Did you know that in Feb 2016 a hospital in Los Angeles was held hostage by hackers using malware? For over a week, the hospital had their internal computer system held hostage for a ransom of 9,000 bitcoin, or almost $3.7 million.
During the time as malware hostage, the hospital reverted to paper registrations and medical records and were forced to send 911 patients to other hospitals. Emergency rooms were affected and fax lines were jammed because the hospital lost access to email.
In the end, the hospital paid $17,000 in ransom via bitcoin to the hacker who seized control of the hospital's computer systems – with him giving back access only when the money was paid. With the ransom paid, they could only regain full control of their computers with outside help from technology experts. Regaining control was just the start of fixing the problem. As you can imagine, the hospital was forced to fully review every system and attempt to verify patient records had not been compromised.
"Failing to plan is planning to fail," an old cliché often attributed to Benjamin Franklin, it very much applies to today’s business environment. The hospital’s experience proves it.
Many, if not most, businesses do not plan for problems, especially not technical problems like malware. Some businesses simply roll the dice… believing their business will not become the victim of the next cyber-attack.
Small businesses, especially the 1-10 employee segment, tend to think they are too small to be a target and not interesting enough to be attacked. These businesses could not be more wrong. Every business and consumer using the Internet is a potential target for ransomware hackers. Small and medium-size businesses (SMBs) have become particularly easy targets because they fail to plan for the attack and often have the resources to pay “reasonable” ransom demands of up to several thousand dollars. The hackers involved in this sort of extortion know and plan for this very scenario.
One of the biggest threats businesses and consumers face is ransomware. Ransomware is the fastest growing malware threat, targeting users of all types—from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300 percent increase over the approximately 1,000 attacks per day seen in 2015 (https://www.justice.gov/criminal-ccips/file/872771/download). Symantec, a California based cybersecurity firm, has publicly stated that "never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today."
Current technologies are not considered by many to be sufficient to prevent ransomware infections. Intrusion detection and prevention software and antivirus solutions cannot detect all ransomware infections which put companies at risk. Per a new report by the Ponemon Institute, “An average of one or more ransomware infections go undetected per month and are able to bypass their organization’s IPS and/or AV systems.” [The Rise of Ransomware by Poneman Institute, 2017)
Fortunately, there are very effective prevention and response actions that can significantly mitigate the risk posed to an organization. These include:
- Implement employee awareness and training programs.
- Beef up those spam filters.
- Scan all emails coming in and out of your enterprise keeping a watchful eye out for bad executable files.
- Use firewalls.
- Keep up today on patches on software, OS, and firmware.
- Setup regular scans.
- Consider shutting down remote desktop protocol, disabling USB ports, and CD drives.
All the above will help secure business data but the real solution to ransomware is to backup data on a regular basis, verify you are capturing critical data, and test the backup data to ensure it works as expected. It is also recommended businesses perform penetration tests and determine potential businesses vulnerabilities.
If you are reading this and don’t know where to start, that’s OK. At CrossVergence, we help businesses find the right solutions to problems. We help clients identify the right backup and disaster recovery service provider by asking questions about compliance, RTO, RPO, and more. All providers have strengths and weaknesses. Once we understand your specific business environment and expectation we can begin to make informed recommendations and introduce the right service provider(s).
Give us a call or send us an email if you would like guidance or just want to talk about your current situation. We Fix the Problems!™