HANCOCK REGIONAL HOSPITAL(USA.)
SAM SAM RANSOMWARE.
In a fast-moving digital age, cybercriminals from Russia to China, Brazil to Vietnam or from Japan to Nigeria use the same underground network to target either individuals, organisations or government systems with malware until a ransom request is met. The world of ransomware is the world of money and data fuelled by fear and lawlessness. A borderless crime where a system is attacked and encrypted for money. In other words; this is the new “wild wild west” in the twenty first century. The battle to stay secure online is total war and it is a daily one.
Ransomware criminals use malware by sending a multiple phishing emails to firm’s employee for a chat with the support team. With this, they hack, lock, encrypt data and further ask for a payment via Bitcoin before the decryption, although this is never guaranteed. What started in 1991 by a biologist that spread PC Cyborg through floppy disc to “police” ransom of illicit activities and a “fine” payment is required (Josh,2017) is now a big business. For instance, Crypto locker 2013, Tesla crypt that targeted video games, “Wanna cry” of 2017 that occurred in 116 countries including the United kingdom’s National health services(NHS) and “Petya “attack speculated to be a Russian attack on Ukraine. (Josh,2017)
In other words, the user is lured to click a link that looks real whereas it is fake, and the malware download a Ransom ware. The criminals use Distributed Denial of service(DDS)from different computer location. It targets the server and ensure it is unavailable or by flooding the network to prevent genuine traffic. At this stage, the systems are turned into bot (Zombie like) and little botnet. Like an army that obeys a command, the encrypted system is bound to obey the command of the attacker. (Dhanya ,2017).
As in most breaches the fault is not the technical procedure, not the machine but human error. To put it in simple word lack of knowledge, poor capture and under investment. As Cicero the Roman philosopher cautioned “it is the nature of man to err” (crew resource management,2018)
On January 11, 2018 Hancock regional hospital was attacked with Sam Sam ransomware and a ransom of $55000usd demanded for decryption. According to Steve Long the president and CEO, the point of entry was a vendor’s computer with the remote desktop protocol open to the internet and with the vendor’s username and password the hospital’s server and all data were encrypted. In addition, Steve long went on to summarise the sequence of events as follows;
. Attack lasted 4 days
. Log in credentials of a vendor used
. The server in emergency, IT back up facility and connections were used to deliver Sam Sam by remote execution.
. FBI involved and criminals from eastern Europe identified.
. Data, files encrypted and a buy back through
Bitcoin payable via TOR web browser on the dark web suggested.
. Lasted four days, affected IT team, over 1200 employees and over 1400 files
. Payment of $55000usd made and files unlocked. (Steve,2018)
Although the malware was not through an email with malicious attachment, yet the attack was successful. With hindsight one would expect the management to have the following procedures in place
. Constant review of protocol.
. Privilege should be restricted to a few client server machines.
. The backup should have the hospital’s data for emergency use. It must be isolated from the internet (except for emergency).
. Pay for extra IT staff
. Cloud servers and external disks.
. Retrain staff, change passwords.
. External checks and certification of vendors.
Notably there has been a spike in ransomware in the health industry in recent years.(B kerb,2016).According to USA today “in May,2017 a ransomware virus affected over 200,000 victims in 150 countries including over 20 percent hospitals in the united kingdom”.(2018).The argument is that the health care services process and store sensitive private records which sells well on the black market(D thakar,2017).Moreover the record contain the bio-data like the medical history, credit card, social security or national insurance number, banking details, email details and employer’s history. In view of this the criminals target the health services knowing fully well that the organisations will pay given the fact that such attacks could damage their reputation and the hospital would rather avoid law suits. According to solution SERT quarterly report and Health IT CIO report, 88 percent of all ransomware targets the health sector (2018).
Conversely cybercrime is viewed differently in different parts of the world. The Chinese ransomware main target is internal and open on websites, the Europeans and United states like many others are underground. The Russians are leaders and seems to have the support of the state if their target is not within the former Soviet Union. In other words, they are sometimes trained to get information. To give an illustration of this, the US justice department released an indictment alleging the Russian federal security service(FSB) protected and directed Dmitry Dokuchaev and Igor Sushchin to hack. Along with this the FSB was accused to have paid Karim Baratov and Alexsey Belan to obtain the email accounts of yahoo customers. Similarly, Nigeria cybercriminals for instance see their preoccupation as a reparation for the years of colonialism and its extortionist policies.
Significantly data collection has been weaponised. Francis Bacon the English scientist once said, “knowledge is power” (David,2016). The power of data and governance is knowledge. For instance, Facebook empire has over 2billion monthly users(cnn,2018).Google,Amazon,Wikepedia,Youtube are so powerful that they control data and manipulate the rest of the society. Likewise, the FSB and Putin Russia, Breitbart news and Robert Mercer are so powerful they set the direction and significantly Putin is dictating the agenda and ultimately want to set the world order, from Syria to North Korea and from China to Europe. Importantly for him like Machiavelli Niccolo said, “the ends justify the means” (Philosophy stack exchange,2018)
Above all, the way out of this quagmire is for individuals and organisations to review their protocols, be up to date with anti-virus, retrain the workers and ensure a heavy investment in Information technology. There should be constant cyber awareness drills, firewalls and be prepared for incident response. All things considered, there should be a united front to stop the payment of ransomeware which is the only way to stop this crime.
Dagobert, R. (1959) Pictorial history of philosophy, Philosophical library, inc New year
David (2016)88 percent of all ransomware targets the health sector.
Dhanya, T (2017) Preventing digital extortion: mitigate ransomware, Ddos and other cyber extortion and attacks. Packt UK
Federico, V (2001) The Russian mafia, Oxford university press
John, T. (2009) Secrets of communist computing. PC plus no283.
Josh, F. (2017) The 5 biggest ransomware attacks of the last 5 years.www.csooline.com
Mark, H. (2011) Cybercrime: The new threats. PC plus .no311
Phil, W. (1997) Russian organized crime the new threat?
Philosophy stack exchange (2018), philosophy.stackexchange.com.13,03,18.
Steven, B. (1998) Power, crime and mystification. Routledge London.
Suelette, D.;Julian A.et al.(2011) Underground. Canongate books ltd Edinburgh.
Stuart, T. (2014) How algorithms control your life.no242, page54.PC pro, Dennis pub ltd. London.
Vic, R. (2018) Hackers held patient data, www.usatoday.com;tech,19:03:2018.