Information Technology

There are really only a few ways to make money from cryptocurrency. You can buy it, making a profit when you eventually sell it. You can mine it and make enough coins to make a profit when you eventually sell it. 

You can run a cryptocurrency exchange and make a profit from every transaction. You can even invent your own cryptocurrency and make money when your idea eventually grows big enough to make a profit. What have I left out? Ah, yes. The risks and the costs. You can buy cryptocurrency, but you’ll only make a profit if the currency’s value goes up — and goes up enough to exceed the fees involved in buying and selling. Whether or not that happens is anyone’s guess. It’s very similar to buying stocks. Safe bets don’t necessarily net big returns, but high-risk bets can cause you to lose your shirt.See also: Cryptocurrency comes with one colossal caveat: Remember the tulips.You can mine cryptocurrency, but there’s a cost to the mining rigs and an even greater cost in electricity and cooling. If you’re just using a spare computer during its idle time, you’re never going to make enough for it to be worth the time and effort. But if you dedicate machines or an entire facility, the cost in hardware and power may exceed the value of the coin you mine. You can set up an exchange, but there’s an enormous level of effort to build in the infrastructure and security, as well as the marketing necessary to be accepted as the crypto equivalent of a bank. It’s not an easy task.

You could create your own coin and hope investors jump on it as a bandwagon. Generally, unless you have someone as high profile as Elon Musk touting it, you’re probably not going to reach critical mass. But what if there was a risk-free way to make big crypto profits? Scammers and criminals, it turns out, have figured out a way. They’ve created malware that does crypto mining when placed on an unsuspecting user’s computer. The scammers don’t have to spend on energy or gear. All that is paid for by their victims. The criminals need to rake in the profits from selling coins they spent nothing to gather. Fortunately, antivirus and anti-malware products like Norton 360 scan for crypto-mining malware. So if you don’t want your machine’s cycles sucked away by a criminal enterprise, invest in a subscription to Norton’s service, and your PC will be crypto-mining free… or… wait… what? We’re about to split some very ugly hairs here

We covered this last summer. When you install Norton 360, you also install a program called NCrypt.exe in the program’s Windows directory. Recently, the Verge did a deep dive on how this works. NCrypt is an Ethereum crypto-mining application. Fortunately, and we can give slim kudos to NortonLifeLock (the company behind the software), the crypto-mining application is not automatically turned on. Instead, the installer presents a big green nag screen promising you can “Turn your PC’s idle time into cash.” This leads to the switch that enables the crypto-miner. So while Norton isn’t running a crypto-miner without your permission, it is installing the software automatically and without prior permission. It’s definitely a step up from malware vendors because you can turn the feature on and off. That said, there’s an element of “the house always wins” at work here, and Norton 360 users are definitely not “the house.” Norton’s cynical bet When Bitcoin was first introduced, its shadowy creator came up with a scheme for creating value. The idea was that as more and more coin was “mined” using complex computer algorithms, the computer overhead would increase. In other words, it took more computer work and power to mine the 100th Bitcoin than the 10th. Today, mining popular currencies like Bitcoin and Ethereum takes tremendous processing power. You could take all the spare cycles of your desktop computer and run it every night for a year and make less than $250. While an extra $250 is nothing to sneeze at, the gotcha is that it will cost at least that much in electricity. In fact, the Verge did a mining test using NCrypt.exe. Their testing showed, “In real numbers, a night of mining on an RTX 3060 Ti netted $0.66 worth of Ethereum and cost $0.66 in off-peak electricity.” The thing is, Norton takes 15% of all the cryptocurrency that users mine using Norton 360. I reached out to Norton’s PR team to ask what percentage of Norton 360 users turn on crypto but have not yet received a response. We can assume there’s a fair number. After all, the promise of “Turn your PC’s idle time into cash” would seem pretty compelling to most users. See also: I bought Bitcoin from PayPal. Here’s what happened.Even if you keep your machine on all the time, it uses considerably less power than if you’re running crypto-mining algorithms. With that, let’s deconstruct Norton’s cynical bet.

