danluu,
@danluu@mastodon.social avatar

Some kind of attack (ransomware?) has crippled London Drugs, a local Canadian pharmacy chain (moderate size, 78 stores) for the past week. Apparently their phone systems are tied in with their computer systems since their phones have been down for a week, but they'll fill prescriptions if you go to the store and bring your old prescription labels.

I'm curious if the business is going to be able to survive this or if the customer loss from being down for a week will end up being fatal.

danluu, (edited )
@danluu@mastodon.social avatar

Relatedly, about a year ago, I had a conversation with a director on the fast track to exec at a (different) Canadian chain about how their security practices were outdated and it was trivial to compromise them. I got a very "upper management" response about how it was all fine, no problems, nothing to see here, etc.

I'm surprised local companies that don't have serious security practices don't get compromised more often. Or maybe they do and many are constantly paying off ransomware attackers?

Jespertheend,
@Jespertheend@mastodon.social avatar

@danluu I believe in the Netherlands companies can often just claim whatever they paid for ransom by their insurance company. Which is bad because it only drives ransom prices up.

Charrondev,
@Charrondev@mastodon.social avatar

@danluu another alternative is that it just doesn’t make news when it’s a smaller company.

The variance of the smaller companies and their setups means it much less likely for them all to be hit at the same time and make big news.

SonOfSunTzu,
@SonOfSunTzu@mastodon.social avatar

@danluu I wonder if there are a relatively small number of attackers and a relatively large size of targets, so the actual chances of being compromised in a way that's useful to an attacker is low.

The impact on the target is huge of course, and recovery is particularly difficult, but the chances are a company won't be affected, so they play the odds?

mhkohne,
@mhkohne@mastodon.social avatar

@danluu Target rich environment - soo many potential targets that you don't happen to notice the ones getting stomped.

sysop408,
@sysop408@sfba.social avatar

@danluu it’s even worse with small businesses. The following was a real exchange with someone who once called me to report a mail problem.

🤠: My email’s account’s acting weird.

(I review some log files on the mail server.)

Me: Hmmm, there’s some strange login activity. This doesn’t look good. Someone’s broken into your account.

🤠: Why would anyone want to do that?

Me: Trust me. You need to change your password ASAP.

🤠: Nah.

Me: No really. You need to change your password.

🤠: That’s too much trouble. It’s not a big deal. Let’s just forget about this.

scottlougheed,
@scottlougheed@hachyderm.io avatar

@danluu @heatsink London drugs is oddly extremely beloved. I strongly suspect they will survive. It sounds weird but there’s nothing quite like LD that would be a perfect replacement.

danluu,
@danluu@mastodon.social avatar

@scottlougheed compared to other local options, I prefer LD over, say, SDM, but my impression is that the margins on these businesses aren't super high. A related question is, what fraction of customers need to switch before the business starts losing money? 10% 20%? 50%? And what fraction of users will move their prescription?

If the manage to recover after "only" a week, I would guess that most people won't have even thought of moving, but they're still down, so it could be longer.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • Durango
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • tacticalgear
  • khanakhh
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • everett
  • ngwrru68w68
  • kavyap
  • InstantRegret
  • JUstTest
  • cubers
  • GTA5RPClips
  • cisconetworking
  • ethstaker
  • osvaldo12
  • modclub
  • normalnudes
  • provamag3
  • tester
  • anitta
  • Leos
  • megavids
  • lostlight
  • All magazines
    •