We’ve talked about this before, in fact only a few weeks ago we brought attention to the woes that befall those in the digital community held hostage by ransomware.
To recap…during your busy day a message suddenly appears on your computer screen notifying you that your digital defenses have been breached, your data has now been encrypted and that if you wish to have access to your system you must pay a ransom of “X” in Bitcoins. If payment is made within a certain time period you will be provided with a decrypting ‘key’ that will unlock your data. If the deadline is not made, your data will be lost forever.
The messages vary, and the name of the ‘Trojan’ that brings it to your system – Reveton, CryptoLocker, CryptoLocker.F and TorrentLocker, Cryptowall, or the newest variant known as Locky, may be different, but the results are the same . . . your data is being held hostage and you must decide if you want to pay the ransom.
We hear today that a California hospital, ‘Hollywood Presbyterian Medical Center’ was recently infected with a piece of malware that greatly impacted their operation and, in the interest of patient safety, they had decided to pay the ransom of 40Bitcoins, or about $17,000 (USD) for the decryption key. No one is really sure how many systems are similarly affected, but estimates run into the tens of millions of dollars…if not more…worldwide.
The attack that brings this into a digital system is simple enough, and so is the defense. The attack is almost always via email with an attachment. A user/employee opens the email, opens the attachment, and the Trojan unloads its payload and the drama begins. The defense is just as simple….don’t open that piece of email! If you don’t open it, it can’t infect your system. Unfortunately, the defense isn’t as easy as it sounds simply because humans are involved.
The keys to a good cyber defense are technology (hardware and software), process (rules and regulations) and people (employees). Humans always are the weak link in the defense simply because they are….human…and make mistakes. Social Engineering…the process hackers use to ‘encourage’ people to make mistakes gets them to open security doors, provide information over the telephone…and…open emails they shouldn’t.
So, how to lessen the chances of human error? Cybersecurity awareness training and very tight procedures are the keys. Procedures do their part, but employees should be trained up to the point where a cybersecurity culture exists in the organization, be it large or small. That training instills in the members an awareness to question each and every cyber move they make, and what effect it will have on the system. The success of an organization (in this California case patients’ lives), depends on adherence to cyber discipline. We suspect a certain California hospital, and the employee that opened a certain attachment wishes they had done so.
One of the best ways to safeguard your business against any cyber threats, new or old, is to get educated on the intricacies of cybersecurity. Here at The National Cybersecurity Institute we offer a wide variety of training courses intended to expand individual knowledge on cyber threats within specific industries.
Fox News (2016, February 18). Hospital pays nearly $17G in bitcoins to hackers who disabled computer network. Retrieved from http://www.foxnews.com/tech/2016/02/18/hospital-pays-nearly-17g-in-bitcoins-to-hackers-who-disabled-computer-network.html?intcmp=hpbt2
Fox-Brewster, T. (2016, February 18). As ransomware crisis explodes, Hollywood hospital coughs up $17,000 in bitcoin. Forbes. Retrieved from http://www.forbes.com/sites/thomasbrewster/2016/02/18/ransomware-hollywood-payment-locky-menace/#2573fb5375b0
Mckean, R. (2016, February 17). Hospital pays bitcoin ransom after malware attack. CNN. Retrieved from http://money.cnn.com/2016/02/17/technology/hospital-bitcoin-ransom/index.html
Mogg, T. (2016, February 18). Hollywood hospital pays $17,000 to ransom ware hackers. Digitrends. Retrieved form http://www.digitaltrends.com/computing/hollywood-hospital-ransomware-attack/