Most users will lose a considerable amount in terms of power expense and wear and tear on their machines because even though the mining and power costs broke even for the Verge with today’s Ethereum mining overhead, it will only get more costly in terms of calculation effort and power over time. Norton also doesn’t release the Ethereum sliver unless a user reaches a minimum threshold, and that could take a very long time. Then, and only then, can the user transfer the Norton-mined Ethereum to Coinbase, and both the transfer and the sale of the transferred Ethereum will also result in fees. Norton has to know that most users won’t make any money. In fact, they have to know that most users will lose money, never actually derive any value, and never take the step to move that tiny little bit of mined Ethereum to Coinbase. Norton has to know that what it’s really doing is almost the same as malware vendors: using unsuspecting users’ gear and power to mine coin, from which Norton takes a no-way-to-lose 15% cut. Norton is cynically betting that most of its users are too unsophisticated to do the analysis. Norton is also cynically betting that most users will respond positively to an offer that appears to be easy money. So not only does Norton charge
$50 to $250 a year for Norton 360

 (the price goes up in subsequent years, because of course it does), they’re betting that users will spend another $200+ a year on electricity based on the promise of turning “your PC’s idle time into cash.” That’s just cold. Too juicy a scheme I think Norton has unleashed a very dangerous and very disturbing genie here. Because while Norton is an early player in the bundled crypto-mining game, they sure won’t be the last. Shaving 15% in profits off the top, using users’ power and gear to do all the work and pay all the expenses, is just too promising a scheme for other companies to avoid. Without a doubt, expect a darker future where technology vendors embed crypto-miners in their code. The more up-and-up companies may give users the option to opt-in or opt-out, while the less aboveboard businesses are likely just to embed their own mining code and hope nobody calls them out. See also: In just a week, my Bitcoin ‘investment’ plummeted by almost 14%How many connected devices are there out there? How many smart bulbs, smart microwaves, anti-malware software suites, smartphone apps, and games — oh, you can definitely expect this crap from game makers — how many will embed mining software into their programs and sleeze that 15% off the top? Mark my words. Cryptocurrency mined using increasing processor work algorithms is a pox on humankind. Go ahead, comment below. Crypto fans, tell me why being a crypto-miner will make you rich and cool. You know you want to. Go ahead. Thoughtful folks, please feel free to weigh in on the implications of this kind of scheme. Voices of reason are welcome, too.
Disclosure: NortonLifeLock was previously known as Symantec. Back in the days of wooden computers and iron programmers, a way, way, waaay long time ago, I was an executive at Symantec.You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV. More

A prison in New Mexico had an unplanned lockdown due to a ransomware attack. 

As reported by Source NM, the Metropolitan Detention Center in Bernalillo County, New Mexico, went into lockdown on January 5, 2022, after cyberattackers infiltrated Bernalillo County systems and deployed malware. Local government systems were impacted by the cyberattack, including those used to manage the prison.  Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the establishment’s internet but also locked staff out of data management servers and security camera networks.  The incident came to light in court documents, with one public defender representing the inmates suggesting that their constitutional rights were violated due to the sudden lockdown, which also meant that visitations were canceled.  Concerns were also raised surrounding the lack of internet access, with inmates left with only payphones to communicate with court representatives.  Employees of the jail, too, had to rely on unstable cellular connections to make phone calls or access email, and video conference-based court proceedings – imposed widely across the United States due to COVID-19 – could not proceed on the day of the lockdown.  

A number of databases are suspected of being corrupted by the cyberattack, including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.  In addition to the lack of data access and camera feeds, prison guards were left unable to manage automatic doors. However, physical keys could still be used and access to this particular system was restored by the afternoon of January 5.  Federal law enforcement has been contacted, however, the sudden lockdown has meant that the prison may have been unable to comply with a decades-old court order and settlement relating to allegations of poor prison conditions.Speaking to The Register, as of January 12, a spokesperson for the prison said that services “are still being repaired.” In a statement dated January 10, Bernalillo County said employees are working remotely as “the county assesses and recovers from cyber issues affecting certain computer systems,” and normal services are yet to resume. County officials added that “no in-person visitation” is allowed “until further notice” at the prison, and “phone contact is limited.” Bernalillo County Sheriff’s Office Advisory and Review Board (SOARB) has canceled its latest meeting due to “a computer network issue affecting certain computer systems of Bernalillo County.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A UK judge has sentenced a man for using Remote Access Trojans (RATs) to spy on adults and children, stealing explicit material in the process. 

