Monthly Archives: September 2020

Ransomware: no more jokes.

First: brief backgrounder…

On September 10, the ransomware-malware DoppelPaymer encrypted 30 servers of a hospital in the German city of Dusseldorf, due to which throughput of sick patients fell dramatically. A week ago, due to this fall, the hospital wasn’t able to accept a patient who was in need of an urgent operation, and had to send her to a hospital in a neighboring city. She died on the way. It was the first known case of loss of human life as a result of a ransomware attack.

A very sad case indeed – especially when you look closer: there was the fatal ‘accident’ itself (presuming the attackers didn’t foresee a fatality caused by their ghastly actions); there was also a clear neglect of the following of basic rules of cybersecurity hygiene; and there was also an inability on the part of the law enforcement authorities to successfully counter the organized criminals involved.

The hackers attacked the hospital’s network via a vulnerability (aka Shitrix) on the Citrix Netscaler servers, which was patched as far back as January. It appears that the system administrators waited way too long before finally getting round to installing the patch, and in the meantime the bad guys were able to penetrate the network and install a backdoor.

Up to here – that’s all fact. From here on in: conjecture that can’t be confirmed – but which does look somewhat likely…

It can’t be ruled out that after some time access to the backdoor was sold to other hackers on underground forums as ‘access to a backdoor at a university’. The attack indeed was initially aimed at the nearby Heinrich Heine University. It was this university that was specified in the extortionists’ email demanding a ransom for the return of the data they’d encrypted. When the hackers found out that it was a hospital – not a university – they were quick to hand it all the encryption keys (and then they disappeared). It looks like Trojan’ed hospitals aren’t all that attractive to cybercriminals – they’re deemed assets that are too ‘toxic’ (as has been demonstrated in the worst – mortal – way).

It’s likely that the Russian-speaking Evil Corp hacker group is behind DoppelPaymer, a group with dozens of other high-profile hacks and shakedowns (including on Garmin‘s network) to its name. In 2019 the US government issued a indictment for individuals involved in Evil Corp, and offered a reward of five million dollars for help in catching them. What’s curious is that the identities of the criminals are known, and up until recently they’d been swaggering about and showing off their blingy gangster-style lifestyles – including on social media.

Source

What’s the world come to? There’s so much wrong here. First, there’s the fact that hospitals are suffering at the hands of ransomware hackers in the first place – even though, at least in this deadly case in Dusseldorf, it looks like it was a case of mistaken identity (hospital – not a university). Second, there’s the fact that universities are being targeted (often to steal research data – including COVID-19 related). But here’s my ‘third’ – from the cybersecurity angle…

How can a hospital be so careless? Not patching a vulnerability on time – leaving the door wide open for cyber-scum to walk right through it and backdoor everything? How many times have we repeated that FreeBSD (which is what Netscaler works on) is in no way a guarantee of security, and in fact is just the opposite: a cybersecurity expert’s faux ami? This operating system is far from being immune and has weaknesses that can be used in sophisticated cyberattacks. And then of course there’s the fact that such a critical institution as a hospital (also infrastructural organizations), need to have multi-level protection, where each level backs up the others: if the hospital had had reliable protection installed on its network the hackers would probably never have managed to pull off what they did.

The German police are now investigating the chain of events that led up to the death of the patient. And I hope that the German authorities will turn to those of Russia with a formal request for cooperation in detaining the criminals involved.

See, for police to open a criminal case, a formal statement/request or subject matter of a crime committed needs to be presented at the very least. This or that article in the press or some other kind of non-formal comments or announcement aren’t recognized by the legal system. No formal request – no case. Otherwise attorneys would easily cause the case to collapse in the blink of an eye. However, if there is what looks like credible evidence of a crime committed, there’s an inter-governmental interaction procedure in place that needs to be followed. OTT-formal: yes; but that’s ‘just the way it is’. Governments need to get past their political prejudices and act together. Folks are dying already – and while international cooperation is largely frozen by geopolitics, cybercriminals will keep on reaching new heights lows of depraved actions against humanity.

UPD: The first step toward reinstating cooperation in cybersecurity has been taken. Fingers crossed…

Btw: Have you noticed how there’s hardly ever any news of successful attacks by ransomware hackers against Russian organizations? Have you ever wondered why? I personally won’t entertain for a moment the silly conspiracy theories about these hackers working for Russian secret services – as there are many ransomware groups around the world. Here’s why, IMHO: Because most Russian companies are protected by good quality cyber-protection, and soon they will be protected by a cyber-immune operating system – yep, that very protection that’s been banned for use in U.S. state institutions. Go figure.

