What is ransomware?
Ransomware is a category of malicious software (“malware”) that encrypts a user’s disk drives and demands some form of compensation in return for critical data held hostage. A typical method of infection is an email containing a malicious attachment that will download the ransomware.
Infection with ransomware may compromise sensitive files, rendering those files and associated systems inaccessible to health personnel, thereby disrupting normal operations by inhibiting access to, for example, patient records, appointment information, and test results.
Financial loss is also very likely to affect the targeted companies, as a ransom payment is demanded by the threat actor, with the promise that once payment is received, a decryption key will be provided to restore compromised files.
LEARN ABOUT OUR INSIDER THREAT PROGRAM
Users may encounter this threat through a variety of means. Ransomware is often distributed as attachments to a series of spam campaigns. Ransomware can also be downloaded by unwitting users who visit malicious or compromised websites, or it can arrive as a payload, dropped or downloaded by other malware.
The most recent versions of the virus are TeslaCrypt and Locky, which encrypt files on a computer’s hard drive and any external/shared drives, then direct to a payment page that requests a ransom amount.
Sign up for more great content like this delivered to your inbox!
Are you prepared? Ransomware Checklist
Is your organization secure?
- Have you deployed anti-malware capabilities?
- Are signatures developed/identified for malware?
- Do you encrypt confidential data, including patient data?
- Are appropriate rules added to email firewalls?
- Do you have effective security processes in place (e.g., patch management, vulnerability management, and privileged access management)?
- Do you know your risks from vendors who manage your systems?
- Are there mechanisms in place for whitelisting that allows only “known-good” executables to run on machines?
Is your organization on the lookout for?
- Do you monitor your network to enable timely detection of attacks and unusual behaviors?
- Do you perform analysis of logs (proxy/email/system) to identify additional potential infections?
- Do you have a cyber awareness program, including training on phishing attacks?
- Do you regularly perform vulnerability assessments and penetration testing?
Are you resilient?
- Do you have the right team and skills to respond to a cyber incident?
- Do you have cyber incident response plans to protect mission-critical operations, and do you routinely exercise them?
- Do incident response plans include the wide range of leaders needed, including executives, board members, and leaders of business operations, legal, risk and compliance, and customer communications?
- Are leaders prepared to interface with regulators, legal counsel, and law enforcement during a cyber crisis?
We can help keep your business safe from an IT attack: Contact us