On January 11, the UK National Crime Agency (NCA) said that Robert Davies first appeared on the radar in 2019 after purchasing and downloading a variety of malware, including crypters – used to encrypt, hide, and obfuscate payloads such as Trojans – and a number of RATs.RATs can be used to forge a remote link between an attacker and a victim device, steal information, and conduct surveillance through microphones and cameras.Law enforcement says that the 32-year-old was also a customer of Weleakinfo, an online marketplace that offered stolen credentials. According to the NCA, the platform hosted roughly 12 billion stolen credential records obtained from over 10,000 data breaches.  Weleakinfo’s domain was seized in 2020 in an operation involving the NCA, US Department of Justice (DoJ), and other criminal agencies.  Davies, a resident of Nottingham, spent years using malware to infect phones and PCs. The RATs were packaged up through crypter software and victims were lured into downloading the malware, often through private messages.  “Davies was using numerous fake online profiles to mask his identity and contact his victims on various messaging apps, in an attempt to build a relationship with them and attack their devices using links sent through the chats,” the NCA says. “There was evidence that he had been doing this over a number of years.”

Once malware was executed on a victim’s device, Davies would use his remote access to rifle through PCs and handsets, stealing any explicit material stored on them.  In at least one case, he also spied on a teenage girl through her webcam and covertly took indecent images of her without consent.  UK law enforcement arrested Davies three times between 2019 and 2021 and seized a number of devices from his home. The NCA has identified over 30 victims and obtained 28 explicit images and videos of children. Overall, most of the images discovered by police were of females. It took some time for investigators to realize the full scope of his activities, resulting in charge after charge being stacked against him. Davies pleaded guilty to voyeurism, three counts of possessing indecent images of children, the possession of extreme pornographic content, and a total of 24 Computer Misuse Act offenses.  Sentencing took place this week at Nottingham Crown Court and Davies will spend 26 months in prison. In addition, the judge imposed a 10-year sexual harm prevention order, a 10-year restraining order on five victims, and Davies has been placed on the sex offender’s register.  “Davies had amassed what can only be described as a cyber criminal’s toolkit,” commented Andrew Shorrock, Operations Manager of the NCA’s National Cyber Crime Unit. “Not only was he using these tools to break into peoples’ devices, he was using them to spy on his unsuspecting victims and to steal naked images of them for his own sexual gratification.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organizations today. 

According to “Follow the Money,” a new report (.PDF) published on the financial sector by Outpost24’s Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today. The financial sector has always been, and possibly always will be, a key target for cybercriminal groups. Organizations in this area are often custodians of sensitive personally identifiable information (PII) belonging to customers and clients, financial accounts, and cash.  They also often underpin the economy: if a payment processor or bank’s systems go down due to malware, this can cause irreparable harm not only to the victim company in question, but this can also have severe financial and operational consequences for customers.  PII for identity theft, bank accounts to make fraudulent purchases, a high probability a financial firm would rather submit to a ransomware blackmail demand rather than disrupt operations: these potential attack vectors mean that it is no surprise cyberattackers are relentless in their quest to compromise players in the sector. The COVID-19 pandemic, and the disruption to operations and training it has caused, has only made the situation worse. Blueliv’s whitepaper, based on the unit’s threat intelligence gathering, outlines the main ways in which financial entities are targeted. Phishing, Business Email Compromise (BEC) scams, malware, and credential theft all make an appearance: of which Azorult, Arkei, Redline, Raccoonstealer, and Collector are the top five credential stealers as of October 2021.

