Ransomware Hits Another Hospital in Kansas, But This Time the Thieves Don’t Give All of the Files Back
We’ve likely all read a story about a hospital being hit by ransomware before. It’s been in and out of the news over these past few months. One incident that comes to mind was regarding a hospital where the crooks demanded 9,000 Bitcoins (more than $3,000,000)! The CEO of that hospital put in an official letter that he actually ended up paying 40 Bitcoins, or $17,000.
Most ransomware we’ve ran across asks for a more affordable dollar amount, typically around 1 Bitcoin, which is about $300-$400, but the determined amount is often created at the instance you visit the hacker’s “ransom page,” rather than hard-coded into the ransomware virus/malware itself. This means that the thieves can change the ransom amount whenever they’d like and for whatever reason they’d like!
According to multiple online sources, a new hospital attack has made the news this week. This time it’s the Kansas Heart Hospital, located in Wichita, Kansas. The unusual twist to this story, is that the hospital evidently paid ransom, but didn’t get all of their files back! Instead, a second request for more ransom followed, but this time, the hospital didn’t pay; assuming that there was, again, no guarantee to get their files back.
You can read more about this story here: http://www.healthcareitnews.com/news/kansas-hospital-hit-ransomware-pays-then-attackers-demand-second-ransom
How Ransomware Spreads?
Ransomware attacks are typically sent out as email attachments in bulk runs of SPAM. From what we’ve seen in the business-world with larger organizations, they’ll typically target a handful of organizations at a time, but try to hit everyone in the organization. A large organization could receive 100’s of malicious emails, all being sent to different personnel, all at the same time.
On the contrary, in most malware-based ransomware attacks, like TeslaCrypt or Locky, the encryption and the ransom demand happen automatically, but still through e-mail. You can still think of it as a “targeted attack,” but the target is anyone and everyone. By purchasing mailing list data from breached websites (or from unethical mailing list operators), the hackers can give even the most broad attack a personal touch that makes each email in the SPAM-attack look legit and difficult to determine it’s legitimacy.
Regardless of the method, all ransomware will do two things.
- Encrypt your critical data, rendering it as unreadable.
- Leave you with a very sweet message saying “Pay up or else.” (Or else try to figure out your own way to get your data back is what they mean.)
What Can You Do to Protect Your Business?
Make sure that your organization has a single, well-known e-mail address () or phone number (231-946-1411) where your staff are encouraged to report suspicious e-mails, hacking attempts, phishing e-mails, etc. One person who puts in a report promptly, could warn the rest of your users and prevent a data breach or virus outbreak.
A few critical defenses in your cyber-security strategy should include:
Performing regular backups is critical. Keep a recent copy off-site or look into a good cloud-based backup, such as the cloud-based backup offered by Syscom Business Technologies through TC Cloud Computing. Backups should always be encrypted, regardless of your industry requirements.
- Limit Login Access
Don’t give users on your network more login power than they need (i.e. no admin rights). If you do have to login as an administrator, avoid browsing the web, opening documents or other “regular work” while you are logged in as an admin.
- Limit File Access
Don’t give users on your network access to more files than they need. We recommend segregating your users into departments and creating drives based on those departments. If someone on your staff does download ransomware, they are only going to be able to infect what their user has access to.
Patch early and patch often. Although a lot of the ransomware and other malware come via document macros, those that don’t rely on security bugs in popular applications, such as Microsoft Office, your web browser (Chrome, FireFox, Internet Explorer, Safari, etc), Adobe Flash, Java and many more. The quicker that you patch, the fewer “open holes” that will be open for the hackers to exploit.
This is just a very small portion of what should be in your defenses to prevent ransomware and other malware, viruses, hacking attempts and other threats. At Syscom Business Technologies, we’ve developed a time-tested, proven method for preventing most cyber-security threats with little maintenance after the system is implemented. We encourage you to contact us at Syscom Business Technologies for a full cyber-security evaluation in order to stay protected agains ransomware and other threats.