 Tom here from LearnSystems and I wanted to talk about the UHS ransomware attack. Now I don't usually dive into ransomware attacks. I usually save those articles for me and Xavier to go over on our how they got hack channel. But I wanted to talk about this one because of the scale and scope of it and also that it was using the Ryuk ransomware and why that's significant. Let's start with the type of ransomware that it was. Ryuk is sold as a service and it's run by I could say company but we're going to call them cartels because that's probably an accurate description of them and what these cartels do are groups of individuals that write the ransomware. They're not necessarily the people deploying it. They sell the ransomware as a service and you've probably heard things sold as a service. Picture just how a security company provides as a service security for a business. These are groups of individuals working together to write really solid ransomware and before you think I'm praising it, it's more to raise awareness here. They write really good software that is really impossible to de-gript and it has a payment service and it has a customer service people that will help people get this installed and deployed across people's networks. And yes, it's that organized. Now who are they selling it to? People with lesser skills that well in the 90s we would have referred them as script kiddies. Here in 2020 they can be people with lesser technical access but access to things either by phishing emails or by insider threat. These people go, hey, I'm not really skilled enough to write ransomware but I can go in these forums. I can buy this as a service. The people who write the Ryuk software get a cut of it. So the people deploying it now are the ones criminally directly doing it and the Ryuk ransomware people are now at least one level removed but back to focusing on what they do, writing the software, making this enablement tool for people to deploy. And that level of sophistication is why ransomwares become so mainstream. Now you have people who are, you know, narrowly focused on developing the software and another group of people who are out there being the salesperson of it if you want to say. And that is just a terrifying structure when you really think about it. Now the UHS attack. Cyber attack in UHS hospitals nationwide last night. This was in one of the subreddits that I regularly visit and I'll leave links all this, of course. And this reported but was not cooperated right away, but it was really interesting because a few people claiming to work there were talking about the details of it, etc, etc. And then the story started to come out and there's even officially statements from UHS. Bleeping Computer has this article on it talking about it being, you know, the radio grants somewhere confirming a lot of the things and what they had done is contact some of the employees. And of course, then there was an official statement from UHS themselves. And it's knocked everything offline starting Sunday and moving into Monday. And now here we are Tuesday, September 29th, and the disaster we still don't have the details of. Now one of my first thoughts would have been for how they got in or how they did this. I like to speculate a little bit, but not too far. But this is something that concerns me greatly and one of the reasons I think we're probably going to see another, you know, round of attacks against a lot of companies because the larger the company, the more effort it takes to patch all the servers. And this particular zero login at Microsoft's is actively saying, yes, people are exploiting it, is tragically bad and makes it trivial to have any access. You don't need a foothold in the system. You don't need some system level access. You just need to be on the same network as their domain servers. That's it. And we have been running ourselves as a IT company, getting as many systems patched as fast as possible, which, you know, this was one of those things that Microsoft dropped on us in terms of zero login, being really bad and one of the worst things we've seen in a while come from security. And it's also super scary because of, well, it requires rebooting servers and think about hospitals being mission-critical and asking to reboot a server. You usually have to schedule that. It's not like you could just take it down the middle of the day. And why is that? Well, hospitals are literally life and death situations, and that's what's happening at UHS. Now, the other aspect of this is going to be very interesting is they are redirecting people. And what redirecting, for those who don't completely understand the significance, is we're going to send to another hospital, but that does include emergency situations. So they're going to take ambulances that would have been destined to the closest hospital, which may have been UHS, and direct them to a further away one. This recently happened in Germany, and they are charging the ransomware people who attacked a hospital there and caused a redirect that cost another 20 minutes for a person's arrival to a hospital, which ultimately led to their death, or at least a causing factor. So they probably had a statistical likelihood of surviving provided they got to the hospital faster by directing them somewhere else because of this incident, and this will lead to further charges, probably negligent homicide, and that's going to be charged against the people provided they catch them, who did these ransomware. And unfortunately, because many of them are overseas, they're completely remote threat actors, it is not statistically likely that they will catch them, no matter how many resources they try to get into it because of the methodologies used. Now, I don't have direct information, as I said, speculative that zero login was used, or it could have even been insider threat. Because of these cartels that run these softwares such as Ryuk, we are seeing an increase in insider threat because now someone who is just an jaded person who may even work at a lower level at the company, but goes, hey, the zero login thing, we know that they're not patched. I don't know much about ransomware, but I know I can buy it as a service over here and deploy it at some company that they have low-level access to and elevate their privileges, and this is why it's so important to get these debriefs so we can understand the how and look at ways to prevent if there was a way to prevent it. But you know, these are the things that we should be thinking about all the time. It does make it rather scary working at IT when I think about having to deal with all these things because we do everything we can and mitigate. You can't always absolutely secure things, but you mitigate them as much as possible. The other thing I want to bring up is people see this all the time and see a large company get hit and they go, wow, good thing. I'm not a big company. That's not the best thought process. And I bring that up because we have dealt with so many small businesses. I'm talking like four employees that have been hit and you're going, they get hit, they go after those companies? Absolutely. With these ransomware as a service, being so easy to deploy and so easy to set up, now they just blink it out there and small businesses are particularly vulnerable because of their mentality of, I don't see it in the news, it must not be happening. It only happens to big companies because the payout's bigger. They call it whaling. That is when they go after the big companies, but fishing is still really popular with small businesses because, hey, whatever, a few thousand dollars for sending an email, if that's all they got out of the business, they're pretty happy. And sometimes they don't even get it. A small business becomes devastated because the ransomware just destroys all the files. They don't have proper backups. They're dealing with any legal compliance issues that come from having someone had access to their systems inappropriately. And we've seen companies not even make it out of that. They just belly up. We had a couple incidents I've talked about before where there was a couple of healthcare providers, smaller ones here in Michigan, that the answer they had was just to not open up again and do early retirement, which left their patients holding it, going, wait, we were in the middle of things. They're like, yeah, we got ransomware. We can't afford it. We're just bankruptcy belly up and away we go. Now they had the foresight to be able to retire, but not everybody does. So I'll leave links to these articles and just want to raise some awareness as why I'm doing this particular video on this topic. And I don't want to just beat the drum and repeat myself, but look, this is very serious. You have to think about even especially, I should say not even, but especially as a small business, you're targeted more because you're often a easier target. These companies have very sophisticated systems that this got through. And I'm not saying they didn't have some egregious, you know, hole they left or gap they left under security, but sometimes the debriefs are they had done pretty much everything right with very, very small things. And they had done way more than most small businesses do. So what do you think that leaves you and small businesses as these companies ramp up security, these small businesses become the low hanging fruit that the especially lesser skilled people are just using this ransomware as a service to attack. So just trying to raise some security awareness and thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos, they're accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.