This is a super short piece from a couple of weeks ago; I'm trying to catch up, so bear with me!
One of the folks from BleepingComputer reached out to some of the better known purveyors of Ransomware and asked them if they were going to be good human beings and leave the hospitals alone.
The answer? An unequivocal "suuuuuuure..."
There are two great links here to follow up with, but really what it comes down to is that there's no rest for the wicked and no rest for those of us who find ourselves responsible for securing and protecting our critical infrastructure.
I may have mentioned this once or twice: we have to be right every single time. They only have to get lucky once.
With the sudden advent of "WFH" at scale, we just gave them dozens, hundreds, thousands, even hundreds of thousands of additional opportunities. No one, in their wildest dreams, thought that their Business Continuity Plans would include spinning up every single employee to connect to corporate infrastructure.
How on earth do you protect BYOD at scale, with little to no planning and prep time?
I'd submit that the first thing I'd do is protect the data center. Visualize the data flows. Create policy and gather analytics. Protect the inside from the outside, and mitigate data exfiltration by ensuring that recon and exploits are stopped before they're started.
Zero Trust, friends. Anything that's not specifically allowed shouldn't be allowed. If you do it right, it won't cost an arm and a leg, and it won't take your entire team months (or even years) to design and implement, much less maintain.
Have a tremendous day, be safe and healthy, and I'll follow this up with another in the series.
...even if the proprietors of DoppelPaymer and Maze—the two who responded to BleepingComputer–do keep to their word, lots of prolific ransomware remains in play. In fact, hackers hit a Czech hospital earlier this week.