TinyBanker/Tinba, Dridex, Anubis, Trickbot, and Kronos Trojans are commonly associated with financial service attacks, and some of these malware families may also be used to pull and execute second-stage ransomware strains including BitPaymer.  Banks and payment processors also face other threats including point-of-sale (PoS) malware, ATM compromise, digital card skimmers physically placed at outlets that are used to clone consumer cards, and distributed denial-of-service (DoS) attacks designed to disrupt a business by flooding their online platforms with illegitimate traffic.  When it comes to the most dangerous threat actors focused on the banking sector, Lazarus, Cobalt, and FIN7 have secured the top spots.  Lazarus is a state-sponsored advanced persistent threat (APT) group from North Korea and has been linked to high-profile attacks against Sony Pictures Entertainment, the Bangladesh Bank via SWIFT, and the spread of WannaCry ransomware in 2017.  The group has targeted the SWIFT transaction system in a number of attacks. In February last year, the US Department of Justice (DoJ) charged two members of Lazarus for their roles in attacks including those taking place against banks in Vietnam, Bangladesh, Taiwan, Mexico, and other countries.  Cobalt/Gold Kingswood has also been named. Believed to have been active since at least 2016 and appearing on the scene with an ATM jackpotting attack on a Taiwanese bank, Cobalt has been linked to attacks against financial institutions worldwide, leading to the theft of millions of dollars. Despite arrests, the group is still thought to be active.  FIN7 is another major, financially-motivated threat group. FIN7/Carbanak specializes in BEC and the deployment of Point-of-Sale (PoS) malware designed to steal vast numbers of consumer credit card records from retailers.  Other cybercriminal groups of note, according to the researchers, are Dridex and TA505. “In order to maintain a deeper level of defense, financial institutions need to take stock of their current cybersecurity posture and prepare their organizations to adapt, making cybersecurity a core part of not just their business strategy, but also their culture,” Blueliv says. “While cybersecurity strategies within the banking and finance sector are maturing, there are still many improvements that can be made.” In related news this week, Which? has conducted an investigation into the security posture of the top 15 UK banks. HSBC, NatWest, and Barclays scored the best results overall, but few managed anything close to a stellar performance in online banking services, including the use of encryption, account management, and secure login systems.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Asha Barbaschow/ZDNet
Telstra said on Thursday it was introducing a flag to note when a mobile number was recently ported, in an effort to make SIM swapping attacks harder and prevent one-time codes sent via SMS being received by malicious actors. “A recent SIM swap or port out on a user’s mobile number might indicate that the person who has access to that mobile service and is receiving one-time codes, might not actually be who they say they are,” Telstra consumer and small business group executive Michael Ackland said in a blog post. “When a request is made to us by a banking organisation we’ll provide a rating (in the form of a number on a risk scale) which gives an indication of whether there has been any recent SIM swaps or port out activity for the mobile service you’re using as a form of identity with that organisation.” Ackland said if a flag is raised, it does not mean a transaction is automatically terminated, but that the bank needs to find out more information before proceeding. Telstra said it was also looking at using fraud-detection technology in retail, insurance, transport, social networking, and online gaming sectors. At the same time, the telco said it was introducing facial recognition and a PIN to its MyTelstra app to sit alongside its multi-factor authentication. “Telstra has strong authentication processes but we have still seen some fraudsters get enough personal and account information from customers and persuaded them to give up their one-time codes in order to pass authentication,” Ackland said.

“From there, they can access other accounts including bank accounts, superannuation accounts, and investment or crypto currency wallets. This is where we want to intervene to help stop this train of fraud in its tracks.” Earlier on Thursday, Telstra restated its 2021 fiscal results to break out InfraCo Fixed and the Amplitel business previously known as InfraCo Towers. Taking on NBN payments, intercompany infrastructure revenue, as well as some passive wholesale and intercompany operation and maintenance costs saw InfraCo Fixed book AU$1.67 billion in earnings before interest, tax, depreciation, and amortisation (EBITDA), making it the second highest earning division behind mobile, which lost AU$350 million to restate its EBITDA at just shy of AU$3.3 billion. Amplitel booked AU$300 million in EBITDA, which consisted of the same products as InfraCo Fixed minus the NBN payments. Of the other divisions, consumer and small business fixed lost AU$134 million to restate EBITDA at AU$139 million, enterprise fixed saw AU$242 million disappear to come in at AU$645 million, while active wholesale fixed had EBITDA smashed from AU$621 million and restated at AU$231 million. The international segment was untouched and remained at AU$336 million. In June, the telco sold 49% of the tower business that would become Amplitel for AU$2.8 billion. Related Coverage More

