The United States and Canadian governments have joined forces and issued a joint PSA about ransomware infections and what can be done to stop them.

The United States Department of Homeland Security and the Canadian Cyber Incident Response Center recently published an alert titled, “Ransomware and Recent Variants,” which delves into ransomware's main characteristics, its prevalence, variants that may be proliferating, and how users can help prevent & mitigate against these malicious attacks.

2016 has proven to be a tough pill to swallow for the healthcare industry, with destructive ransomware variants like Locky infecting and crippling computer systems left and right.  In February, the Hollywood Presbyterian Hospital fell victim to a ransomware attack and were demanded to pay a ransom fee of $17,000 to gain access to their systems again. Shortly after that, the Kentucky Methodist Hospital had to shut down all of its computers and activate a backup system.

The reason for ransomware's undeniable success rate could be due in part to its terrifying nature or life or death circumstances it has on the healthcare industry and its patients. Healthcare IT systems are notoriously known to be overly complex and are the most vitally important element of any organization- if the IT systems go down, people’s lives become at risk. It’s exactly for this reason that many criminals believe hospitals will be quick to give in and pay the ransom fee with no hesitation.

According to VASCO Data Security, “The recent increase in ransomware attacks is being driven by a proliferation in ransomware toolkits. Anyone can buy the tools to conduct ransomware attacks for as little as $100 on the dark web. It’s a numbers game- more attackers equals more victims.”

The lasting impacts of falling victim to a Ransomware attack are not limited to only home users, but also businesses. Some of the negative consequences of a ransomware attack include temporary or even permanent loss of sensitive data, disruption of regular operations, financial losses and harm to an organization's reputation. That being said, paying a ransom fee does not guarantee the encrypted files will be released. But, this does guarantee money in a criminal’s pocket, and in some cases, the victim's banking information. Furthermore, decrypting files does not necessarily mean that the malware infection itself has been completely removed, leaving the victim still vulnerable to attack.

With this increased proliferation in ransomware variants, businesses and individuals alike need to wake up and prepare to fight against ransomware attacks. US-CERT recommends the following preventative measures to protect your systems from a ransomware attack:

  • Employ a backup and recovery plan
  • Use application whitelisting to prevent unapproved software from running
  • Maintain up to date patching and updates on operating system
  • Maintain up to date anti-virus software
  • Restrict users permissions to install and run unwanted software applications- apply to principle of Least Privilege
  • Avoid enabling macros from email attachments
  • Do not follow unsolicited web links in emails

Finally, the PSA advises individuals and organizations to avoid paying the ransom fee as it doesn’t guarantee you’ll gain access to your files again. Instead, they encourage individuals and organizations to report these ransomware attacks to the FBI’s Internet Crime Compliant Center.  

As healthcare providers increasingly become the ideal candidate for cyber criminals, it’s important to abide by HIPAA compliance but to also implement other additional IT security solutions that will detect and block ransomware before it can do damage to the organization and its patients. By introducing solutions like NNT’s Change Tracker Gen7, organizations will be equipped with File Integrity Monitoring, which would notify you of any malicious malware in your IT estate.

Mark Kedgley, CTO, New Net Technology comments, “if an organization wants to maintain security and minimize the financial fallout of these attacks, the emphasis has to change. Accept it- the chances of stopping all breaches are unlikely at best with a prevention-only approach. Instead, with non-stop, continuous visibility of what is going on in the IT estate, an organization can at least spot the unusual changes that may represent a breach in real time and take action before it’s too late."

 

Read this article on InfoSecurity Magazine

 

 

 

 

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.