Ransomware Strikes Local Hospital – What Can We Learn
While their emergency room is still in operation, their other facilities in the 90-bed hospital have been put on hold. This kind of halt to care is an important reminder that ransomware isn’t just about the ransom. It’s about how it affects your organization while you can’t access your data.
What Is Ransomware?
Ransomware is a type of malware that encrypts the target’s data (making it unreadable and inaccessible) and holds it for ransom. It targets all data on the target’s systems, making it impossible for them to ignore until they pay the ransom, or wipe the data.
That’s why any protective measures you employ should help to limit the possibility of ransomware entering your systems, as well as providing redundancies for when it does.
How Does Ransomware Infect A Computer?
There are three primary ways that hackers trick targets into downloading ransomware:
- Phishing: Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.
- Malvertising: Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link. That’s where the ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.
- Remote Desktop Protocol: RDP is a known infiltration point for cybercriminals, especially for unpatched systems.
- 3rd-Party Remote: Many cybercriminals are attacking third-party remote-control tools as they know that once they can gain access to a remote control tool, they will have access to several machines that can be infected.
- Out Of Date Hardware: Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.
How Can You Defend Against Ransomware?
The best way to defend against ransomware is to work with an IT company like K² Technologies – our team can implement a range of cybersecurity protections that will keep your data protected and your practice in operation, no matter what happens:
- Login Protection: By deploying Multi-Factor Authentication and implementing policies that require complex passwords, you can better protect your business accounts and prevent hackers from gaining access to your data.
- Access Controls: Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
- Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
- Specialized Cybersecurity Software: Third Wall is an application designed to test for ransomware and other cybercrime threats. It adds “canary” files to the My Documents location on your local machine. Should any process touch those files, the local machine is immediately locked down, meaning it will no longer be able to communicate with any network resources.
- Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects.
- Software Hardening: Whether it’s Microsoft Office 365, your Remote Desktop Protocol or otherwise, the way they’re configured can make it easier or more difficult for hackers to gain access. By reviewing their settings, an IT company can “harden” these systems to make them more secure.
- Blacklisted Applications: Your IT company should be tracking newly installed applications on your systems and cross-referencing them against those that are known to be unsafe.
- Data Backup: If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis, both on and offsite.
- Inspect your backups manually to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
- Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.
Like this article? Check out the following blogs to learn more: