There is a major industry tracking the ransomware across the world now and some are offering “intelligence feeds” and “threat detection” services. Some organisations have jumped in the game for the AI based detection. Unarguably, no one wants to be thrown out of the gear. The article, from Wired, offers little in terms of attack vector and just names the organisation which got affected.
Here comes the clincher. Are the healthcare organisations required to report the ransomware attacks? What about the compliance costs associated with the IT infrastructure? I won’t be surprised to read about the big four audit firms being paid money to certify the same organisations as “secure”. Their recommendations are not even worth the paper they are printed on.
Some researchers are calling for a ban on paying ransoms, arguing that drastically reducing that incentive is the only measure that will stop ransomware’s rise now. The recommendation has been controversial, though, given how high the stakes can be for returning to normal operations during an attack—especially when the target is critical infrastructure or a health-care-related organization.A Ransomware Attack Has Struck a Major US Hospital Chain | WIRED
Wired is a useless publication, but sometimes it is necessary to link to it because equivalent news sources have not bothered to pick up the story. While the online report does mention about the bravado of shifting to the paper-based systems- it makes one wonder. Are the processes in any organisation so redundant that the back-up systems can kick up in place?
Why have Windows based systems in the first place?