Hosted by the National Institute of Technology Karnataka. Made this post so I could sticky it for the duration of the exercise. See full information here: http://ectf.in/ Direct all questions and comments to /u/sushant94
So let me start this off by saying that I’m a nobody, I’m not from their IT and I don’t represent anyone. I am looking to gain an understanding of the problem from the white hat and black hat perspective, and maybe help out if I am capable. But my own security skills are pretty amateur, so there’s likely nothing I could help with. Atm I’m unsure if any of this info is privileged or not, so I won’t share any details that can identify the hospital in question.
That said, here’s what I know so far.
Someone has infiltrated the Meditec system and begun to encrypt all patient data. The hospital received a ransom letter claiming responsibility, and has demanded some substantial sum of money in exchange for the password to decrypt the patient information again. So our hospital has not had access to our patients’ records. I don’t know the contents or medium of the letter, but I feel it would be safe to assume it was either an email or more likely a text document planted on the server.
I don’t know the extent of the breach, or when it was contracted. I heard that this virus is apparently encrypting the data as it goes, and IT has disconnected the internet connection to help to stop the damage.
This is about all I know right now, and all I will know until I come back on Monday.
I’ve done some google sleuthing and found this technique used and reported more than a few times in 2012, so perhaps the same methodology has been used and adapted for 2014.
So, in your experiences, what’s going on right now? Anyone with experience with this type of attack have any insight on how it was accomplished, or even possible solutions?
Like I said, I’m here to learn and this is really quite fascinating to see unfold. Respect to all sides of the CS community; black, white, and grey.
Edit: Thank you everyone for your responses, it’s been enlightening to explore this subject and share experiences. Cheers!
I am aware of some that do it for http, but nothing I find works for HTTPS.
First of all, I have almost no knowledge of computer programing or hacking or anything. I am fairly tech savvy otherwise.
I have a mac book pro and recently I encountered this problem where every time I tried to access my university’s website the URL was redirected to Facebook. I took it to IT and they discovered that a host file disguising itself as a video codec was the source of the problem.
Now, my roommate is a computer science major and we don’t get along well at all. Is this something he could accomplish? Or is it just some malware I picked up on the interwebs?
I’m a college student interested in white hat opportunities. I know C and Python programming but I was recommended Kali Linux as a good medium skilled hacking os. I’m learning to run spoof and airmon tools. Can anyone recommend any forums for help or how tos?