NSO
The University of Toronto’s Citizen Lab along with Access Now have found the Pegasus spyware developed by the now-sanctioned NSO Group was used to target journalists and non-government organisations operating in El Salvador. In total, the investigation found 35 individuals were targeted across 37 devices, with Citizen Lab having a high degree of confidence that data was exfiltrated from devices belonging to 16 targets. “In several cases, Pegasus apparently exfiltrated multiple gigabytes of data successfully from target phones using their mobile data connections,” Citizen Lab said in a blog post. “We observed extensive targeting using zero-click exploits, however we also identified specific instances in which targets were sent one-click infection links via SMS message.” One of the zero-click exploits was the same iMessage Kismet exploit sold by NSO Group to target Al Jazeera employees, which was patched in iOS 14, and the other was ForcedEntry, which led to Apple notifying users they could have been the target of state-sponsored hacking. Many of the Salvadorian targets received such notifications, Citizen Lab said. “The Kismet exploit has not yet been publicly captured and analyzed, but appeared to involve the use of JPEG attachments, as well as iMessage’s IMTranscoderAgent process invoking a WebKit instance,” Citizen Lab said.”Additionally, we recovered a copy of the ForcedEntry exploit from one of the phones. The exploit appears to have been fired at a phone with iOS 14.8.1, which is not vulnerable to ForcedEntry. The exploit does not appear to have run on the phone.

“It is unclear why the exploit was fired at a non-vulnerable iOS version, though it is possible that NSO operators cannot always determine the precise iOS version used by the target before firing an exploit.” See also: NSO spyware used to hack Polish politicians, Khashoggi’s wife, others Apple is currently suing NSO Group over its use of Pegasus and seeking a permanent injunction that bans NSO Group from using any Apple software, services, or devices. Citizen Lab stopped short of pointing the finger at the El Salvador government and President Nayib Bukele, but said there was a “range of circumstantial evidence pointing to a strong El Salvador government nexus”. Backing up this claim, Citizen Lab said the targets were working on sensitive domestic issues surrounding the government, such as El Faro reporting Bukele’s administration was negotiating with leaders of gang MS-13 to reduce homicides in the country, prison privileges. and “long-term pledges tied to the results of congressional elections in 2021”. Citizen Lab also said the operator had a “near-total focus of infections” within the country. “Through our ongoing Internet scanning and DNS cache probing, we identified a Pegasus operator focusing almost exclusively within El Salvador,” Citizen Lab said. “We first observed this operator in early 2020, though the domain names associated with the operator appear to have been registered as early as November 2019.” Citizen Lab said if Pegasus was sold into El Salvador, it was done despite warning signs that abuse would have take place including: An autocratic-leaning President with a fascination with digital technology; a long history of harassment of independent media and journalists; a climate of insecurity and human rights abuses; poorly regulated police, intelligence, and private security firms; and a lengthy history of corruption, organized crime, state violence, and authoritarianism. For its part, El Faro reported two-thirds of its staff were hit, which included journalists, administration staff, and board members. “When the hacks occurred, the journalists were working on investigations, for example, into the Bukele administration’s negotiation with gangs, the theft of pandemic-related food relief by the director of prisons and his mother, the Bukele brothers’ secret negotiations related to the implementation of bitcoin, the financial holdings of officials in the current government, the government pandemic response, or a profile of President Nayib Bukele,” the outlet said. During 2021, El Salvador adopted bitcoin as legal tender, and Bukele said in November he wanted to create a Volcano-powered Bitcoin City. Related Coverage More

United States Cyber Command said on Wednesday that the hacking group known as MuddyWater is linked to Iranian intelligence. “MuddyWater is an Iranian threat group; previously, industry has reported that MuddyWater has primarily targeted Middle Eastern nations, and has also targeted European and North American nations,” Cyber Command said in a notice. “MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).” On Twitter, Cyber Command said MuddyWater was using a suite of malware for espionage and malicious activity, with attribution provided by the FBI National Cyber Investigative Joint Task Force.”MOIS hacker group MuddyWater is using open-source code for malware,” it said. “MuddyWater and other Iranian MOIS APTs are using DNS tunneling to communicate to its C2 infrastructure; if you see this on your network, look for suspicious outbound traffic.” Alongside its notice, MuddyWater malware samples were uploaded to VirusTotal, including the PowGoop DDL sideloader, and Mori backdoor that uses DNS tunneling.

