Ransomware: The Worst Global Threat of 2020 (2nd Edition)
The Ransomware Crisis
What is the Ransomware crisis? If you follow current events, you’re aware of a new global threat. It feeds directly into the HIPAA maze.
Hindsight is 20/20, and now we all clearly see that the World Wide Web doubles as a Venus Fly Trap. It’s that unique place where you can conveniently store 20 years of patient records in a hard drive smaller than your briefcase.
It’s the unseen storage room where the roof never leaks, and documents are delivered to your digital doorstep at the speed of light. It’s also the place that there’s no turning back from.
When the HITECH Act incentivized medical practices to use Electronic Health Record (EHR) systems, business operations were seemingly optimized at clinics all across the country.
But if cyberspace has closets, there’s monsters in them. And they’re all going to be in attendance for the coming cyber storm.
If one sentence could sum up the sorry state of cybersecurity, it would be: “The world went to step 2 before step 1, and it turned out to be a stumbling block.”
Straight into a slaughterhouse, if you have been the unfortunate target of a HIPAA audit by the Office for Civil Rights (OCR). What we mean is that everyone jumped on the Internet bandwidth wagon before anyone figured out how to saddle the horses driving it.
There are technologies that, when layered together, cannot be breached. They make a network unhackable. But we would estimate that 0.3% of the business world is using them. We know who’s using them, and they can’t be breached. But in this fallen world where folly runs rampant, the whisper of Wisdom can barely be heard.
There are central agencies for taxes, and there are central agencies for audits. But there’s no central agency that tells businesses EXACTLY what technologies to use in order to PREVENT breaches.
The U.S. Department of Health and Human Services (HHS) can give you some guidance, but we won’t comment about whether or not they’re even pointing you in the right direction. They’re not even unhackable themselves.
Regardless, they are quick to assess fines for breaches that are truly unavoidable without the right combination of layered security technologies. Punishment is the focal point, but proper protocol is not explained.
Why? Because they don’t know it…we don’t publicly broadcast our secrets. Maybe they will figure it out one day, but they haven’t yet.
That’s why the “Shadow Brokers” got the NSA hacking tools, because even they don’t know how to properly protect themselves. And they don’t know how to protect us, which is the reason for the ransomware crisis.
We’ve tried to help…but in a web infiltrated by lies, most don’t know the sound of truth.
Which is frustrating, considering it’s our first language. And considering all the talk about an imminent attack on U.S. power grids.
We talk about this and more on https://petronellacomputer.com/security-and-compliance/.
We contacted the U.S. Department of Energy in 2018 and tried to explain a patented technology that turns any device into a virtual Fort Knox. They sent us some paperwork to fill out, and we sent it back.
In fact, we had the patent holder of the technology fill it out. It doesn’t take a rocket scientist to figure out that a technology that has never been hacked (even with an open invite to hackers and a cash reward for success) is worth looking into…especially when it prevents all malware from gaining persistence- and allows nothing to write to disk without approval.
But their paperwork turned out to be laced with red tape, because it was delivered to an address on nowhere street.
Maybe they couldn’t find it- but can’t lives on won’t street. How unfortunate, considering that the technology works on SCADA systems and would absolutely prevent a successful attack on U.S. power grids.
So if/when the lights go out, please know that we tried.
But our whispers fell on deaf ears, or ears unwilling to listen.
Which was the case with SOCOM (United States Special Operations Command) in Florida. We communicated directly with the staff member there who had the power to purchase, but her trusted technical adviser told her they didn’t need help.
Need what?
You didn’t even take the time to see a demonstration of what we were trying to explain. You said no to something you didn’t understand, and you remain vulnerable to attack as a result.
Which doesn’t make us happy, because we are your fellow Americans- and it’s our brothers fighting your wars.
But the blame is not all theirs…many in our industry have failed to deliver on their advertised promises.
The vendors of cybersecurity products are plentiful, but it’s not the best products that get the most publicity…it’s the products that are backed by the biggest marketing budgets.
And it’s causing a global crisis, which is being ruthlessly exploited.
Ransomware is wreaking havoc in the cyber world that HITECH planted all of you in, and you need to have a rescue plan.
Ransomware is most often delivered via phishing emails to vulnerable employees. Don’t believe the hype about the threat of artificial intelligence- natural ignorance is far more dangerous.
If your employees have never seen a professionally crafted phishing email, you need to do employee training ASAP. There are phishing tests, and your employees will fail them.
Like most, you are probably playing the odds. What are the odds that ransomware will hit your office when there are so many businesses in the world?
Yes, but how many hackers do you think there are in the world?
There is malware-as-a-service available for purchase. There are hackers for hire. There are new exploits daily, all for sale.
While a ransomware attack will leave your precious data encrypted and unusable, it will be readily available for purchase. Likely, there will soon be one monstrous malware to rule them all.
The NSA has created a tool called “Ghidra” that they’ve made available to the public for free, and it reverse engineers malware code. The world still remembers the last time NSA tools hit the streets, and if Paul Revere were still alive he would be riding through these streets screaming “another NSA tool is coming!”
The view always changes when you adjust perspective, and a free tool to reverse engineer malware sounds like a great idea- until you remember that nothing in this world is free.
There have been roughly 500,000 downloads of Ghidra as of July 2019. We would guess that most of them are security researchers, because cyber criminals don’t attend NSA sponsored tracking events.
Which still sounds okay, until you take your perspective to the bigger picture and factor in “federated learning.”
