Ransomware is a particularly malicious form of malware that gains access to a user’s system and then proceeds to prevent them from accessing their own data. In some cases, the files on the system are encrypted so as to be irretrievable without the key and, in others, access is simply denied to the device’s owner. In both situations the hacker will demand a ransom is paid to un-encrypt the files or have access given back to the user. You could say it is traditional blackmail revolutionised for a digital age.
Ransomware is generally distributed via email, with the recipient inadvertently clicking on a malicious website link, or opening a harmful attachment.
For individuals, losing access to your data can range from annoying to severely damaging. But for businesses it can be catastrophic. Take the case of the Hollywood hospital in Los Angeles, which, it is claimed by both the LAPD and the official FBI, could cost the hospital millions.
The attack itself shut down the hospital’s computing system leading to what they described as an ‘internal emergency’. Patients were diverted to other hospitals and doctors were unable to document patient care, transmit lab work and x-rays, or even access stored medical records.
Not only could the impact of having your data withheld be monumental, the huge costs in paying the extorter could be too. Even if you do agree to give in and pay up, there is no guarantee that your information will be released.
Given that many systems are now on the backbone network of a building, this ‘interlinking’ demonstrates that some systems, which might not have been designed with security in mind, are becoming the targets of an attack. Systems such as HAVC, lift management or door entry systems could all be vulnerable to malicious code being accepted and, once in the system, could spread around the network looking for a suitable host to deploy on. The threat is real because the source i.e. HVAC, is inside the network with the traditional virus or malware detection processes bypassed. This makes quarantine even harder, as you are faced with a multi surface attack on the network and hosts. It is why the ‘insider threat’ (human or machine) is growing so rapidly as a source of cyber attack.
So what should you do? I would never encourage anyone to pay the requested ransom. Instead, inform the Police immediately. But the best prevention is to ensure that you are fully prepared for such an incident beforehand.
Always be careful about what you open and where you click when on the Web. If it doesn’t look trustworthy, it isn’t.
Consider creating a ‘honeypot’ - a server or network that is used solely for attracting, and then trapping, would-be hackers or rogue code, keeping them well away from your important systems. Keep servers patched to the latest level, have good log management systems and respond quickly to incidents.
Malware protection is useful. All PCs and file servers must have an application that stands as a barrier against an attack. Once installed, keep it regularly updated and always be on the lookout for an upgrade should more advanced protection be available.
As a business, one of the very best things you can do is to educate your work force ensuring that they are aware of the risks and what measures must be taken to avoid them.
And, integrate a data backup regime. Regular backups are insurance against data becoming encrypted and unreadable. These backups should be tested to ensure that data is clear of viruses, and always make sure that your system is completely ‘clean’ again if you are reintroducing the files after an attack.
Also extend your back up retention policy. It is not good enough to hold only a couple of months’ worth of backed up data, you should keep at least 6-8 months. If there is ransomware somewhere in your data, you may have to go back a long way to get a ‘clean’ version as, frequently, ransomware will not activate until a specific time or period from the date on entry. Hence, going back a week is just not safe enough.
‘Prevention is better than the cure’ goes the old adage and, in the case of ransomware, it is very true. Prevention is far more effective than damage limitation!
If you liked this, you may wish to view the following:
Is your building a hack risk, by Colin Tankard, MD, Digital Pathways
The Interconnected World: be security savvy by Colin Tankard, MD, Digital Pathways