Skip directly to content

Catch Of The Week: FBI Warning On Ransomware

on October 8, 2019 - 7:40am
By BECKY RUTHERFORD
Los Alamos
 
What is ransomware? Ransomware is a subset of malware, where all data on a victim’s computer is held for ransom by means of data encryption. Payment is demanded, usually via Bitcoin, before the ransomed data is decrypted so the victim can access their data again.
 
Oct. 1, three hospitals owned by Alabama based DCH Health Systems were struck by ransomware. The hospitals were forced to limit services to only the most critical new patients after the ransomware attack. The ransomware affected all 1,500 of the hospital’s computers, including its email server. DCH Healthcare was forced to notify patients with nonemergency medical needs to seek assistance from other providers. The ransomware used in this attack was identified as a variant of Ryuk.
 
Several major hospitals in Victoria State in Australia also suffered a ransomware attack Oct. 2. The attack has caused delays in patient care with certain services needing to be rescheduled.
 
In the case of the three Alabama hospitals, DCH Healthcare did pay the ransom. It is unknown at this time how much they paid, or who might have been behind the attack; the attackers were likely based overseas. The hospitals are still working on recovering the data; unfortunately, just paying the ransom is no guarantee you will get your data back. In some cases, the victims are not given a decryption key, and in others not all files can be recovered. Another problem with paying the ransom; it will just encourage more ransomware attacks and higher ransom requests from attackers.
 
Oct. 2, the FBI issued a warning on ransomware attacks; they have identified this as a “high impact” and ongoing cyber threat facing U.S. businesses and organizations. In particular, the FBI is warning that "health care organizations, industrial companies, and the transportation sector," are being targeted now.
 
There are three specific techniques the FBI is highlighting; email phishing, remote desktop protocol vulnerabilities, and software vulnerabilities. Mitigation of these attacks can include ensuring operating systems, software, and firmware are up to date, and also keeping data backed up regularly. Companies of all sizes across all industries need to be prepared for ransomware and have technical controls in place, as well as raising security awareness amongst employees to prevent phishing attacks. In addition, the FBI is urging victims to be sure to contact law enforcement, and to work with them to avoid paying the ransom.
 
Paying the ransom will only encourage more attacks.
 
Threat intelligence experts from cybersecurity technology company CrowdStrike note a disturbing trend; what the firm refers to as “big game hunting” that has steadily been on the increase over the last 18 months. These are attacks focusing on high-value data or assets within organizations that are especially vulnerable to downtime, making the organization’s motivation to pay a ransom extremely high.
 
The most common attack a home user will face is the “tech support” scam, where criminals will call you and claim to be from “Microsoft” or “Apple” and tell you they need remote access to your computer to “update your warranty” or “fix something”. Do not ever fall for these scams. Large companies will never, ever call you to initiate service; you will always have to call them. These scammers use RDP to access your computer and install ransomware, then request a ransom.
 
The amounts requested in these scams are generally smaller but could end up costing you thousands of dollars, not to mention any data they might access and steal from your system.
 
How can you avoid a ransomware attack?
 
Learn to recognize phishing, and associated attacks like smishing (phishing via text message) and vishing (phishing via phone). Do not click links or open attachments from unknown senders. Do not provide personal information in response to unsolicited emails, phone calls, texts, etc. Keep backups of your systems, whether you are at home or work. Keep the backups separate from the rest of your network, maybe on an external hard drive stored in a secure place (preferably off-site), or even with a trusted cloud provider.
 
Keep all software and systems up to date with relevant patches. Make it easy- enable automatic updates when you can.
 
Use a good anti-virus and firewall to protect your systems.
 
Only download software from sites you trust- never download from an unknown website. You could download ransomware, a backdoor, Trojan, or other malware that can wreck your system.
 
Be careful when using public Wi-Fi; avoid using public Wi-Fi for sensitive transactions and use a VPN (Virtual Private Network) when possible. I like NordVPN, but there are many options out there.
 
Ransomware attacks are getting worse for many reasons; primarily that it is a great way to make fast cash because victims are increasingly paying up. Use caution, and protect your systems at work and at home to avoid falling victim to these attacks. Everyone is a target, be careful!
 
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

Advertisements