Regular readers of this site will remember the Hollywood Presbyterian Medical Center ransomware incident, if for no other reason than it was the first time we had a medical center publicly revealing that they had been hit by ransomware and had decided to pay the ransom (approximately $17,000) than risk a shutdown of life-saving equipment.
This week, I read a fascinating sidenote to the incident byVitali Kremez of Flashpoint and Travis Farral of Anomali. Noting how important deep dark web (DDW) administrators are in creating cultural standards of what kinds of attacks are acceptable or not, they note that the hospital attack triggered an ethical dilemma:
Although the unspoken code of conduct amongst Eastern European cybercriminals strictly prohibits any malicious activity directed against citizens of the Commonwealth of Independent States (CIS), the targeting and exploitation of Westerners — in particular United States citizens – is highly encouraged. Nevertheless, news of the attack against Hollywood Presbyterian was coldly received by Eastern European cybercriminals, many of whom regarded the incident as reckless and unacceptable. While some in the community supported the attack, the majority condemned the unknown assailants, which created an ethical divide in the underground.
One highly reputable member of a Russian top-tier cybercrime forum expressed his frustration with ransomware, writing “from the bottom of my heart, I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with [the ransomware]…”
In response, a prominent ransomware operator countered that view: “[the attackers] scored. It means everything was done properly.” Rather than adhering to the ethical code imposed by administrators, he proposed that targeting places that were guaranteed to pay was not wrong because, at the end of the day, cybercrime is always about making money.
Read more on Anomali. Sadly, I would say that the second view has prevailed.