Ransomware Mistakes

It’s all over the news that Hollywood Presbyterian Medical Center has been crippled by a ransomware attack.

As you know, ransomware is software that takes control of your computer (usually by encrypting your files) and demands money before your files can be recovered.

In this case, the attackers are demanding $3.6 million dollars.

Some patients were transported to other hospitals due to the incident. Computers essential for various functions, including CT scans, documentation, lab work, and pharmacy needs are offline.   Hospital workers are unable to gain access to important documents, patient data, and emails.  Staff have had to step back in time, firing up fax machines and making more use of pens and paper to keep track of work at the facility.

Unfortunately, these bad things happen.  But it’s the impact that makes the difference.  Two really bad things make this hospital incident so big:

• The user account that succumbed to the ransomware appears to have access to a lot of computers and data, allowing the ransomware to easily spread through all of their systems.
• According to the Atlantic, “While it’s unlikely that the facility will pay millions of dollars to restore its databases and systems, it’s in desperate straits without a backup of its patient files. Unless law enforcement can break the encryption keeping the data hostage, the hospital may be forced to start from scratch.”

How do we limit the damage in an incident such as this?

• Limit access appropriately.  As we learned in security awareness training, don’t do casual Internet browsing or email using an account that has access to your entire infrastructure.  Visualize what might happen if your business were hit, and implement proper access controls to limit the damage.
• Make sure you have current backups and that your work is being backed up in a location where ransomware doesn’t have access (if you store your files on enterprise network shares or home directories and they are backed up to tape, the backups are inaccessible to ransomware and normally can be restored).  And always perform exercises in restoring, so you can be sure your backups are working and you can do it in an emergency.

And, of course, avoid opening anything unexpected or unknown at all times.

Stay safe.