Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    



Being Held Hostage by Ransomware


 

Last month's WannaCry attack was certainly aptly named. No doubt the more than 300,000 computers in 150 countries rendered useless by the hack made the individuals and organizations impacted quite tearful.

For those who had independent backup systems in place, the hack was inconvenient and a nuisance. For those who didn't have adequate backup, files were most likely locked and lost. WannaCry was the latest ransomware attack where computers were hijacked and a ransom fee demanded.


Mark Burnette

"Ransomware falls into the category of malware - malicious software - but most people would know them more as computer viruses," explained Mark Burnette, CPA, CISSP, CISM, QSA, a shareholder with LBMC Information Security.

"In the beginning, the ransomware attacks were kind of clunky, but they've become more and more sophisticated," noted Sam Felker, CIPP/US, a shareholder with Baker Donelson and a member of the firm's Data Protection, Privacy and Cybersecurity Group. "They've become more innovative in how they carry out their attacks, and they are also targeting markets where they believe they can make money."

Burnette said most ransomware is written to look for a particular weakness in a computer system. In the case of WannaCry, it has been documented that the U.S. National Security Agency (NSA) discovered the vulnerability and then subsequently had their information and tools leaked.


Sam Felker

Deploying such ransomware is typically a gamble as to whether or not the targeted victims will take the bait. "In most cases, it requires the user to install and take action in order for the ransomware to activate, and that often comes in the form of a phishing email," said Burnette. "What made WannaCry different is that it was wormable, which meant it didn't require user interaction to spread," he continued. "This one was able to self-propagate without user interaction. That's why it spread so quickly."

Once deployed, the malware encrypts the hard drive of a computer, rendering it useless unless a victim pays the ransom to receive a decryption key to restore the system to working order. Felker said the ransom is usually requested in the form of bitcoin, a digital currency that is virtually untraceable.

Oftentimes the ransom isn't exorbitant. "Ransoms are usually in the neighborhood of several hundred dollars," said Felker. "Some are more," he continued. "A hospital is Southern California paid $17,000, according to press reports, to get their system back."

The hackers recognize keeping the ransom price within reach for companies and individuals increases the likelihood of people paying. Felker noted, "The FBI recommends you not pay the ransom." While agreeing that's probably prudent for several reasons, not the least of which is that paying ransom rewards the criminals, he said it isn't quite that simple when critical data is locked up. "We tell our clients it's really a business decision for each individual company."

Before making any decision, Felker said, "You really have to get a forensic expert in quickly to determine the extent of the encryption that has taken place. Then, you look at whether you have backups and see if you can simply restore those files or if they are lost to you."

Opting to pay the ransom is also risky. "Paying it doesn't necessarily mean the bad guys will send the decryption key ... the might, but they might not," said Burnette. According to numerous news reports, WannaCry was seen as a double scam because it didn't have an automated decryption key, which meant those paying ransom had to hope the criminals behind the attack would manually free their system. As of press time, most of the ransoms paid had not resulted in computers being restored.

Felker and Burnette agreed the best offense is a good defense ... stopping attacks before they can occur. There are a number of steps that should be taken to prevent ransomware or other malware from bringing business to a halt.

Inventory: "You have to identify and inventory all the sensitive data you have," said Burnette. "You can't protect what you don't know you have." He added a proper inventory requires knowing what data exists, where it's stored, and how it's processed and transmitted.

Backups: Burnette pointed out organizations that had backups before the WannaCry attack could retrieve the clean data and rebuild their systems. Felker concurred, saying it's key to identify critical information in advance and have it backed up. "You have to have some separation there so those backups are protected," he added of keeping those files safely disconnected from the network.

Patching: "The most significant thing companies can do ... and are doing ... is patching," Burnette continued. He noted the patch to protect against the variant targeted by WannaCry was actually released in mid-March by Microsoft ... two months before the attacks occurred. "Those who installed the patch would not have been susceptible to this particular malware," he stated.

Harden the Computer System: "The premise of hardening computer systems is turning off unnecessary services and capabilities," Burnette said. He noted computers typically come with a lot of programs installed that aren't needed yet provide another entry point for those seeking to do harm. "If you harden your systems properly, then the services the bad guys are targeting might not even be on and available to be attacked," he reasoned.

Education: Felker said part of part of a healthy cyber defense is pre-planning by keeping employees educated and alert to new and evolving threats.

Risk Assessment: Under the HIPAA security rule, healthcare organizations should already be conducting risk assessments to identify areas of vulnerability. Once identified, action should be taken to close the loopholes.

Monitoring: Burnette said there are many monitoring tools and services available to watch for changes in the operating environment and alert companies quickly.

Legal Action: "If you can find the culprit, you have legal recourse. But realistically many times it's impossible to find the source, and often they are from foreign countries," Felker said pragmatically.

Insurance: Cyber coverage is something Felker said his team often discusses with clients. "Clients need to make sure their insurance coverage includes cyber attacks including ransomware," he counseled. Some policies exclude such attacks and others simply aren't broad enough.

While a good policy could help offset the costs to rebuild and replace, proactive steps to thwart an attack on the front end ultimately save everyone time, money and frustration.

WEB:
Baker Donelson

LBMC Information Security

 
Share:

Related Articles:


Recent Articles

Breakfast Celebrating the Women to Watch Class of 2017 Huge Success

Nashville Medical News' Women to Watch 2017 Breakfast celebrating 10 incredible women making a difference in healthcare was a sold out event.

Read More

HIT Parade: News from Healthcare's Tech Sector

Read More

Trial Tests Implantable Device to Ease GERD

For more than a dozen years Buz Harrison, a Nashville-based media producer, has been plagued by gastroesophageal reflux disease (GERD).

Read More

VUMC Studying Potential Approach to Reverse Precancerous Stomach Lesions

Vanderbilt University Medical Center (VUMC) cancer researcher James Goldenring, MD, PhD, has received a two-year, $200,000 grant from the DeGregorio Family Foundation in Pleasantville, New York, to begin clinical trials of a potential approach for reversing precancerous stomach lesions.

Read More

Attention Now Turns to the Senate for Healthcare Reform

On May 15, the American Medical Association (AMA) urged Senate leaders to keep in mind patients at risk of losing their insurance coverage. "Significant changes to the ACA or Medicaid program potentially threaten the ability for millions of Americans to obtain and retain coverage. It is these citizens, constituents, and patients who should be at the center of this debate," wrote AMA CEO James L. Madara, MD.

Read More

The New Face of Aesthetic Medicine

Aesthetic medicine procedures have become increasingly popular, but not all procedures ... or practices ... are created equal.

Read More

Pioneering Sexual Health

Meharry professor Dr. Kevin Billups is a pioneer in the field of men's health.

Read More

Moving at Light Speed

No longer the stuff of science fiction, lasers and radio frequency are improving skin care one patient at a time.

Read More

Disappearing Ink

When that really awesome tattoo isn't so awesome anymore, patients now have access to new technology that makes removal much easier.

Read More

Something to Smile About

Receding gum lines can damage more than self-esteem, but a procedure now available in Nashville is offering hope to patients suffering from a common dental concern.

Read More

Email Print
 
 

 

 


Tags:
Baker Donelson, Computer Hack, Cyber Attack, Cyber Security, Data Protection, LBMC Information Security, Malware, Mark Burnette, Phishing, Ransomware, Sam Felker, WannaCry
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: