As continuous research is done to create better defense against malicious computer attacks, cybercriminals have also come up with more ways to quickly get cash in their pockets.
A new breed of computer virus has started infecting computers and mobile devices. These viruses are unlike previous malware as they lock down the computer, including the precious files in it, and it only unlocks the computer when the user has paid a demanded amount. Cryptolocker, Cryptowall, and TeslaCrypt are the new computer viruses that belong to a family of infections known as ransomware.
Cryptolocker is the earliest version of ransomware that started infecting computers in 2013. It easily infects computers through phishing links usually found in email attachments and through computer downloads.
Once a computer has been infected with ransomware, all the computer files are held as hostage of the cybercriminals. In some cases, ads of pornographic websites appear on the screen each time a user clicks. These cybercriminals demand payment to unlock the files and restore the computer to its previous state.
As an added pressure, these criminals threaten to delete all files if certain demands are not met within a specified period (usually within 24 hours). The desperate user usually doesn’t have any choice but to pay the fee.
Ransomware threats in hospitals
Threats from ransomware have increasingly targeted computers at hospitals. In a Reuters report, it stated that a study from Health Information Trust Alliance on 30 mid-sized U.S. hospitals revealed that over half of these establishments (52%) were infected with the malicious software.
Just last month, Methodist Hospital, an averaged-size facility in western Kentucky, was operating “in an internal state of emergency” after ransomware attacked its networks, holding its computer files hostage until they paid the ransom. The attack led to a limited use of the hospital on its web-based services.
There has been such a growing incidence of ransomware attacks on hospital computers in North America that it has led the United States and Canada to issue a joint cyber alert against these extortion attacks. The governments discourage victims of the attack to pay the criminals as there’s no assurance that files will be retrieved.
How companies can prevent ransomware attacks
Ransomware attacks are serious threats in healthcare. When computers in hospitals stop functioning, there will be delay in information access and flow that may compromise the safety of patients. When there is a ransomware attack, caregivers will have no access to patient data, which can be crucial for those who are unconscious. It can also result to delayed or undelivered lab requests and prescriptions. And, since there are medical devices that rely on computers, they can left inoperable throughout the period the computer is held hostage.
With more medical facilities relying heavily on technology for its operation, it’s crucial to keep the computers malware-free. Following are some tips on how you can prevent ransomware attacks:
Back up your data
One of the best things companies can do to protect themselves is to regularly perform backups. Regularly backing up files can give you peace of mind even if a malicious attack happens. Since ransomware can also encrypt files on mapped drives, it’s important to have a backup regimen on an external drive or backup service that is not assigned a drive letter. The one key element that is missing during the backup process is testing the backup to make sure that it is working. Do not miss the testing step.
Make file extensions visible
In many cases, ransomware arrives as a file with a .PDF.EXE extension. By adjusting the settings to make these file extensions visible, you can easily spot these suspicious files. It also helps to filter email files with .EXE extension. Instead of exchanging executable files, you may opt for zip files instead.
Take advantage of a ransomware prevention kit
The rise of ransomware and its threats have paved way for cybersecurity companies to come up with ransomware prevention kits. These kits protect the computer by disabling files that are run from the App Data, Local App Data folders, and executable files run from Temp directory.
Disable the RDP
The RDP or Remote Desktop Protocol is a Windows utility that enables others to access your desktop remotely. If there is no practical use of RDP in your daily operations, then it’s best to disable it as it’s often used by ransomware to access targeted machines.
Update your software regularly
Running outdated software makes your computer more vulnerable to attacks.
Install a reliable anti-malware software and firewall
This is applicable to malware in general. Having both the anti-malware software and firewall creates a double-wall protection against these malicious attacks. If some gets past the software, the firewall serves as a second level of protection.
When a ransomware attack is suspected, disconnect immediately from the network
While this isn’t a foolproof solution, disconnecting immediately from the network or unplugging from the WiFi as soon as a ransomware file is suspected can reduce the damage caused by the malware. It may take some time to recover files, but doing this can potentially reduce the damage.
Ransomware poses a serious threat not just to the security of hospital files, but also to the patient’s safety. Healthcare facilities – especially – must not take this malware issue lightly.
Latest posts by David Chou (see all)
- Medical device security: More questions than answers for healthcare CIOs - July 12, 2017
- Reinventing physician credentialing with blockchain - June 20, 2017
- Human risk in cybersecurity: The enemy within - May 30, 2017