On March 31, the Department of Homeland Security (DHS) issued Alert TA16-091A warning of new ransomware variants—such as Locky and Samas—responsible for infecting computers at several health care facilities in the first quarter of 2016.
Ransomware is a type of malware—malicious software—that is often spread through infected websites or phishing emails. The ransomware works by locking or encrypting a target’s files. Users are then told that unless a ransom is paid they will be unable to regains access to their files.
In the first few months of 2016, ransomware attacks have infected computer systems at Methodist Hospital in Henderson, KY, several Washington, D.C.-area hospitals run by Medstar, and at the Hollywood Presbyterian Medical Center in California. The attack on the Hollywood Presbyterian Medical Center locked physicians out of electronic health records (EHRs) and disrupted email communications for staff. Hollywood Presbyterian paid the hackers $17,000 in bitcoin, believing it was the fastest and quickest ways to restore normal operations.
The DHS discourage organizations from paying ransom, because paying the ransom may lead to similar attacks, may provide the hackers with the victim’s banking information, and the decrypted files could still contain a malware infection. But deciding whether or not to pay a ransom is a difficult decision for an organization faced with disruption of its operations, financial losses, loss of proprietary information, and perhaps most importantly, the potential harm to its reputation.
In its Alert, the DHS provides a list recommendations that, at a minimum, all businesses should take to prepare for a ransomware attack:
- Implement a data backup and recovery plan for all critical information, and regularly test the data backups.
- Use application whitelisting, which allows only specific programs to run, to prevent malicious software.
- Make sure operating system and anti-virus software is up-to-date with the latest updates and patches.
- Restrict the ability of users within your organization to install and run unwanted software.
- Block emails messages with attachments from suspicious sources, do not enable macros from email attachment, and do not follow unsolicited internet links in emails.
Many of the recommendation in the DHS alert may already be a part of your company’s cybersecurity practices.
To find out more about the effect of cybersecurity on your business, contact Fraser Trebilcock at 517.482.5800.