UPD2: Just yesterday a ransomware attack was reported on one of America’s largest hospital chains, UHS: its computers – which serve ~250 facilities across the whole country – were shut down, which led to cancelled surguries, diverted ambulances, and patient registrations having to be completed oin paper. There are no further details as yet…

Flickr photostream

  • KLHQ
  • KLHQ
  • KLHQ
  • KLHQ

Instagram photostream

Five days hiking; the Altai rocky scenery – striking.

Herewith, a continuation of my Altai-2020 tales!…

After spending the night in the tiny hamlet of Arkyt, we were up early next morning, loaded most of our stuff onto uncomplaining horses, put bare essentials (mostly photo-video kit, + warm and waterproof clothing) into backpacks for our own backs, and off we set – for five (!) days of trekking in the Altai wilderness up to Akkem Lake. As the crow flies, it’s a mere 35 kilometers; however, given the specifics of the lie of the land here, the actual distance you cover is around 85km! But it feels even longer than that – say, 100km: there are that many bends and twists and ups and downs, plus much of the way it’s quite uneven and stony. Then there are the flooded sections of the path due to the summer’s rain-overdose; we had to get round these up on steep slopes next to the path covered in bushes. The most unusual bit was where deep, soft moss covered steep sections of the path: it was almost like walking upon deep snow! This was fine when descending, but ascending – oh my grueling-stamina-test!

But for the full length of those 85km – the views all around were absolutely stunning!

You might just be able to make out the cabins down in Arkyt in the middle of this pic ->

Read on…

Enter your email address to subscribe to this blog

Cyber-pandemic: the hunt for a vaccine.

Hot off the presses folks – coming up in a matter of minutes (!) – the next in the Hacker:HUNTER series of online documentaries on cybercrime! And timely it is: it’s about how, during the pandemic, hackers have been exploiting the situation to steal ever more data and money more than before. And they’ve been exploiting the fact that most folks have been working from home too. But wait – they go even lower…

Since the pandemic really kicked in, cybercriminals have been hacking and causing all sorts of trouble for medical institutions and research centers. Some cyber-scum having been searching for get-rich-quick schemes (and often finding them), while others – the more sophisticated groups – have been hunting today’s most valuable medical research information. And our new documentary – Hacker:Hunter: Ha(ck)c1ne – Healthcare on the Edge! – is all about this.

The film shows us how, against the backdrop of coronavirus, the devoted, selfless, hardworking folks working to save lives became targets of super-advanced cyberattacks, while those seeking data on vaccines against COVID-19 have been turning to cybercriminals to pilfer it.

The film is the third season of the series of investigative documentaries about cybercrime – Hacker:HUNTER, released as part of our Tomorrow Unlocked online project.

The first was all about the Carbanak cybercriminal group, which several years ago managed to steal a billion dollars from ATMs in different countries around the world.

The second told the story of the infamously awful WannaCry ransomware attack.

The series is getting really good reviews too, with high IMDB ratings. So, if you’ve seen everything worth watching while spending a lot more time at home than usual, here’s something new for you – here!

And the premiere is, like minutes away – 15:00 GMT (16:00 BST – current UK time).

You can watch the film on our YouTube channel.

Meanwhile – trailer! ->

If you’ll have questions at the end, they can be put to the creators and technical experts of the film: Rainer Bock, Head of Production at our Brand Activation Studio; and Costin Raiu, GReAT director and one of the main consultants for the film.

Btw: for the wittiest, most interesting post on the film – a prize of a 100-euro voucher will be awarded! (the post needs to include a link to the YouTube premiere and the hashtag #hackc1ne), while the author of the most popular publication will be awarded a collection of corporate souvenirs!

So – quickly – go get the popcorn in, and then settle down comfortably and enjoy the film! I promise you it’ll be worth it!..

Altai-2020: along the Argut, via the Karagem.

On today’s agenda on our ‘In for a Ruble, in for a Penny – Altai-2020‘ expedition: further edging ever closer to the main course – white-water rafting. The final stretch of the drive, and then finally switching from 4×4 to 2×2 (trekking-booted feet). Then we got onto two ‘loaves of bread‘ to raft down the Argut.

