Ransomware

There have been several incidents of cybercrime in the media lately, including breaches at Target, Home Depot, Premera, and Experian. Very recently, there was another incident at a Los Angeles area hospital; the Hollywood Presbyterian Medical Center’s computer system was attacked, hijacked, and held for ransom, initially reported to be $3.5 Million. This was a serious problem; the hospital was unable to use its computers for more than a week.  Ransomware infected and encrypted the hospital’s data, making files inaccessible, and the decryption key was withheld until  a $17,000 ransom was negotiated and paid. In the meantime, staff had to use fax machines and landline telephones to get work done, and medical records were kept on paper. Many patients were transferred to other hospitals, and connected medical devices were offline. It is likely that a  staffer clicked a malicious link or an email attachment that ultimately spread the malware through the hospital network. This type of attack is on the rise and many victims find they have little choice other than  to pay up. A well-known cybersecurity firm recently pegged the amount of ransom paid out last year at over $5 million.

How do you safeguard your business from this type of attack? First of all, accept the fact that this can happen to any business, big or small, in any industry. This is a crime of opportunity in which malware is dropped into email attachments or website links. The hackers know that sooner or later someone will click on them. They don’t care which business they attack as long as there’s money to pay a ransom.

You have a few options to mitigate this type of attack. First, minimizing the potential for any malware infection starts with staff training. Your staff should be trained on how to approach all email attachments and embedded links. Email or links from unknown, unusual, or remotely suspicious sources should not be opened without first confirming  the source. If there is any doubt, call and ask. If a suspicious email or link can’t be confirmed, delete it and empty the trash.

Also, be certain you are using real-time antivirus and malware-scanning software on all computers and servers on your network. Managed antimalware services, which facilitate automated remote monitoring and updating of these software systems under the care of IT professionals, provide the best management solution.

How can you prevent suspicious email from landing in your staff’s inboxes in the first place? You should utilize a managed service that routes all of your email through a real-time filtering server before it makes it to your network. Users receive a list of suspicious messages that have been held in quarantine on the filtering server. They then can elect to ignore those messages or selectively release them to their inbox. Unreleased messages are held for a period of time and then deleted. This is a cloud-based, highly selective email scanning system that does a good job of keeping malware and spam out of your inboxes.

Another important component in mitigating potential damage from this type of attack is a rock solid, redundant backup system. We were asked to help a business last year after someone on staff let their guard down for a moment and clicked on an email attachment that appeared to have a legitimate business purpose. Within seconds, every file on his computer, as well as all shared documents on the company’s file server, was  encrypted and unreadable. The only readable files we found were ransom notes from the hackers. They posed as IT specialists who just happened to notice that the business “was experiencing a problem” that they could help solve. They asked for $3,000 in advance for repair services to be rendered. The money was to be sent to an offshore bank account. They guaranteed they could fix the problem immediately.

Our solution probably did not make the hackers happy, though this was likely just one of many potential ransoms they tried to collect that day. With the aid of the business’s managed backup system, we were able to format and completely reinstall everything on the infected PC,  restoring the unencrypted data from the day before. The business got out of this precarious situation relatively unscathed, with only one day of lost data, primarily because it had a good managed backup system. However, there were financial and productivity costs that the business owners undoubtedly would rather have avoided.

Avoiding this situation should be the goal of all businesses. For maximum protection, you must recognize the possibility of the threat to your business and implement steps to prevent and/or mitigate the effects, including staff training; managed antimalware and managed email filtering services; and a managed backup system that you know you can depend on.

IT Securityf

Jeff Merrill
Integrated Technical Solutions, Inc.

  • 485 Rainier Boulevard North,
    Suite 202
    Issaquah, Washington 98027

  • 30712 229th Place Southeast Black Diamond, Washington 98010

  • (253) 350_-2553