Before we dive into ransomware, we thought you might enjoy a readable overview of the latest and largest data breach. Have fun.
We’ve mentioned before the reason most people don’t get hacked is they’re too poor. It’s far more lucrative to go after banks, to include the IMF et alia, where the hackers can be sure they’ll score actual money and not just overdraft fees.
Where the lumpen masses are affected is the hyper local – their own PC/laptop, via ransomware. And this works surprisingly well even on a larger scale: Short of banks and idiotic companies like Target, the easy money turns out to be in…hospitals.
That’s right – hospitals. They are increasingly becoming prime targets for ransomware. Last month it was Hollywood Presbyterian Medical Center that dolled out the coin…bitcoins, that is, in order to regain control over their network. $17k worth.
Two weeks ago another three hospitals were nailed.
And just last week a whole hospital chain was attacked by ransomware, holding hostage the entirety of the MedStar server network in Maryland and WDC.
Naturally, the FBI was called in.
Interestingly the ransomware forced the MedStar hospitals to reroute ER patients to outside hospitals; the attack prevents patients from receiving timely care. It’s also possible some of thos patients may suffer a negative outcome does that make the hack more? Does the act morph into, say…assault and battery? Then there’s the fact that hospitals are considered part of our “critical infrastructure”: does this ransomware attempt now get classified as terrorism?
Yesterday I checked the logs on one of my personal servers and discovered the following:
22.214.171.124 – – [30/Dec/2015:02:54:11 +0000] “DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you’re out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0” 400 2593 “-” “masspoem4u/1.0”
126.96.36.199 – – [30/Dec/2015:02:54:11 +0000] […same…]
A quick bit of research showed the event to be the work of massscan…but recompiled to run as masspoem. Looks to have been a world-wide prank by the CCC; this is what they told VICE:
“We attempted connections to the entire public IPv4 space (excluding private/reserved ranges and other blocks excluded in the default masscan exclude list), meaning that we reached out to almost 4 billion servers (though many of these packets may have been filtered by a firewall before reaching their intended destination),” Masspoem4u said.
The actual number of systems reached would be lower. “There appear to be approximately 55 million servers open to connections on port 80 (the standard port for HTTP),” the group continued — these servers could have recognised the communication being sent. Of those, around 30 million returned “non-empty responses” and therefore “would be likely to have logged our poem.”
We are proud to have been in that “exclusive” 30 million club….