早上就看到這新聞,
http://news.ltn.com.tw/news/world/breakingnews/2066061
〔即時新聞/綜合報導〕如果在使用Windows XP 、Windows Vista、Windows 7的用戶,請盡快將電腦系統更新。目前名為「WanaCrypt0r 2.0」的勒索病毒席捲全球,包括英國、西班牙、俄羅斯、日本、台灣等99國遭受攻擊,英國的醫療系統在受到攻擊後,電腦停止運作,被迫要將病人轉移醫院。
The hackers holding hospitals to ransom
http://www.bmj.com/content/357/bmj.j2214
Published 10 May 2017
而這BMJ文章提到的一段話讓我感到興趣,「醫院也許是最願意付贖金的」
Hospitals are ideal targets for ransomware companies. They have irreplaceable medicolegal records and data for an increasing number of day to day functions, from patients’ appointments to viewing imaging. Hospitals are probably more willing than other organisations to pay for quick recovery of their data.
2015-2016美國付給勒索病毒的錢,根據FBI,可能高達10億美金。
Hollywood Presbyterian was the first hospital to admit paying a ransom, but other US hospitals, in California, Indiana, Kentucky, Maryland, and Texas, were targeted in 2016.6 The number of ransomware attacks rose fourfold from 2015 to 2016, and so did the amount of money paid to hackers, to $1bn, according to the FBI.7 In the UK, a third of NHS trusts have reported a ransomware attack.8
賣病人的個資比賣信用卡個資還有價值10倍。
Hospitals also hold confidential information about their patients, such as birth dates, addresses, insurance or social security details, and personal medical history. These personal data can be sold to other criminals for $10 a patient.10 This is about 10 times what can be earned by selling credit card details. Loss of these data also exposes hospitals to fines and loss of reputation—incentives to keep quiet.
大家要注意資安安全啊
We should be prepared: more hospitals will almost certainly be shut down by ransomware this year.