Ransomware & Cybercrime

Jeff Merrill, Integrated Technical Solutions, Inc.

JeffThere have been several incidents of cybercrime in the media lately including breaches you may have heard about:  Target, Home Depot, Premera, and Experian. Very recently there was another incident at a Los Angeles-area hospital—the Hollywood Presbyterian Medical Center’s computer system was attacked, hijacked, and held for ransom—initially reported to be $3.5 Million. This was a serious problem; the hospital was unable to use its computers for more than a week.  Ransomware infected and encrypted the hospital’s data, making its files inaccessible, and the decryption key was withheld until ultimately, a $17,000 ransom was negotiated and paid. Staff had to use fax machines and landline telephones to get work done, and medical records were kept on paper. Many patients at the hospital were transferred to other hospitals, and connected medical devices were offline as well. It is likely that a hospital staffer clicked a malicious link, or an email attachment that ultimately spread the malware throughout the network. This type of attack is on the rise and many victims find they have little choice other than just to pay up. A well-known cybersecurity firm recently pegged the amount of ransom paid out last year at over $5 million.

How do you safeguard your business from this type of attack? First of all, accept the fact that this can happen to any business, big or small, in any industry. This is a crime of opportunity. Malware is dropped into email attachments or website links, and the hackers know that sooner or later someone will click on them. They don’t care which business they attack as long as there’s money to pay a ransom.

You have a few options to mitigate this type of attack. First, minimizing the potential for any malware infection starts with staff training. Your staff should be trained on how all email attachments and all embedded links should be approached, that is, any email or links from unknown, unusual, or remotely suspicious sources should not be opened without confirmation from the source first. If there is any doubt, call and ask. If a suspicious email or link can’t be confirmed, delete it and dump the trash.

Also, be certain you are using real-time antivirus and malware scanning software on all computers and servers on your network. Management of these software systems is best done through managed anti-malware services, which facilitate automated remote monitoring and updating of these software systems under the care of IT professionals.

How can you prevent suspicious email from landing in your staff’s inbox in the first place? You should utilize a managed email filtering service so that all of your email is routed through a real-time filtering server, before it makes it to your network and into your inbox. Suspicious messages are held in quarantine on the filtering server, and users receive a list of the quarantined messages, which can be ignored, or messages can be selectively released to your inbox. Unreleased messaged are held for a period of time and then deleted. This is a cloud-based, highly selective email scanning system that does a good job of keeping malware and spam out of your inbox.

Another important component in mitigating potential damage from this type of attack is a rock solid, redundant backup system. We were asked to help a business last year because someone on staff let their guard down for a moment and clicked on an email attachment that appeared to have a legitimate business purpose. Within seconds every file on his computer, as well as all shared documents on the company’s file server were all encrypted and unreadable. The only readable files we found were ransom notes from the hackers. They posed as IT specialists who happened to notice that the business ‘was experiencing a problem’ and they were willing to help solve the problem. They asked for $3,000 to be sent to an offshore bank account in advance for repair services to be rendered,. They guaranteed they could fix the problem immediately.

Our solution probably did not make the hackers happy, but this was likely just one of many potential ransoms they tried to collect that day. We had to format and completely reinstall everything on the infected PC ,and we used the business’s managed backup system to restore their unencrypted data from the day before. The business got out of this relatively unscathed, with only one day of data lost, primarily because they had a good managed backup system. However, there were financial and productivity costs, and the business owners, undoubtedly, would rather have avoided the situation.

Avoiding this situation should be the goal of any business. Your best chance comes from recognizing the possibility of the threat to your business, then taking steps to prevent and/or mitigate the effects including staff training, managed antimalware and managed email filtering services, as well as having a managed back-up system that you know you can depend on.

  • 485 Rainier Boulevard North,
    Suite 202
    Issaquah, Washington 98027

  • 30712 229th Place Southeast Black Diamond, Washington 98010

  • (253) 350_-2553