Archives     Advertise     Editorial Calendar      Advertiser Index     Subscribe     Contact Us    


Being Held Hostage by Ransomware


 

Last month's WannaCry attack was certainly aptly named. No doubt the more than 300,000 computers in 150 countries rendered useless by the hack made the individuals and organizations impacted quite tearful.

For those who had independent backup systems in place, the hack was inconvenient and a nuisance. For those who didn't have adequate backup, files were most likely locked and lost. WannaCry was the latest ransomware attack where computers were hijacked and a ransom fee demanded.


Mark Burnette

"Ransomware falls into the category of malware - malicious software - but most people would know them more as computer viruses," explained Mark Burnette, CPA, CISSP, CISM, QSA, a shareholder with LBMC Information Security.

"In the beginning, the ransomware attacks were kind of clunky, but they've become more and more sophisticated," noted Sam Felker, CIPP/US, a shareholder with Baker Donelson and a member of the firm's Data Protection, Privacy and Cybersecurity Group. "They've become more innovative in how they carry out their attacks, and they are also targeting markets where they believe they can make money."

Burnette said most ransomware is written to look for a particular weakness in a computer system. In the case of WannaCry, it has been documented that the U.S. National Security Agency (NSA) discovered the vulnerability and then subsequently had their information and tools leaked.


Sam Felker

Deploying such ransomware is typically a gamble as to whether or not the targeted victims will take the bait. "In most cases, it requires the user to install and take action in order for the ransomware to activate, and that often comes in the form of a phishing email," said Burnette. "What made WannaCry different is that it was wormable, which meant it didn't require user interaction to spread," he continued. "This one was able to self-propagate without user interaction. That's why it spread so quickly."

Once deployed, the malware encrypts the hard drive of a computer, rendering it useless unless a victim pays the ransom to receive a decryption key to restore the system to working order. Felker said the ransom is usually requested in the form of bitcoin, a digital currency that is virtually untraceable.

Oftentimes the ransom isn't exorbitant. "Ransoms are usually in the neighborhood of several hundred dollars," said Felker. "Some are more," he continued. "A hospital is Southern California paid $17,000, according to press reports, to get their system back."

The hackers recognize keeping the ransom price within reach for companies and individuals increases the likelihood of people paying. Felker noted, "The FBI recommends you not pay the ransom." While agreeing that's probably prudent for several reasons, not the least of which is that paying ransom rewards the criminals, he said it isn't quite that simple when critical data is locked up. "We tell our clients it's really a business decision for each individual company."

Before making any decision, Felker said, "You really have to get a forensic expert in quickly to determine the extent of the encryption that has taken place. Then, you look at whether you have backups and see if you can simply restore those files or if they are lost to you."

Opting to pay the ransom is also risky. "Paying it doesn't necessarily mean the bad guys will send the decryption key ... the might, but they might not," said Burnette. According to numerous news reports, WannaCry was seen as a double scam because it didn't have an automated decryption key, which meant those paying ransom had to hope the criminals behind the attack would manually free their system. As of press time, most of the ransoms paid had not resulted in computers being restored.

Felker and Burnette agreed the best offense is a good defense ... stopping attacks before they can occur. There are a number of steps that should be taken to prevent ransomware or other malware from bringing business to a halt.

Inventory: "You have to identify and inventory all the sensitive data you have," said Burnette. "You can't protect what you don't know you have." He added a proper inventory requires knowing what data exists, where it's stored, and how it's processed and transmitted.

Backups: Burnette pointed out organizations that had backups before the WannaCry attack could retrieve the clean data and rebuild their systems. Felker concurred, saying it's key to identify critical information in advance and have it backed up. "You have to have some separation there so those backups are protected," he added of keeping those files safely disconnected from the network.

Patching: "The most significant thing companies can do ... and are doing ... is patching," Burnette continued. He noted the patch to protect against the variant targeted by WannaCry was actually released in mid-March by Microsoft ... two months before the attacks occurred. "Those who installed the patch would not have been susceptible to this particular malware," he stated.