These pics, in case you’re wondering, are of the ‘road’, not a path! Accordingly, since it’s so hairy and rubbly, at times we were let out to proceed on foot for a bit: the vehicles would have an easier – safer – time navigating it then…

Read on…

A beautiful driving-day – on Altai’s R256 Highway.

The R256 Highway, aka – the Chuya Highway, aka – the Chuysky Trakt, really, truly, totally, is… an amazingly modern highway! So much so that it’s as if this road… is giving… the bird (pardon my Belgian) to any and all entrenched stereotypes held by folks living in Moscow and other ‘progressive’ Russian cities about the ‘provincial backwaters’ of Russia being backward, dirty, unkempt, and on the verge of collapse. Along the full length of the highway (apart from the stretches being repaired/resurfaced – but we’ll allow that:), there is: smooth asphalt; fresh, clean and clear signposting and road markings; sturdy modern crash barriers; and assorted other attributes of ‘how a road should ideally be constructed’. Oh my great job!

It goes without saying it was pure pleasure driving along the Trakt. There were a few ‘events’ along the way, but no major hiccups or incidents. And not even a driving ticket – not a single one (and we really were pushing our luck at times (well, it did feel like an Autobahn:)!

Btw – the above and also quite a few of the following pics were taken by our photo-video-drone maestro Andrey Nartish, of Dyshes Production.

Read on…

The Martian landscapes of the Altai Mountains.

The main course of our Altai-2020 expedition was of course the rafting down the river Katun. However, the various hors d’oeuvres before it were rather special too. The rafting main dish came after a good long steady mosey from the northeast to near where the river starts out up in the mountains. The route: along the R256 highway up to the village Kosh Agach, and from there it wasn’t much further as we were already high up in the mountains.

Approaching the riverhead, we took one look at the super-high level of the water of the river Chuya and realized a spot of rafting upon its rapids was out of the question. Boo! We’d be missing the Behemoth Rapid, the Horizon Rapid, and the Turbinny Rapid (woah: three remote sets of rapids – each with their own English Wikipedia page:). There’d simply been too much rainfall this year – much more than usual.

But what we did instead made up for these omissions: we drove over to the multicolored Kizil-Chin mountains – aka ‘Martian mountains’ due to their unusual yellow-orange coloring.

Read on…

Ode to joy – on Lake Teletskoye.

Lake Teletskoye fills you with rapturous joy. Its vastness, its fiord-like vistas, and of course Altai’s mysterious… vibes. Bit more info re these mysterious vibes, btw: They’re not only magically calming-soothing and encourage you to go full-on meditative “we’re-all-one, there’s-only-now”; for some reason they also… keep you from sleeping! I reckon it must be that the part of the brain that’s responsible for all the deep and philosophically pensive activity simply doesn’t permit the rest of brain any room to maneuver: it kinda just hogs all the resources, much like a very old computer antivirus ).

The lake was calm and even-surfaced when we were there, with occasional odd ripples catching the sun (to fairly blind you:). The views all around – aaaaah (if you’re eyesight’s not shot:).

Read on…

Oh my, oh my: 24 days in Altai!

I think I’ve mentioned in passing recently – perhaps more than once – that I took my annual summer vacation this year in Altai. But it’s mid-September already – and still no Altai series of pics and tales? Eh? But don’t worry, it’s on its way – coming up soon. The thing is, there are soooo many photos this year, and so much video too that needs professional digital editing. Still, I am today able to at least give you my traditional taster, aka, starter course, aka aperitif, as a warm-up…

First, I can tell you – no, repeat to you, since I’ve been to Altai before, and even wrote a travelogue-book about the experience – that Altai is one of the most magically enrapturing places in the planet, IMHO. It’s crammed with: marvelous mountainous beauty, rivers with water of various bright colors, glacial lakes, and assorted other extraordinarily beautiful natural landscapes. But what’s perhaps most extraordinary of all is the fact that the place has a mysterious, powerful… energy, which you almost start to feel physically after several days there. I don’t know what it is; it must be some kind of magic force that’s emitted out of the Altai earth. What I do know is that it affects how you feel: better overall; experiences and sensations are brighter, richer, more intense; and your mood is always fairly cloud-nine! And the wildlife there is similarly other-worldly: ants are huge – the size of cockroaches; mushrooms grow to the size of watermelons; while the region’s mosquitos… – you might expect them to be similarly crazy and mutant-ninja, but no – they’re not interested in humans, leaving them practically completely alone! EH?!

So yeah: Altai: oh my, oh my. Natural, wild beauty redefined!

Read on…