2015 was rife with widespread propagation of ransomware and 2016 will be much the same.
What is it?
Ransomware is different than most historical malware. Instead of hacking into a computer to acquire and sell sensitive data, ransomware encrypts the data so it is unusable until the user pays a ransom. The hacker doesn’t have to conspire, nor share the payoff, with anyone. CryptoLocker, a Russian, email borne malware, is the most notorious of known ransomware. It is estimated to have extorted more than $30 million.
Why is it increasing?The rise in popularity is due in part to the servicization of ransomware. No longer do hackers need to write their own hacks, they can buy it on the Internet. Hackers who wrote ransomware can sell it to aspiring, and often less skilled, hackers, along with the computers and network to broadcast it—everything a person with just a little computer knowledge needs to run their own malware campaign. It’s that easy and it’s relatively safe too.
Servicization is a troubling turn of events as it greatly increases the spread of ransomware by reducing its complexity. Currently, I am aware of only one such service, but I’m certain I will soon learn of more.
What if I get compromised?
Whenever an organization is compromised by ransomware there are only two right options.
Option 1: Contact a security expert. Sometimes hackers have improperly implemented the encryption process and the targeted data can be restored without paying the ransom. Time is critical. Don’t attempt the use of a home remedy, or restoring your data from a backup tape. Your data is too precious to tinker with it.
Option 2: Pay the ransom. Although it is greatly discouraged by the Law Enforcement community, you may have no option but to acquiesce to their payment demand.
Can Netgain help?
If you are a Netgain client, your data is protected by many layers of defense. Among them is a strong application whitelisting process that prevents unknown software from installing itself or running. If we don’t know about it, it won’t function.
If you are not a client, then we can still help. Call me, and I’ll have a few questions to ask to understand how you were compromised, how many computers were affected, and what we can do to resolve it. Even if you haven’t been compromised, let’s talk, and I can describe ways (too lengthy to write about) on how we can prevent ransomware and other malware attacks.
Final Thoughts
As healthcare providers, it’s a scary thought to have even one computer compromised. Understanding how ransomware works and learning how to prevent compromises are critical to protecting your patient healthcare data.
Like medicine, prevention is worth more than its cure. We can defend against ransomware with a current and comprehensive information security policy. I am completely dedicated to developing and implementing proven, multilayer defenses and have helped many healthcare organizations protect themselves. If you wish to learn more, have a question, or just want to talk cyber defense, please give me a call.
Charles Killmer
Security Officer
Charles.Killmer@NetgainHosting.com
1.877.797.4700 ext. 107