Ransomware is becoming a buzzword that is showing up in the headlines nearly every day. Some even refer to it as the “billion-dollar nightmare for businesses.” Malicious attackers using ransomware don’t tend to discriminate against the type of data they target, however, recent reports show that healthcare data is quickly becoming the most commonly affected data by ransomware attacks. Understanding how ransomware works and affects organizations can help entities to create a more comprehensive approach to organizational data security and to help safeguard against potential ransomware attacks.
What is Ransomware?
A recent ransomware fact sheet published by the HHS defines ransomware as a malicious attack that “exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting the data.” When an organization’s network is infected with ransomware, their data is encrypted and held hostage by the attacker until the ransom is paid. More often than not, ransomware attackers exploit the human element rather than technology. This is why it’s so important to regularly train and prep employees to be able to recognize socially engineered attempts at infiltrating an organization’s network.
Ransomware attacks can come in many forms – let’s talk about a few. There are brute-force attacks in which an application is used to decode encrypted data – such as passwords or Data Encryption Standard (DES) keys – exhausting all possible combinations through trial and error until one works. Phishing attacks are scams that attempt to obtain sensitive information, such as usernames, passwords, or other credentials, by disguising as a trustworthy source through an electronic communication such as an email or a web-based instant messaging application. A drive-by-download attack is an unintentional download of a virus or malware onto a computer, often without knowledge or consent. A drive-by-download usually exploits a browser or operating system that is out of date and with security flaws.
The Risks of Ransomware
Ransomware can affect everyone from grandma’s photos, to police departments, to large hospital networks. Data is more widely available as advancements in technology continue, leaving more opportunity for data theft and breach. Healthcare data is seen to be the most valuable compared to other types of data because healthcare providers are intolerant to disruption. When a healthcare provider is infected with ransomware, they are usually quick to pay the ransom as to avoid denying patients access to their patient information. According to a statistic presented at HIMSS17 in Orlando Florida, by Ron Mehring, VP Technology & Security, Texas Health Resources, and David Houlding, MSc, CISSP, CIPP, Director, Healthcare Privacy & Security, Intel Health & Life Sciences, on average, ransomware costs organizations 1.6 billion dollars per year in the U.S., with the healthcare industry having the highest data breach costs per record.
The risks associated with ransomware are steep. Interference with patient care can be a critical issue for healthcare providers and those working with healthcare providers. Business interruption and restoration costs can be devastating for any type of organization. According to Brian Balow, JD, Member, Dawda Mann PLC, if the ransom is under $100,000, the FBI won’t even get involved. So, determining whether to “pay up” when your data is being held hostage should be assessed on a case-by-case basis, and if you are ever forced to pay once, you should have the right motivation to never have to pay again. The potential impact on operations could be quite disruptive, leaving you unable to provide services to your clients, and possibly damaging your reputation. Lastly, conforming with any relevant data breach laws and regulations can be time consuming and costly.
5 Best Practices for Preventing Ransomware Attacks
So, how can organizations effectively prevent against ransomware? Check out these 5 best practices to get you started.
- Risk Assessment: Step one when it comes to safeguarding your organization against potential threats and breaches, such as ransomware, is to perform a risk assessment. A risk assessment is the foundation of any information security program because it helps organizations to identify and prioritize risks. Once you’ve identified and prioritized your risks, you can begin to implement security controls to address these risks.
- Employee Training: Preparing your employees to recognize malicious links and phishing emails is critical if you are going to stand a chance against a ransomware attack. Performing regular employee security awareness training and phishing assessments can help to prepare your human line of defense. Some things to emphasize when it comes to avoiding phishing emails are to always check the sender and be leery when receiving emails from people you don’t know with links in them.
- ALWAYS Update: Keeping software and operating systems up-to-date with current security patches is necessary for warding off hackers. Hackers tend to exploit known vulnerabilities, so keeping up with updates and patching must be done in a timely manner to prevent hackers from being successful.
- Back-up, Back-up, Back-up: If your organization is performing regular backups, chances are any damages from a ransomware attack will be minimal, considering you have backups of the data that is being held hostage. If attacked by ransomware, your organization would be able to remove the threat by wiping and restoring from your backups.
- Incident Response Plan: Security incident response is IMPORTANT. Your organization’s response to a ransomware attack can’t be made up on the spot. It has to be documented, tested, and implemented. Failure to have an implemented incident response or disaster recovery plan will leave your organization struggling to pick up the pieces following a breach. Assigning specific individuals and establishing a chain of command for security incidents can help to minimize damage done. The NIST Cybersecurity framework outlines risk mitigation in the these 5 steps: Identify, Protect, Detect, Respond, Recover.
More details on developing an incident response plan (IRP) can be found, here.
Ransomware is a serious threat and is wreaking havoc on businesses across the globe. Don’t wait until you’ve become a victim – act now to prepare and safeguard your organization against ransomware. If you want to see how your security posture stands up against potential threats or to speak with KirkpatrickPrice about other ways we can help, contact us today.