Security researcher, lecturer and threat hunter Kai Bernandini shares his take on the state of ransomware in healthcare and where it’s headed, and geeks out with Mike on cryptography. PLUS: Our perspective on stopping a ransomware attack long before it can start.
On today’s episode of In Scope, host Mike Murray is joined by Kai Bernardini, a security researcher and a lecturer at Boston University. Kai has done fascinating work on offensive security and machine learning, among other things, but in this conversation, Mike is excited to talk with him about ransomware and its influence in the healthcare space. Before jumping into the main topic, Kai briefly shares about himself and his world; ultimately, he says, he’s a math nerd in a trenchcoat doing security.
With that image in mind, Mike introduces ransomware in healthcare to the conversation, first asking Kai how ransomware works. The common conception of ransomware is of an encryption used to shake someone down for money. However, ransomware is more varied, and is at the intersection of ruining someone’s day and cryptography. While Kai considers it a rather pedestrian method of attack, and something of a blunt tool, ransomware is very effective. It generally compromises a computer with an initial infection, works to spread across the network, and eventually starts locking things. Access to the key is dependent on willingness to pay the attacker.
Mike then wonders if ransomware authors have become more sophisticated, and Kai responds that, not only are they more sophisticated, but their work is larger in scope. He goes into detail to explain this contemporary weaponization of technology, noting along the way the fact that misconceptions about the difficulty of cryptology are common. At this point, Mike and Kai pause for a few moments to consider why cryptography is so challenging. As an aspect of computer science, it is built on an abstract approach, and it is heavily steeped in mathematics.
Turning back to details of ransomware in the healthcare space, Mike asks how attackers make money, why they use the method of ransomware to accomplish their aim, and who they are. They use ransomware, Kai says, because it’s effective, and they are any people trying to monetize via cybercrime. Payment is often made in the form of bitcoin, though some other forms are also used. As a final point on the subject of how ransomware works, Kai points out that, contra the usual media image, attacks tend to be opportunistic in nature.
The episode moves toward a close with a look to the future. Mike first wants to know what Kai imagines the reality of ransomware attacks will look like in 36 months. The reality is not going away, Kai responds. If anything, attackers are being emboldened and even working with the trappings of legitimacy. Ransomware attacks feel more organized than they used to, and attacking is quite accessible. If something drastic doesn’t stop ransomware attacks, Kai imagines they will escalate still more.
The COVID-19 pandemic has also exacerbated this situation, especially for institutions like hospitals. It’s not that challenging to attack them, compromise of medical technology could easily push hospital leaders to pay off attackers, and there are not yet strong mitigations in place to stop attacks. As a concluding thought, Kai makes a high-level point that, in order to make ransomware attacks no longer economically viable, it is important for people to start going after attackers.
0:24 – Mike introduces today’s guest, Kai Bernardini.
0:58 – Mike asks Kai to share about his world and about what he’s been up to lately.
2:08 – The conversation turns to ransomware in healthcare, with Mike first wanting to know how it works.
9:24 – Have ransomware authors become more sophisticated?
14:36 – Mike and Kai consider the difficulty of cryptography.
19:45 – How do attackers make money, why do they use this method, and who are they?
25:37 – Kai and Mike talk about the future and the impact of the pandemic.
35:20 – How can we make ransomware no longer economically viable?