Blame the victim is a common way to solve an IT problem. Although in the case of this latest ransomeware going around Britains hospitals (and lots of other places) there is going to be fingerpointing at the hospitals. They may deserve some of that criticism.
Ransomeware doesn't evolve out of thin air. It uses known vulnerabilities of software which it then exploits and uses that to insert other code to do the encryption of the users files. In this case, it was a known vulnerability of Microsoft. Microsoft issued a fix for that vulnerability in March. So, we could say, "They should have updated their systems with current patches." That allows the victim to be blamed, even though that was two months ago and it takes time to get these patches out in the field, and Microsoft said in the announcement of this patch that the vulnerability was not currently being exploited. That was said even though on the Dark Web exploitation software was being sold. Surely Microsoft must follow what is being sold to exploit their vulnerabilities. One would think so. When I used to see "not currently being exploited" I put that patch on the back burner.
Some people paid the ransom, and those people are being criticized for it. These are hospitals with people potentially at risk if the diagnostic files are not recovered. They had few choices and we can't blame an Administrator for going with the one that helped the patients.
Every now and again there is an incident that arouses enough interest that governments cooperate in resolving a problem. Whoever did this should be electronically decapitated by the governments involved. The Intelligence services of our combined places can find them. This is over the edge and should prompt a call for action on the part of every Government involved. Why haven't they done it already?
No comments:
Post a Comment