Federated learning is a type of machine learning that can learn from data that is stored on many different devices, and can then summarize the data to meet its intended research goal.
Essentially, funneling data from many devices into a master control.
The 500,000 suspected security researchers who have downloaded Ghidra have, stored on their devices, the code for most of the strains of malware known to the world thus far.
Just as there could be a malevolent “mother” artificial intelligence that strengths itself by embracing all other algorithms, there could be that one bad apple who doesn’t like group hugs.
If there is to be a malevolent AI, he could really nasty himself up by using all the known malware strains as his food.
Ghidra would be his all-you-can-eat-buffet.
Elon Musk said, “With artificial intelligence we are summoning the demon.”
No, we aren’t.
But the NSA might be, whether or not they know it.
So if we’ve got a good mother AI and a powerful father AI, what do we have besides a 21st century style dysfunctional family?
Clash of the Titans: Gaia vs. Uranus, all over again. This time, it may not be Kronos who wins, because time may be running out.
This nasty AI could take the whole web hostage with his strain of ransomware. What would the rulers pay, and whose side would they be on anyway?
In this cyber war, the one least vulnerable to attack will win. Our 22 layers of security technologies might just come in handy one day, after all.
Our Wisdom, that’s always been our Ace card.
But we haven’t gotten to the bad part yet.
If the whole wide world is under a web, the Internet of Things (IoT) devices are the threads that weave the web together.
The IoT is how Smart devices link to each other and communicate. It puts the “c” in connectivity, but it also puts the “u” in unsecure. By 2020, it’s estimated that there will be 30-50 BILLION devices connected to the IoT.
All with poor cybersecurity, and most infected with malware. And that’s a whole lot of arms and legs for the winning AI.
If this sounds bad, the abyss is the limit in this black hole of bad news.
There’s a new search engine called “Shodan,” and it’s the Sheriff in the city of doom.
If the IoT were a pool of devices, Shodan would be the shark in the water.
In short, Shodan searches for devices connected to the IoT and it stores information about their “services.”
The information collected about a service is stored in something called a “banner.”
Banners include “properties,” and that’s where the danger is.
Properties include device IP addresses (this is so bad), server responses, port numbers, IP space owner names, and more.
Worse yet, hackers can search by TYPE of device, such as: router, server, security camera, heating/cooling system, SCADA system (so, so SO bad), traffic light, etc.
That’s not even the scary part.
The scary secret is that Shodan can also search by specific location, including EXACT COORDINATES.
Location, location, location.
So, Joe Hacker is searching for a doctor. Like everyone else, he uses Google. Lucky you, you show up on page 2 of his search results.
He looks at you on Google Maps, and he gets your exact location. He finds all 19 of the connected devices in your office. He’s not that motivated, so he will narrow it down to a certain operating system he prefers- such as the one that has a new zero-day (unpatched) vulnerability.
Search results, down to 3 devices. He’s got banners on them now, and you’ve got a problem.
Your front desk receptionist gets an email from Google on her PC, saying she must change her password ASAP.
She clicks the “change password” link, and does her due diligence. Only it was a phishing email, but she wasn’t properly trained on how to spot one.
And it was a good one.
The hacker is now an infiltrator.
His ransomware infects her PC, and your screens go blue.
Your data is now encrypted, and you can’t see any of it. The good news? What doesn’t kill you, makes you stronger.
But you have a surgery in 20 minutes, and you need the patient’s records.
You only have to pay 1 bitcoin to decipher them. Except the price of bitcoin is soaring, and you don’t have any bitcoin.
Nor do you quite know how to buy one, or how to keep it safe in your crypto wallet…or how to get a crypto wallet.
Your system is also now ripe for cryptojacking.
Now you’re part of the crypto world, and you lose sleep wondering who Satoshi Nakamoto is.
He’s Anonymous for a reason, right? And you’ll have to lay awake pondering the meaning of bitcoin, and wondering what exactly it’s mining. Is it digging something up? Is it friendly? Or what happens when, like all mines, the mine collapses?
But that’s all the wondering you can do for now, because you’ve got a decision to make.
The ransom, to pay or not to pay?
You now have to notify all of your patients that you’ve suffered a data breach. You have to notify the OCR.
You have to cancel all appointments for the rest of the week, because you have no electronic health records or personal health information (PHI) on your patients…which depletes the rest of your patience., and your ability to not panic.
Our advice: get help beforehand. Proper preparation prevents poor performance.
The cyber realm, it’s no playground. Be proactive…the odds are never in your favor. Ransomware is creating the perfect cyber storm, and you really should get ashore.
In this world, there’s lots of bad guys. Sometimes, they are just scapegoats. Sometimes, they are dressed in black yet they fall in the gray area- kind of like Darth Vader.
But sometimes, they really are just plain bad.
Want some good news? There may be more good people soon. “In 700 years the laurel will become green again, the good people will return.” -Guillame Belibaste, 1321.
Well that’s right around the corner! Is it the return of the Jedi?
We like good people (the kind who don’t infect your network with ransomware).
And Guilllame Belibaste did say that, right before he was burnt at the stake. Seems that in 1321 they had a problem with the powers that shouldn’t be, as we may today.
But ransomware is a 21st century plague, and it’s going to turn the dream of HIPAA compliance into a nightmare.
Focus on the positive: the possible incoming of good people.
But if you do run into a bad guy, we are always ready to fight them for you.
Otherwise…may the Force be with you all.