Archives     Advertise     Editorial Calendar     Subscribe     Contact Us    


Being Held Hostage by Ransomware


 

Last month's WannaCry attack was certainly aptly named. No doubt the more than 300,000 computers in 150 countries rendered useless by the hack made the individuals and organizations impacted quite tearful.

For those who had independent backup systems in place, the hack was inconvenient and a nuisance. For those who didn't have adequate backup, files were most likely locked and lost. WannaCry was the latest ransomware attack where computers were hijacked and a ransom fee demanded.


Mark Burnette

"Ransomware falls into the category of malware - malicious software - but most people would know them more as computer viruses," explained Mark Burnette, CPA, CISSP, CISM, QSA, a shareholder with LBMC Information Security.

"In the beginning, the ransomware attacks were kind of clunky, but they've become more and more sophisticated," noted Sam Felker, CIPP/US, a shareholder with Baker Donelson and a member of the firm's Data Protection, Privacy and Cybersecurity Group. "They've become more innovative in how they carry out their attacks, and they are also targeting markets where they believe they can make money."

Burnette said most ransomware is written to look for a particular weakness in a computer system. In the case of WannaCry, it has been documented that the U.S. National Security Agency (NSA) discovered the vulnerability and then subsequently had their information and tools leaked.


Sam Felker

Deploying such ransomware is typically a gamble as to whether or not the targeted victims will take the bait. "In most cases, it requires the user to install and take action in order for the ransomware to activate, and that often comes in the form of a phishing email," said Burnette. "What made WannaCry different is that it was wormable, which meant it didn't require user interaction to spread," he continued. "This one was able to self-propagate without user interaction. That's why it spread so quickly."

Once deployed, the malware encrypts the hard drive of a computer, rendering it useless unless a victim pays the ransom to receive a decryption key to restore the system to working order. Felker said the ransom is usually requested in the form of bitcoin, a digital currency that is virtually untraceable.

Oftentimes the ransom isn't exorbitant. "Ransoms are usually in the neighborhood of several hundred dollars," said Felker. "Some are more," he continued. "A hospital is Southern California paid $17,000, according to press reports, to get their system back."

The hackers recognize keeping the ransom price within reach for companies and individuals increases the likelihood of people paying. Felker noted, "The FBI recommends you not pay the ransom." While agreeing that's probably prudent for several reasons, not the least of which is that paying ransom rewards the criminals, he said it isn't quite that simple when critical data is locked up. "We tell our clients it's really a business decision for each individual company."

Before making any decision, Felker said, "You really have to get a forensic expert in quickly to determine the extent of the encryption that has taken place. Then, you look at whether you have backups and see if you can simply restore those files or if they are lost to you."

Opting to pay the ransom is also risky. "Paying it doesn't necessarily mean the bad guys will send the decryption key ... the might, but they might not," said Burnette. According to numerous news reports, WannaCry was seen as a double scam because it didn't have an automated decryption key, which meant those paying ransom had to hope the criminals behind the attack would manually free their system. As of press time, most of the ransoms paid had not resulted in computers being restored.

Felker and Burnette agreed the best offense is a good defense ... stopping attacks before they can occur. There are a number of steps that should be taken to prevent ransomware or other malware from bringing business to a halt.

Inventory: "You have to identify and inventory all the sensitive data you have," said Burnette. "You can't protect what you don't know you have." He added a proper inventory requires knowing what data exists, where it's stored, and how it's processed and transmitted.

Backups: Burnette pointed out organizations that had backups before the WannaCry attack could retrieve the clean data and rebuild their systems. Felker concurred, saying it's key to identify critical information in advance and have it backed up. "You have to have some separation there so those backups are protected," he added of keeping those files safely disconnected from the network.

Patching: "The most significant thing companies can do ... and are doing ... is patching," Burnette continued. He noted the patch to protect against the variant targeted by WannaCry was actually released in mid-March by Microsoft ... two months before the attacks occurred. "Those who installed the patch would not have been susceptible to this particular malware," he stated.

Harden the Computer System: "The premise of hardening computer systems is turning off unnecessary services and capabilities," Burnette said. He noted computers typically come with a lot of programs installed that aren't needed yet provide another entry point for those seeking to do harm. "If you harden your systems properly, then the services the bad guys are targeting might not even be on and available to be attacked," he reasoned.

Education: Felker said part of part of a healthy cyber defense is pre-planning by keeping employees educated and alert to new and evolving threats.

Risk Assessment: Under the HIPAA security rule, healthcare organizations should already be conducting risk assessments to identify areas of vulnerability. Once identified, action should be taken to close the loopholes.

Monitoring: Burnette said there are many monitoring tools and services available to watch for changes in the operating environment and alert companies quickly.

Legal Action: "If you can find the culprit, you have legal recourse. But realistically many times it's impossible to find the source, and often they are from foreign countries," Felker said pragmatically.

Insurance: Cyber coverage is something Felker said his team often discusses with clients. "Clients need to make sure their insurance coverage includes cyber attacks including ransomware," he counseled. Some policies exclude such attacks and others simply aren't broad enough.

While a good policy could help offset the costs to rebuild and replace, proactive steps to thwart an attack on the front end ultimately save everyone time, money and frustration.

WEB:
Baker Donelson

LBMC Information Security

 
Share:

Related Articles:


Recent Articles

Competition Levels Drop in Health Insurance Markets across 25 States

Read More

Lifepoint Health And Rcch Healthcare Partners Announce Completion Of Merger

Read More

Cancer Care on the Cutting Edge

Nashville physician-scientists are helping lead the way in advancing cancer care.

Read More

The Evolution of Senior Living

The senior living industry is undergoing a makeover as baby boomers shift focus from medical-directed care to hospitality-driven services.

Read More

When Basic Science Becomes a Breakthrough

Noted immunologists joined forces at the recent International Cancer Immunotherapy Conference to discuss the importance of fostering and funding basic science.

Read More

Dr. Meredith McKean Brings New Hope, More Options for Melanoma Patients

Oncologist Meredith McKean, MD, MPH, overseeing Sarah Cannon's Melanoma Research Program

Read More

ONcology Rounds

News of note in cancer research, treatment and partnerships.

Read More

Ascension Saint Thomas Opens Cancer Center

Ascension Saint Thomas recently celebrated the grand opening of their comprehensive new cancer center on the Midtown campus.

Read More

NMGMA 10 Minute Takeaway

Medicare Part B representative from Palmetto GBA offered updates and resources to navigate compliance.

Read More

Improving Quality, Lowering Cost of Care for Seniors

Five years into the Medicare Shared Savings Program, more and more ACOs are beginning to demonstrate the ability to improve quality while lowering costs.

Read More

Email Print
 
 

 

 


Tags:
Baker Donelson, Computer Hack, Cyber Attack, Cyber Security, Data Protection, LBMC Information Security, Malware, Mark Burnette, Phishing, Ransomware, Sam Felker, WannaCry
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: