Oct 29, 2020

Within the past 24 hours at least 5 ransomware attacks[0][1] happened on US hospitals.

Apart from timing, the attacks don't seem to originate from the same source (which is leading speculation about potential coordination and premature attribution - at least in my social media bubble).

"It would be the season to launch politically motivated attacks (so close to election)" is a weak argument because:

It's a war crime to attack hospitals and the risks of escalation for nation state actors are not aligned with their incentives.

Assuming it's only financially motivated (crime groups) but with coordination (because timing): Very unlikely because criminal gangs lend themselves poorly to orchestration / coordination.

A combination of political+criminal (local political actor financing crime groups)? Occam's razor cuts deep here.

Assume the human brain primed to recognize patterns is a weakness and apply Hanlon's razor. Then the "Timing" is just coincidence and cause is horrible healthcare IT.

The combination of the pandemic, a politically charged climate (elections), technical-debt in healthcare, premature cyber-attribution, could create a perfect storm.

The real lede buried among social media cyber fear-mongering: Discussion wouldn't take place if systems had been patched.

[0] https://nitter.net/uuallan/status/1321477875648942086

[1] https://nitter.net/ColdHandsMD/status/1321227783968796674

[2] https://twitter.com/whitequark/status/1321625126841032705

see also CISA advisory (pdf) https://us-cert.cisa.gov/sites/default/files/publications/AA...