Ransomware is a type of malware that quickly encrypts the files of the host computer system, rendering them unusable, and then displays a message demanding a ransom within a short period of time. If the ransom is paid, the victim may receive a decryption key to unscramble the files. This threat could ultimately shut down a healthcare organization’s systems for days while they work to eradicate the malware and try to recover information.
Recently the Hollywood Presbyterian Medical Center was victim of ransomware attack that crippled their hospital system for 10 days. In addition to its impact on patient care delivery, the hospital administration acquiesced to the hackers’ demands and paid $17,000 in bitcoin to have their records released.
Ransomware or other Trojan horses aren’t a new concept. Ransomware has been used for many years. What is different is that there is a significant increase during March and April of 2016 that is specifically targeting healthcare organizations.
Many of these attacks come from overseas. Ransomware and Trojans have been used the Russian mafia and law enforcement often turns a blind eye to these activities. Many of the attacks require payments in Bitcoin, which makes tracking the attackers nearly impossible. Much of the planning of these attacks takes place on the “dark web,” which is an area of the internet where anonymity in pretty much assured. For all of these reasons, U.S. law enforcement is limited in its ability to stop this activity.
What can you do to stay protected? Eagle has previously written about strategies for protecting against an earlier generation ransomware, the so-called CryptoLocker malware. While these posts discuss CryptoLocker, the prevention and mitigation strategies apply to protecting against any malware variant:
CryptoWall firsthand account – Mitigating ransomware attacks
