Stop ransomware in its tracksapower
“Oops, your files have been encrypted!” It’s a message nobody ever wants to see, yet it was what greeted workers in the UK’s National Health Service (NHS) in May 2017.
This was the WannaCry (a.k.a. WannaCrypt or WannaCryptor 2.0) malware. It locked systems and encrypted files, meaning doctors’ surgeries closed and hospitals turned away patients needing essential treatments.
The precise attack vector isn’t known – security experts believe an NHS staffer may have clicked on a link or opened a file that released the malware. Others sheet the blame home to the NHS’s antiquated hardware and unsupported software as the culprit. Regardless, the damage was done.
Easy to spread, hard to stop
Unfortunately, it’s easy to distribute malicious code. Ransomware like WannaCry is cheap and easy to procure and very simple to spread. WannaCry can infect connected systems without requiring any user activity. Once infected, the criminals responsible demand a ransom be paid for them to restore the systems. It’s a low-risk strategy; the victim’s incentive to pay is high but the attacker’s investment is low; if payment isn’t forthcoming then the criminals can simply move on to their next victim.
Healthcare: uniquely vulnerable?
Hospitals and other organizations in the healthcare sector are attractive targets, specifically because:
- They often use ageing hardware and software that hasn’t been optimized for security and stability.
- Their systems are often misconfigured and have out-of-date security systems (that are easy to defeat)
- They hold valuable data, including sensitive patient health records and personal information.
- Their workers are not always attuned to the protocols and processes necessary for good data security and privacy protection.
To pay or not to pay?
Cybersecurity experts advise against paying a ransom to hackers, for several reasons. First, and perhaps most important, paying is no guarantee that you’ll regain access to encrypted files.
In the first instance, there is no guarantee you will gain access to your encrypted files. The CyberEdge group recently found only 19% of ransomware victims who pay the ransom get their files back. Ironically, sometimes this is because the criminals simply move on and made no effort to unencrypt files – but sometimes, it’s because they lack the ability to undo the damage they’ve caused.
Protect yourself against infection
Prevention is better than cure. Even if budgets are tight and IT expertise is low, there are effective measures you can take to defend your organization against ransomware attacks. Specifically, ransomware relies on a human error – clicking on that link, opening that file – so making and keeping your staff aware of the risks is the necessary first step. Specifically, you should:
- Train your staff so they can identify phishing attacks and respond appropriately.
- Update your organisation’s software to ensure it’s fully patched and has the most up-do-date security measures available.
- Back up your systems regularly, to both physical and online stores.
- Promote clear email security protocols that train users not to click on suspect links, files or attachments.
- Isolate infected computers from the network (and alert all staff).
- Invest in hardware that’s up to the task of warding off threats.
Ransomware is constantly evolving, so the best way to mitigate the threat is to ensure your networks, data and reputation aren’t compromised in the first place.