Ransomware is a type of computer virus that makes a system inoperable while the perpetrators offer to remove the virus for a fee. The FBI cyber division has issued warnings stating that the occurrence of this type of intrusion increased significantly in 2015 and is continuing to increase at an alarming rate in 2016 Source. Ransomware can target both businesses and individual computers, but the trend is for larger businesses to get targeted as they are deemed as more profitable victims by the attackers.
The following are just a few examples of ransomware attacks.
In February 2016 Hollywood Presbyterian Medical Center reported that its Computer system in the Los Angeles area hospitals was made in operable by a computer virus. The hospital had to rely on phone calls and faxes to relay patient information while going back to a manual documentation system. The attackers had reported asked for 3.6 million dollars to decrypt the system. Ultimately the hospital paid the attackers $17,000 to unlock their network.
The University of Calgary had its computer systems affected for 10 days by malware and eventually paid the attackers $16,000 to decrypt the virus Source.
Henderson, Ky.-based Methodist Hospital declared a state of emergency due to its internal network becoming infected with a computer virus that prevented access to its data base. The type of virus encrypts data files and then destroys the original. The hospital reported that the attackers were asking for $1600.00 to give them the decryption key source.
According to an article in Tech Insider: “A 2015 survey by KPMG found 81% of healthcare organizations admitting their systems were compromised in the previous two years. Then there was a report just this February that found severe vulnerabilities in medical devices and other areas that could quite literally result in the death of a patient.” Source.
Health Care organizations are not the only institutions where ransomware is on the increase. Manufacturers, government agencies, education institutions and insurance companies are also reporting incidences.
How does a system get a ransomware virus?
The most common way is when someone on the network, gets a fake email that attempts to lure the reader to open an attached file or click on a link. Often it is an email sent to accounts payable that has pdf attached with the messages requesting the recipient to review a past due. The pdf is the carrier of the virus. The email could also contain a link that looks legitimate, but takes the user to a website that tries to download a virus to the user’s computer.
Attackers will often hack into websites and inject a code that will have a warning message pop up that states their computer has been hacked and to please call a number. When calling the number, the supposed IT person will get you to download “sharing” software that gives them access to your computer. Then they inject the malware.
Attackers will also call businesses claiming that they are from Microsoft and that your computer is about to crash. They try to get the user to give them access to the computer, so they can “fix it”, but then inject a ransomware virus and the negotiations begin.
What can you do to prevent ransomware attacks?
The following are tips given on the FBI.gov website source.
Tips for Dealing with the Ransomware Threat
While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.
– Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
– Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
– Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
– Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
– Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
– Disable macro scripts from office files transmitted over e-mail.
– Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts
– Back up data regularly and verify the integrity of those backups regularly.
– Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.
If you think you or your organization have been the victim of ransomware, contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.