Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    

Being Held Hostage by Ransomware


 

Last month's WannaCry attack was certainly aptly named. No doubt the more than 300,000 computers in 150 countries rendered useless by the hack made the individuals and organizations impacted quite tearful.

For those who had independent backup systems in place, the hack was inconvenient and a nuisance. For those who didn't have adequate backup, files were most likely locked and lost. WannaCry was the latest ransomware attack where computers were hijacked and a ransom fee demanded.


Mark Burnette

"Ransomware falls into the category of malware - malicious software - but most people would know them more as computer viruses," explained Mark Burnette, CPA, CISSP, CISM, QSA, a shareholder with LBMC Information Security.

"In the beginning, the ransomware attacks were kind of clunky, but they've become more and more sophisticated," noted Sam Felker, CIPP/US, a shareholder with Baker Donelson and a member of the firm's Data Protection, Privacy and Cybersecurity Group. "They've become more innovative in how they carry out their attacks, and they are also targeting markets where they believe they can make money."

Burnette said most ransomware is written to look for a particular weakness in a computer system. In the case of WannaCry, it has been documented that the U.S. National Security Agency (NSA) discovered the vulnerability and then subsequently had their information and tools leaked.


Sam Felker

Deploying such ransomware is typically a gamble as to whether or not the targeted victims will take the bait. "In most cases, it requires the user to install and take action in order for the ransomware to activate, and that often comes in the form of a phishing email," said Burnette. "What made WannaCry different is that it was wormable, which meant it didn't require user interaction to spread," he continued. "This one was able to self-propagate without user interaction. That's why it spread so quickly."

Once deployed, the malware encrypts the hard drive of a computer, rendering it useless unless a victim pays the ransom to receive a decryption key to restore the system to working order. Felker said the ransom is usually requested in the form of bitcoin, a digital currency that is virtually untraceable.

Oftentimes the ransom isn't exorbitant. "Ransoms are usually in the neighborhood of several hundred dollars," said Felker. "Some are more," he continued. "A hospital is Southern California paid $17,000, according to press reports, to get their system back."

The hackers recognize keeping the ransom price within reach for companies and individuals increases the likelihood of people paying. Felker noted, "The FBI recommends you not pay the ransom." While agreeing that's probably prudent for several reasons, not the least of which is that paying ransom rewards the criminals, he said it isn't quite that simple when critical data is locked up. "We tell our clients it's really a business decision for each individual company."

Before making any decision, Felker said, "You really have to get a forensic expert in quickly to determine the extent of the encryption that has taken place. Then, you look at whether you have backups and see if you can simply restore those files or if they are lost to you."

Opting to pay the ransom is also risky. "Paying it doesn't necessarily mean the bad guys will send the decryption key ... the might, but they might not," said Burnette. According to numerous news reports, WannaCry was seen as a double scam because it didn't have an automated decryption key, which meant those paying ransom had to hope the criminals behind the attack would manually free their system. As of press time, most of the ransoms paid had not resulted in computers being restored.

Felker and Burnette agreed the best offense is a good defense ... stopping attacks before they can occur. There are a number of steps that should be taken to prevent ransomware or other malware from bringing business to a halt.

Inventory: "You have to identify and inventory all the sensitive data you have," said Burnette. "You can't protect what you don't know you have." He added a proper inventory requires knowing what data exists, where it's stored, and how it's processed and transmitted.

Backups: Burnette pointed out organizations that had backups before the WannaCry attack could retrieve the clean data and rebuild their systems. Felker concurred, saying it's key to identify critical information in advance and have it backed up. "You have to have some separation there so those backups are protected," he added of keeping those files safely disconnected from the network.

Patching: "The most significant thing companies can do ... and are doing ... is patching," Burnette continued. He noted the patch to protect against the variant targeted by WannaCry was actually released in mid-March by Microsoft ... two months before the attacks occurred. "Those who installed the patch would not have been susceptible to this particular malware," he stated.

Harden the Computer System: "The premise of hardening computer systems is turning off unnecessary services and capabilities," Burnette said. He noted computers typically come with a lot of programs installed that aren't needed yet provide another entry point for those seeking to do harm. "If you harden your systems properly, then the services the bad guys are targeting might not even be on and available to be attacked," he reasoned.

Education: Felker said part of part of a healthy cyber defense is pre-planning by keeping employees educated and alert to new and evolving threats.

Risk Assessment: Under the HIPAA security rule, healthcare organizations should already be conducting risk assessments to identify areas of vulnerability. Once identified, action should be taken to close the loopholes.

Monitoring: Burnette said there are many monitoring tools and services available to watch for changes in the operating environment and alert companies quickly.

Legal Action: "If you can find the culprit, you have legal recourse. But realistically many times it's impossible to find the source, and often they are from foreign countries," Felker said pragmatically.

Insurance: Cyber coverage is something Felker said his team often discusses with clients. "Clients need to make sure their insurance coverage includes cyber attacks including ransomware," he counseled. Some policies exclude such attacks and others simply aren't broad enough.

While a good policy could help offset the costs to rebuild and replace, proactive steps to thwart an attack on the front end ultimately save everyone time, money and frustration.

WEB:
Baker Donelson

LBMC Information Security

 
Share:

Related Articles:


Recent Articles

Emergency Departments Not a Major Source of Opioid Prescriptions, New Study Shows

Opioid prescribing has increased 471 percent from 1996 to 2012, according to a new Annals of Emergency Medicine study, "Emergency Department Contribution to the Prescription Opioid Epidemic."

Read More

Searching for Middle Ground

City and healthcare leaders continue searching for the best way to care for Nashville's most at-risk citizens.

Read More

Matthew Walker: Celebrating 50 Years of Service to the Community

Matthew Walker, Tennessee's first federally qualified health center, is celebrating 50 years of service in 2018.

Read More

The Crossroads of People & Medicine

Metzl brings unique perspective to study of humanities and medicine

Read More

TDH Addresses State's Opioid Epidemic

TDH is working collaboratively to turn the tide on Tennessee's opioid epidemic

Read More

Social Media: A Public Health Threat?

There is an increasing concern among public health professionals over the link between social media use and an increase in anxiety and depression.

Read More

The Impact of Behavior on Health Status in the Southeast

United Health Foundation's annual America's Health Rankings® report explores state rankings on 35 health measures. How did Tennessee fare?

Read More

A Servant's Heart

When the need is great, nurses are often the first to volunteer.

Read More

March of Dimes Honors Outstanding Middle Tennessee Nurses at Annual Gala

Nashville Medical News is honored to serve as media sponsor for the annual March of Dimes Nurse of the Year Awards. We salute the winners and all the nominees for their dedication in caring for our community.

Read More

TNA Names Tina Gerardi Executive Director

The new TNA director embraces move to Nashville, new role as head of state association

Read More

Email Print
 
 

 

 


Tags:
Baker Donelson, Computer Hack, Cyber Attack, Cyber Security, Data Protection, LBMC Information Security, Malware, Mark Burnette, Phishing, Ransomware, Sam Felker, WannaCry
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: