Ransomware is on the rise according to Carbon Black’s Kane Lightowler, Managing Director Asia Pacific and Japan. The number of enterprises being forced to pay criminals to decrypt their files is growing daily and Australia is a prime target because of the high success rate here.
This is particularly so for hospitals, which have come under constant fire from ransomware attacks in 2016. Hospitals are easy marks for ransomware for two reasons:
- Hospitals rely on real-time information from patient records to provide critical care. As a result, they will typically pay the demand rather than risk disruption or delay of care.
- Hospitals typically have the same file share and depository for all systems – including patient health information (PHI) – so all it takes is for one employee to be fooled and files are locked across the entire organisation.
Although a U.S. statistic, as many as 75% of hospitals, have been hit with ransomware in the past year. What’s more disconcerting is that 50% of hospitals said they are unsure, or have no way of knowing, if they managed to find ransomware in their enterprises.
For those organisations, the price of recovery can be very high. When a hospital is infected with ransomware, the decision to pay the ransom is determined by some questions:
- How quickly can the hospital implement its business continuity plans?
- When was the last back up?
- What’s the scale of the attack?
- What files are being encrypted?
- What’s the risk to critical patient care?
In many instances, attackers are not demanding huge amounts of money, but the risk and liability associated with being infected go way beyond the price of ransom. Hospitals need to take into account the cost of disruption, lost productivity, the money needed to investigate IT systems and the cost of infrastructure improvements to prevent future infections.
Additionally, all healthcare organisations must adhere to HIPAA/HITECH and many have PCI DSS (personal and financial) information implications. The harsh reality is that if an organisation is breached, it is out of compliance.
The fines and penalties associated with compromised personal health information (PHI) are monumental. Add potential lawsuits into the equation and the financial demand of the original ransom fee becomes a mere footnote in the attack.
Detection and Response
Organisations affected by ransomware are increasingly leveraging pattern-based threat detection to provide reliable visibility into ransomware variants by looking for behaviours and actions that are indicative of an attack. With such an approach, a security team can be alerted of a potential ransomware attack that’s taking hold of their enterprise, isolate the host and stop the attack before it spreads.
These forward-thinking organisations have the ability to continuously record and centrally store all endpoint activity, including network connections, process trees, file and registry modifications, file executions, and copies of executed binaries.
This type of visibility provides security practitioners with full root-cause analysis so they can make intelligent decisions on how to improve their security posture to prevent future attacks, instead of blindly re-imaging machines or deleting malware and hoping for the best.
Carbon Black provides endpoint security software that detects malicious behaviour and prevents malicious files from attacking an organisation. It has a webinar titled 7 Dangerous Misconceptions About Recent Attacks: It’s Not About the Ransomware or Hospitals here specifically relating to hospitals.