“Goopdate.dll uses DLL side-loading to run when a the non-malicious executable GoogleUpdate.exe is run. goopdate.dll will then de-obfuscate goopdate.dat, which is a PowerShell script used to de-obfuscate and run config.txt,” Cyber Command said as it detailed one instance of how PowGoop works. “Config.txt is a PowerShell script that establishes network communication with the PowGoop C2 server. It uses a modified base64 encoding mechanism to send data to and from the C2 server. The IP of the C2 server is often hardcoded in config.txt.” In November, cyber authorities across the US, UK, and Australia attributed attacks exploiting holes in Fortinet and Exchanges to Iranian-backed attackers. “FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021, and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware,” a joint release stated. “ACSC is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia.” Rather than going after a certain sector of the economy, the authorities said the attackers were simply focused on exploiting the vulnerabilities where possible and, following operation, they then tried to turn that initial access into data exfiltration, a ransomware attack, or extortion. The same month, Microsoft said attacks from state-sponsored Iranian hackers on IT services firms were virtually non-existent in 2020, but in 2021 exceeded 1,500 potential attacks. Related Coverage More

Maryland officials confirmed on Wednesday that state’s Department of Health is dealing with a devastating ransomware attack, which has left hospitals struggling amid a surge of COVID-19 cases.  In a statement released on Wednesday, Maryland Chief Information Security Officer Chip Stewart said the attack began on December 4 and crippled their systems. 

ZDNet Recommends

The best security key

While robust passwords help you secure your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

“We have paid no extortion demands, and my recommendation — after consulting with our vendors and state and federal law enforcement — continues to be that we do not pay any such demand. At this time, we cannot speak to the motive or motives of the threat actor,” Stewart said. Stewart went on to explain that the health department’s network team noticed a server malfunctioning in the early morning of December 4. They eventually escalated it to the IT security team, which later notified Stewart that it may be a ransomware attack. The state began its incident response plan, which started with notifying multiple Maryland agencies, the FBI, and CISA. They also brought in outside cybersecurity firms to help with the response. “MDH took immediate containment action by isolating their sites on the network from one another, external parties, the Internet, and other State networks. As a result of this containment approach, some services were rendered unavailable and some remain offline today. I want to be clear: this was our decision and a deliberate one, and it was the cautious and responsible thing to do for threat isolation and mitigation,” Stewart said. He defended the decision to keep some services offline, writing that he has seen instances where organizations reconstitute services too quickly. 

Multiple news outlets in Maryland have reported that the health department and dozens of local partners have struggled to recover from the ransomware incident over the last six weeks. For weeks, the department was unable to release COVID-19 case rates as the Omicron variant devastated other states. While that service has returned, health officials now have to calculate the COVID-19 statistics by hand.Governor Lawrence Hogan also defended the state’s response, telling reporters on Wednesday that “unlike Texas and I think a couple of other dozen states, we haven’t lost hundreds of millions of dollars, and we haven’t compromised millions of peoples’ data.” According to local news outlet Maryland Matters, the number of deaths from COVID-19 was not reported in the state for almost the entire month of December, and the state was not able to issue death certificates for about two weeks. In speaking with health officials and union members about the attack, the outlet discovered that some people dealing with HIV could no longer access the daily medication they need and some hospitals were unable to access bank accounts to cover the cost of basic necessities. Also: Ransomware in 2022? We’re all screwedAfter a visit to Springfield Hospital Center, State Senator Katie Fry Hester told Maryland Matters that officials have restored access to high-profile, public-facing tools but “the stuff behind the scenes that the healthcare workers need to actually do their jobs are still down.” Other health officials said many of the state’s smaller hospitals were forced to revert back to paper records. Access to critical databases for communicable diseases, lab reports, and more are still down. Atif Chaudhry, Maryland Department of Health’s deputy secretary for operations, said in a statement that the state has a continuity plan designed specifically for situations like this. Officials prioritized mission-critical and life-safety services as they worked around the ransomware attack, using Google Workspaces as a tool to “ensure that they can serve the public’s most urgent needs right now and resume their standard level of full service.”State officials plan to hold a hearing about the ransomware attack on Thursday.  More