Mastodawn

cookie Feb 28, 2024

I do ransomware response for really critical infrastructure - like electric power, water, transit systems, manufacturing, oil for a living. I have to be mostly be emotionally detached, even when lives are at risk - that's triage.

Sometimes, when nobody gets hurt I even raise an eyebrow or raise a glass at a new tactic. But let's make one thing clear:

If you ransom a children's cancer hospital, you are irredeemable scum. You know exactly what you're doing, and you chose to potentially delay or disrupt treatment for suffering little kids.

https://therecord.media/lurie-childrens-hospital-chicago-ransomware-rhysida?&web_view=true

Ransomware gang seeks $3.4 million after attacking children’s hospital

Lurie Children's Hospital in Chicago had announced a cybersecurity incident earlier this month. The attackers have claimed intrusions into more than a dozen other hospitals' networks.

People actually up in my thread like, "BuT Us HOSpiTAls R ProFITEEring" like both cannot be true, and like kids don't need chemo today.

I ain't got the time man, you don't come for kids around me.

Jerry 🦙💝🦙Feb 28, 2024

@hacks4pancakes

Bill, organizer of stuff Feb 28, 2024

@hacks4pancakes if the hospital system is profiteering and one is so inclined, they should lock up the PE firm's assets for ransom and leave the hospital out of it.

James Wu Feb 28, 2024

@wcbdata @hacks4pancakes exactly. If a hospital is profiteering, it’s because a PE firm is siphoning money off of desperate people’s care. *Those* fuckers have names and addresses and accounts. The patients and healthcare workers have nothing to do with this.

Jenkins instance 🐶🐾Feb 28, 2024

@hacks4pancakes Remarkable the depths of twisted logic needed to defend ransoming a children’s hospital. I don’t understand the mind that can reach that conclusion. It’s just unfathomable to me

@jjenkins101201 I'd do a lot to survive, but nothing like that.

Jenkins instance 🐶🐾Feb 28, 2024

@hacks4pancakes Same. Everyone should have their red line and it seems a lot of folks never got that memo.

Sindarina, Edge Case Detective Feb 28, 2024

@hacks4pancakes May they step on rusty nails, and die from the infection.

@hacks4pancakes +1

I want CxO's and CISO be forced to pay for the emergency datarecovery, restore and mitigation measures with their own personal money!
https://infosec.space/@kkarhan/112419987210524570

Kevin Karhan :verified: (@[email protected])

@[email protected] the problem is that those who are in charge (i.e. #CISO) and those that could've prevented that (basically all the CxO's) chose not to. And as long as ransoms get paid and #ITsec as well as #InfoSec is not being deemed critical, [shit will continue]( https://infosec.space/@kkarhan/112419956348096557 ). Thus I don't blame the patients that basically got taken as *remote hostages* but rather the people that made this shite possible to begin with and that refuse to take #consequences from anything like this happening - not only to themselves but like competitors...

Infosec.Space

Jerry 🦙💝🦙Feb 28, 2024

@hacks4pancakes I can't solve all the world's problems, but I did solve that problem.

@jerry ooooooooohooo swing that ban hammer.

@jerry you truly are the best.

Jay 🆘Feb 28, 2024

@hacks4pancakes People on here are so single-minded in their obsessive pet crusades.

@jsit It feels like that's the whole internet. People only function in A or B, Black or White... no nuance at all.

The Doctor Feb 28, 2024

@hacks4pancakes @jsit Nuance is effectively dead. Expressing it is tantamount to treason.

The Doctor Feb 28, 2024

@jsit @hacks4pancakes You should see what people get up to offline....

ben Feb 28, 2024

@hacks4pancakes yeah no, I’m happy to be critical of the US healthcare system but I’m not seeing how ransomware improves matters for patients even so.

Mike (no not that one)Feb 28, 2024

@hacks4pancakes Seriously? Like cool story. If they were trying to make a point they should ransomware the CEO's personal laptop. Not the systems of the people trying to actually save peoples lives...

These are not crusaders for your cause, they're just more monsters out for themselves. Sigh

Jennifer Feb 29, 2024

@mikey @hacks4pancakes yes! I read this article yesterday about how a private equity firm not paying its bills may have led to a patient death, while at the same time the private equity CEO bought a $40M yacht. Ransomware their tech, not hospitals!
https://www.cbsnews.com/news/a-new-mom-died-after-giving-birth-at-a-boston-hospital-was-corporate-greed-to-blame/

A new mom died after giving birth at a Boston hospital. Was corporate greed to blame?

CEO of hospital system struggling with supply shortages previously acquired a $40 million megayacht, company confirms.

@hacks4pancakes fwiw, I heartily concur on this. Some people justify the Flying Ginsu treatment.

@CornAnon No empathy for this crew at all. I hope they get what's coming to them, in a big way.

Martijn de Vrieze - TK69241 Feb 28, 2024

@hacks4pancakes
Thanks for being so outspoken about it. Reading the title of the article already gave me tears in my eyes, realizing what it would have done to my child when he was in treatment. We would have lost him due to shit like this.
I am in the same line of work, only for slightly less critical infrastructure most of the time. I share the challenge of remaining detached and rational.

Mark ⛵️🏳️‍🌈Feb 28, 2024

@hacks4pancakes I work with children recovering from cancer - as an old cynic I thought nothing surprised me anymore - this is a whole new level of low. Those responsible are the lowest of scum!

OwlFromTheMoon Feb 28, 2024

@hacks4pancakes Agreed. I'm more on the Protect part of the framework rather than Respond, but it's still jarring every time you realise that "expect people to have SOME form of moral compass, no matter how atrophied" isn't any type of reliable control. Some people are just broken.