Harden the Computer System: "The premise of hardening computer systems is turning off unnecessary services and capabilities," Burnette said. He noted computers typically come with a lot of programs installed that aren't needed yet provide another entry point for those seeking to do harm. "If you harden your systems properly, then the services the bad guys are targeting might not even be on and available to be attacked," he reasoned.

Education: Felker said part of part of a healthy cyber defense is pre-planning by keeping employees educated and alert to new and evolving threats.

Risk Assessment: Under the HIPAA security rule, healthcare organizations should already be conducting risk assessments to identify areas of vulnerability. Once identified, action should be taken to close the loopholes.

Monitoring: Burnette said there are many monitoring tools and services available to watch for changes in the operating environment and alert companies quickly.

Legal Action: "If you can find the culprit, you have legal recourse. But realistically many times it's impossible to find the source, and often they are from foreign countries," Felker said pragmatically.

Insurance: Cyber coverage is something Felker said his team often discusses with clients. "Clients need to make sure their insurance coverage includes cyber attacks including ransomware," he counseled. Some policies exclude such attacks and others simply aren't broad enough.

While a good policy could help offset the costs to rebuild and replace, proactive steps to thwart an attack on the front end ultimately save everyone time, money and frustration.

WEB:
Baker Donelson

LBMC Information Security

 
Share:

Related Articles:


Recent Articles

Blackburn, Duckworth Lead Bipartisan Legislation to Improve Lives of People with Limb Loss

U.S. Senator Marsha Blackburn (R-Tenn.) introduced bicameral, bipartisan legislation along with Senator Tammy Duckworth (D-Ill.) to improve health outcomes for individuals living with limb loss or limb differences.

Read More

Method Proposed to Correct Misinterpretations of Long-Term Survival Rates for Immunotherapies

Immune checkpoint inhibitors have transformed cancer care to the point where the popular Cox proportional-hazards model provides misleading estimates of the treatment effect, according to a new study published April 15 in JAMA Oncology.

Read More

Blackburn, Durbin Introduce Legislation to Improve Rural Health Care

U.S. Senator Marsha Blackburn (R-Tenn.) along with Senators Dick Durbin (D-Ill.), Lisa Murkowski (R-Ala.), and Tina Smith (D-Minn.) introduced the bipartisan Rural America Health Corps Act. Representatives Cheri Bustos (D-Ill.) and David Kustoff (R-Tenn.) introduced companion legislation in the House of Representatives.

Read More

AHA Statement On Senate Passage Of Medicare Sequester Relief Legislation

Read More

Crucial Behavioral Health Bill Introduced

Reps. Dan Kildee (D-Mich.) and Brad Wenstrup (R-Ohio) introduced their bipartisan bill, the Rural Behavioral Health Access Act.

Read More

New Analysis Shows Continued Negative Impact Of COVID-19 On Hospital & Health System Financial Health In 2021

A new analysis prepared by Kaufman, Hall & Associates, LLC and released by the American Hospital Association (AHA) highlights the ongoing consequences of the COVID-19 pandemic on the financial stability of hospitals and health systems, threatening their ability to continue to provide essential services to their patients and communities.

Read More

NAACOS Asks HHS Secretary Xavier Becerra to Grow Medicare ACO Programs

Letter Recommends National Goal to Have a Majority of Traditional Medicare Beneficiaries in an ACO by 2025

Read More

Luck of the Irish

Read More

Artificial Intelligence Calculates Suicide Attempt Risk

A machine learning algorithm that predicts suicide attempt recently underwent a prospective trial at the institution where it was developed, Vanderbilt University Medical Center.

Read More

Pre-term Births in Tennessee Decreased During Pandemic

Statewide stay-at-home orders put in place as Tennessee fought to control the spread of coronavirus last March were associated with a 14% lower rate of preterm birth, according to a research letter published today in JAMA Pediatrics.

Read More

Email Print
 
 

 

 


Tags:
Baker Donelson, Computer Hack, Cyber Attack, Cyber Security, Data Protection, LBMC Information Security, Malware, Mark Burnette, Phishing, Ransomware, Sam Felker, WannaCry
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: