Ransomware and what you need to know

As you know the technology landscape is always changing. Sometimes change.Sometimes change or action comes out of necessity.

This is one of those times. Let me explain why.

Ransomware is quickly becoming a popular topic when it comes to healthcare and patient data security.  Covered entities and their business associates should take notice of this latest threat to sensitive information.

What is Ransomeware?

“The Institute for Critical Infrastructure Technology (ICIT) has called 2016 the year of ransomware, and that it will “wreak havoc” on America’s infrastructure.Ransomware is less about technological sophistication and more about exploitation of the human element, ICIT explains in its ransomware report. Simply, it is a digital spin on a centuries old criminal tactic.”

Ransomware is a type of malware that will prevent an organization from accessing certain parts of its system. Typically, an entity and its users will be locked out from computers – both HELP_DECRYPTworkstations and sometimes servers, and unable to get in unless they pay a certain amount of money. Essentially your data is being held hostage. 

The ransomware will either deny access to the data or it will encrypt it. Crypto ransomware will encrypt the data, while locker ransomware prevents users from being able to access the information.

We’ve encountered various versions of one called Cryptolocker and now, most recently, a new variant called “Locky”. A message appears on a computer screen and ransom demands by the “bad guys” are set. For those that have been hit with this you know it involves a ransom of $500 and more. It requires us to buy  bitcoins and transfer them to a purse located usually in a European country where then we receive the unencryption key.

However, once the money has been paid, there is no guarantee that the organization’s system will be unlocked.

For healthcare, this can be especially dangerous as hospitals could be locked out from their own EHR and unable to reach patient information. In the last few weeks a hospital in Hollywood, CA and Henderson, KY has been hit. As only big healthcare providers are typically reported it is well known amongst IT providers that countless small medical practices, includTorWebsiteing dental and orthodontic practices are being hit.  Healthcare organizations likely cannot operate normally and ensure patient safety – and data security – without being able to access their systems.  

The ransomware could be downloaded in various ways. For example, a user may inadvertently download the malware from a website or by falling for a phishing scam. Most commonly though an attachment in spam email contains the ransomware. In our experience it is usually comes in the form of an attached document, or a link or a zip file. In an email that link may be under the guise of a package delivery schedule or a financial information required. Sometimes it’s a $100 coupon to shop at Walmart. Once a person clicks on that link or zip file you’ve allowed the virus to infiltrate the computer and possibly the network.  The photo below is an actual email one of our clients received with a document attached.  Once the end user opened the document and agreed to the security/macro error granting access, it went to work.

What can be done to prevent these attacks?Email Example #2

1. One of the top ways to prevent ransomware attacks is to work on mitigation tactics, such as training employees what to look for in phishing attacks and how to recognize malicious emails. As with basic healthcare data security measures, organizations need to implement a cybersecurity strategy. There is not one solution that will always keep unauthorized users and cybercriminals at bay, but information security awareness and regular training are one important aspect.

What we as a company have found that the filters provided by their email host are very lax. The virus is passing right through they’re filters.

2. ShelterBlue provides encrypted email and with it comes webmail that has very stringent filtering of emails. To date not one client using ShelterBlue encrypted email has received a ransomware virus.  The below photo shows a true snapshot of what our email spam/virus filter has caught in just the last 7 days.

Blocked by SpamTitan

As with any data security plan, backup systems are essential. This will potentially ensure that critical information remains accessible in some way, and that the healthcare organization can continue to run. With the additional local backup device we are recommending we can restore the data from the previous days. This “may” prevent having to pay the ransom for your data or files.

3. If you don’t have a local back up now is the time to purchase one . We resell an external, local backup that will securely backup your data on site. Rendundancy of your data may provide valuable options to restore data as opposed to paying the ransom. We cannot stress enough the importance of this for your business. For your convenience and practice data protection we have bundled the external backup box with the necessary hard drives. It can easily be attached to the server via a USB cable and configured by a ShelterBlue support representative

As a company ShelterBlue years ago made a decision to invest in and provide one of the worlds leading malware protections. All our clients are provided that. We take your network and data security very seriously by ensuring firewalls, intrusion detection and intrusion prevention systems, anti-virus, anti-malware, and anti-ransomware applications  are update and working. While they are all beneficial they cannot always stop an inadvertent click on a virus link in an email.

For further reading on Ransomeware, see these links:

http://www.bleepingcomputer.com/news/security/hospitals-becoming-prime-targets-for-ransomware/

http://www.wired.com/2016/03/ransomware-why-hospitals-are-the-perfect-targets/