The United States and Canadian governments have joined forces and issued a joint PSA about ransomware infections and what can be done to stop them.
The United States Department of Homeland Security and the Canadian Cyber Incident Response Center recently published an alert titled, “Ransomware and Recent Variants,” which delves into ransomware's main characteristics, its prevalence, variants that may be proliferating, and how users can help prevent & mitigate against these malicious attacks.
2016 has proven to be a tough pill to swallow for the healthcare industry, with destructive ransomware variants like Locky infecting and crippling computer systems left and right. In February, the Hollywood Presbyterian Hospital fell victim to a ransomware attack and were demanded to pay a ransom fee of $17,000 to gain access to their systems again. Shortly after that, the Kentucky Methodist Hospital had to shut down all of its computers and activate a backup system.
The reason for ransomware's undeniable success rate could be due in part to its terrifying nature or life or death circumstances it has on the healthcare industry and its patients. Healthcare IT systems are notoriously known to be overly complex and are the most vitally important element of any organization- if the IT systems go down, people’s lives become at risk. It’s exactly for this reason that many criminals believe hospitals will be quick to give in and pay the ransom fee with no hesitation.
According to VASCO Data Security, “The recent increase in ransomware attacks is being driven by a proliferation in ransomware toolkits. Anyone can buy the tools to conduct ransomware attacks for as little as $100 on the dark web. It’s a numbers game- more attackers equals more victims.”
The lasting impacts of falling victim to a ransomware attack are not limited to only home users, but also businesses. Some of the negative consequences of a ransomware attack include temporary or even permanent loss of sensitive data, disruption of regular operations, financial losses and harm to an organization's reputation. That being said, paying a ransom fee does not guarantee the encrypted files will be released. But, this does guarantee money in a criminal’s pocket, and in some cases, the victim's banking information. Furthermore, decrypting files does not necessarily mean that the malware infection itself has been completely removed, leaving the victim still vulnerable to attack.
With this increased proliferation in ransomware variants, businesses and individuals alike need to wake up and prepare to fight against ransomware attacks. US-CERT recommends the following preventative measures to protect your systems from a ransomware attack:
- Employ a backup and recovery plan
- Use application whitelisting to prevent unapproved software from running
- Maintain up to date patching and updates on operating system
- Maintain up to date anti-virus software
- Restrict users permissions to install and run unwanted software applications- apply to principle of Least Privilege
- Avoid enabling macros from email attachments
- Do not follow unsolicited web links in emails
Finally, the PSA advises individuals and organizations to avoid paying the ransom fee as it doesn’t guarantee you’ll gain access to your files again. Instead, they encourage individuals and organizations to report these ransomware attacks to the FBI’s Internet Crime Compliant Center.
As healthcare providers increasingly become the ideal candidate for cyber criminals, it’s important to abide by HIPAA compliance, but to also implement other additional IT security solutions that will detect and block ransomware before it can do damage to the organization and its patients. By introducing solutions like NNT’s Change Tracker Gen7, organizations will be equipped with File Integrity Monitoring, which would notify you of any malicious malware in your IT estate.
Mark Kedgley, CTO, New Net Technology comments, “if an organization wants to maintain security and minimize the financial fallout of these attacks, the emphasis has to change. Accept it- the chances of stopping all breaches are unlikely at best with a prevention-only approach. Instead, with non-stop, continuous visibility of what is going on in the IT estate, an organization can at least spot the unusual changes that may represent a breach in real time and take action before it’s too late."
Read this article on InfoSecurity Magazine