The week in security: To pay or not to pay? Ransomware puts hospitals on life support

Credit: Illustration 94358378 © Tawatdchai Muelae -

A high-profile ransomware strike affected surgeries and other operations across Victoria’s hospital systems.

Ransomware remains such a problem that the US FBI to offer advice around whether businesses should give in and pay a ransom or not – and healthcare organisations should pay particular heed since figures suggest they have accounted for 79 percent of ransomware strikes this year.

Closer analysis of the major Marriott data breach gave a better view of what had happened to threaten hundreds of millions of records in the hotel giant’s reservation system.

With everyday operations getting more dangerous by the day, the University of Canberra knew that it had to be careful with backup and other data management services as it pushed ahead with a “radical” cloud migration.

Such cloud moves promise major business benefits, but cybercriminals are paying attention too – and, some warn, Microsoft Office 365 in particular is leaving organisations exposed.

Also leaving organisations exposed was a new zero-day Android exploit, which was already being exploited by hackers to compromise Pixel and Galaxy phones.

Meanwhile, security researchers warned about Chinese cyber-espionage group PKPLUG, which has been using both custom-built and off-the-shelf hacking tools.

The Cobalt (aka Carbanak) cybercrime group may be launching Magecart skimming attacks, researchers warned.

Also issuing warnings was the UK government, which pushed security teams to check and secure their Palo Alto, Fortinet and Pulse Secure VPNs urgently.

Read more: US charges Dridex banking trojan operators, offers $5m bounty

The US Justice Department was entreating tech companies to provide police with ‘lawful access’ to encrypted communications – echoing a debate that has already mushroomed in the Australian climate.

CSO’s Security Leaders series talked with Mimecast’s Nick Lennon – who warns about the Big One we haven’t even seen yet – and F5’s Michael Christie, who sees DevSecOps as crucial to building long-overdue business-technology links.

Meanwhile, NBN has been building out its range of business-focused services, helping businesses pivot towards next-generation services.

Microsoft released a virtual desktop tool that allows companies to virtualise Windows 7, 10, and Office 365 Pro Plus apps, and allowed SMBs to pay for extended Windows 7 patches.

Tags zero-day vulnerabilitiescyber espionagedata breachcybercriminalsfbi

Show Comments