Ransomware has exploded in popularity during the past two years, with the number of identified families growing 400 percent since 2015. It affects individuals, nonprofits and enterprises alike, but it’s is particularly fond of the healthcare industry because of the value of patient data and the criticality of hospitals. To help the healthcare IT industry (and others) learn more about ransomware, I’ve compiled a list of the most informational articles on the web to date.
Health and Human Services Department fact sheet on ransomware: This brief guidance issued by the HHS in July 2016 specifically addresses ransomware and HIPAA, the standard all healthcare entities and their business associates must adhere to. It addresses HIPAA guidelines as they pertain to preventing and handling a ransomware attack, as well whether an attack constitutes a reportable data breach. There has been some confusion over what that part of the HHS guidance really means, so Palo Alto Networks has published a helpful guide to the HHS bulletin.
Ransomware and Businesses 2016 special report: This white paper from Symantec is long (30 pages) but chock full of valuable information about ransomware and worth the read. It discusses all things ransomware and enterprise, including how ransomware can be used not just to encrypt files but as a distraction for outright data theft. It also breaks down the impact of ransomware and uses the case of Presbyterian Hospital in California as a specific example. Finally, it offers tools and tips for the enterprise to protect itself.
Microsoft’s Malware Protection Center, which offers a variety of resources on ransomware, what it is, and examples of ransomware in action. No matter if you’re a hospital struggling to regain control of your network or an individual victim who’s had priceless photos and videos encrypted, the website is very easy to understand, and it’s easy to jump around and read different articles. Note: Microsoft does not offer a way to decrypt your files if you have been attacked by ransomware; it only offers ransomware prevention tips. If you’re looking to decrypt your files, TrendMicro and Kaspersky Labs both offer decryptor tools that work on a variety of ransomware strains (but not all.)
Even though ransomware is most prevalent on Windows machines, if you’re a Linux or OSX user, you’re not free from risk. Killdisk is a ransomware variant that affects Linux users (and despite what the article says, the FBI does not recommend paying the ransom). There aren’t many ransomware strains targeting OSX users, but they are there, and it’s very likely that more will crop up. Make sure your machines are patched and up to date.
Carbon Black’s webinar “Decoding Ransomware: How to Reduce Your Risk of Attack”: This webinar from January 2016 starts off with Rick McElroy of Carbon Black giving a high-level overview of ransomware, offering statistics into how widespread it is and how it works. About 15 minutes in, Ryan Nolette, also with Carbon Black, delivers an excellent deep dive into the anatomy of a ransomware attack, from a very technical and systematic overview. If you’re a sys admin, enjoy coding or are interested in network security even in the slightest, this is for you.
How to run a phishing simulation: One of the biggest steps you can take to prevent or mitigate a ransomware attack is employee security. More than 90 percent of all ransomware attacks are spread through phishing emails, where users inadvertently download ransomware onto their machines. GlobalSign, a Belgian-based Certificate Authority (CA), offers different scenarios you can try to lure your employees into clicking on a link, so you can measure your employees’ cybersecurity strengths and weaknesses. Bromium, an antivirus software provider, also gives advice on how to get started and offers other resources that are readily available, including a “Phishing 101” article from Brian Krebs and phishing kits.
I hope these resources help you arm yourself in preventing ransomware from affecting you. It takes the power of information and a strong will to fight cybercriminals. They’re relying on you and your employees to be tricked into clicking malicious links or believing you won’t be a victim. Insider threats, accidental or malicious, pose a huge security risk to any organization and must be managed accordingly.
It’s a continually evolving world where criminals adapt faster than security experts can keep up. Make sure you’re doing everything you can to protect your network and be ready for the inevitable attacks upon it.