Joe Warminsky Feb 28, 2024

@hacks4pancakes When I write or edit about these cases, it hits close to home because in 2021-22 I spent a long time in treatment for leukemia, and I often thought about what it would be like to deal with it as a kid, not as an adult. Anything that disrupts treatment — anything — has an outsized effect, physically and emotionally.

Your Autistic Life FR/EN/ES Feb 28, 2024

I'm a cancer survivor too, and I think the same. There's no justification for what they did. Is the system broken? Unfortunately, yes. Doing what they did is not going to make it any better.

Lesley Carhart has more patience than I do. There are some people who posted in this thread that got an instablock for their trouble. I don't tolerate idiocy very well.

@hacks4pancakes

Karl Pettersson Feb 28, 2024

@hacks4pancakes Yes, like the original ransomware author, who targeted AIDS research (but was not very sophisticated, with his symmetric encryption). https://en.wikipedia.org/wiki/AIDS_(Trojan_horse)

AIDS (Trojan horse) - Wikipedia

@KarlPettersson Like somebody else in the thread said, some people are just born broken.

k3ym𖺀 Feb 28, 2024

@hacks4pancakes a lot of ransomware groups have an ethics message that explicitly state they will not target healthcare.

I harbor an excessive amount of hate for anyone who carries out an attack on a children’s hospital. I hope they end up in a Siberian Gulag.

@k3ym0 aren't there enough student loan agencies?

k3ym𖺀 Feb 28, 2024

@hacks4pancakes @k3ym0 FR!

Btw love your BG3 character :)

@k3ym0 Thank you, I am not sure why I am a BG3 character, but please only have me romance Karlach.

k3ym𖺀 Feb 28, 2024

@hacks4pancakes @k3ym0 can confirm - You’re doing it right. She is hot AF <3

standev Feb 29, 2024

@k3ym0 @hacks4pancakes i see what you did there

Ed Feb 28, 2024

@hacks4pancakes These people can eff ALL the way off, and keep effing off until they hit the sun.

Evan Prodromou Feb 28, 2024

@hacks4pancakes I'm not very sophisticated in understanding these kinds of attacks, but I thought they were mostly spray-and-pray. Did someone intentionally target a children's cancer hospital?

@evan Attacks are getting a lot more targeted at orgs that are less secured and more likely to pay, and at some point they have to do enough research to know how much to ask for. So ... they know.

Thomas Wodarek Feb 28, 2024

@hacks4pancakes My mom used to be a nurse in a cancer kid unit, and very little could stand in the way of them being able to treat the kids, though I guess that was back when the charting system would go offline every Sunday for maintenance, so they were well versed in manual paperwork at the time.

Jamie Clark Feb 28, 2024

@hacks4pancakes 🩵

Blake Feb 28, 2024

@hacks4pancakes It's not only the emergencies and cancer treatments, my kid still hasn't been able to get an ECG to rule out unlikely but still possible heart-related COVID complications and my wife had to go to the pediatrician today to get a paper Rx for the other kid's ADHD meds.

Blake Feb 28, 2024

@hacks4pancakes Lurie's network is huge and this is fucking up health care for SO MANY KIDS in Chicago.

Shecky - Third Wheel Feb 28, 2024

@blogwash @hacks4pancakes How far this reaches beyo9nd just a hospital is awful.
I also hope that it reinforces the idea of what a single point of failure can mean, especially for children.

@hacks4pancakes I wish it was possible to kill some people more than once

Christina Warren Feb 28, 2024

@hacks4pancakes fuck these people and doubly fuck anyone defending this

Adron 🤘🏻Feb 28, 2024

@hacks4pancakes may the appropriate proportional vengeance be dealt immediately to these scum.

Absolute unredeemable souls doing this, undeserving of anything ever.

cookie Feb 28, 2024

@hacks4pancakes we should bring back that thing where you get imprisoned publicly and people through tomatoes and pebbles at you. I like that idea for people like this.

Noah Cook Feb 28, 2024

@hacks4pancakes They're Russian government-sponsored terrorists. If they could blow up American hospitals like they do Ukrainian hospitals, they wouldn't hesitate.

Fascists are going to get their rocks off murdering people, and especially murdering the most vulnerable. It's what they do. The only thing they enjoy more is watching civilized people's confusion and disbelief.

That's who we're dealing with. It's like with ISIS, you have to accept that they're irredeemable psychopaths.

Robb Munson Feb 28, 2024

@hacks4pancakes fuck the big medicine, but don't fuck with the kids, it's a moral nightmare.

Colin B.🇨🇦Feb 28, 2024

@hacks4pancakes Frankly, I wish Elon would spend his billions hunting down and dealing with these vermin.

Enough money and/or broken kneecaps would eventually lead to the ringleaders.

Pete Feb 28, 2024

@hacks4pancakes This is when the west needs to completely cut off certain nations.

@philpetree we are not doing a very good job

Pete Feb 28, 2024

@hacks4pancakes The problem is that we have a bunch of doddering old fools in Congress who don't even know what questions to ask. It's an embarrassment.

k3ym𖺀 Feb 28, 2024

@hacks4pancakes Looks like it was Rhysida...

I know in the past they have been observed encrypting ESXi. Please remember to deploy EDR on your hypervisors everyone.

`Da Elf Feb 28, 2024

@hacks4pancakes There are Rules.

Last I checked, (doesn't even look at notes):

* No civilians.
* The Children Folk are *Completely* out of bounds.

Not that anyone is being decent with ordinance or packets or data these days.

Blue Cat Defends!Feb 28, 2024

@hacks4pancakes This is so disturbing and I also hope they get what's coming to them.

Hessenic Feb 28, 2024

@hacks4pancakes I honestly believe that the people responsible for this should <a series of actionable threats>. This is horrible and inhumane.