures, than actual system work. The intended purpose and capabilities of the IT systems are fading into the background.
So, I hate to say it, but stress-free IT just became a bit more complicated. Please contact me or your Account Manager if you would like to learn more about protecting yourself from Cyber Security Attacks.