Ransomware Targeting Healthcare.

Gardidien was having a bad day.

Just over a week ago, the system administrator who goes by the handle Gardidien on Reddit got a phone call. One of the critical company systems was down. He quickly determined that it wasn’t just one system–it was nearly half of the systems in the company, at three different locations. He found a message demanding the company pay a ransom to get their servers and data back.

Gardidien immediately checked backups–and found that the data drives on two different backup servers were in the process of being erased. He had no backups available to recover the lost servers.

Ransomware

This is ransomware–a particularly devastating form of malware in which hackers encrypt data (or entire servers) and refuse to release it unless they are paid for the keys to unlock the data. And the price to get the data back is usually high. The company in this example paid $15,000 to restore their servers. (It would have cost more to set up new servers and get back up and running, so the cost effective option was to pay the ransom.)

The scariest part about ransomware is there is no guarantee you will get your data back even if you do pay. The hackers may take the money and run. Or something could go wrong. Several of the servers in the example above were unrecoverable, even after the company paid up.

Ransomware Targeting Healthcare

Incidents of ransomware appear to be increasing. Just this week, we learned of a new form of ransomware targeting the healthcare sector.

This type of ransomware is delivered via an email message specifically targeted at a particular organization. When a user clicks a link in the message, his or her system downloads a Microsoft Word document that includes the logo of the organization and the signature of one of the in-house healthcare professionals. The Word document contains what appears to be links to patient healthcare information.

When the user clicks one of the links, the ransomware installs on their computer. It then proceeds to seek out and encrypt various critical business files on the local computer and on shared network drives. When this is complete, the malware displays a message telling the user that they must pay a ransom online before the files will be decrypted.

This is the sort of disaster that can cripple an organization. Antivirus software by itself is unable to protect against ransomware. Ransomware can sometimes mutate to avoid detection.

If you don’t currently have a robust protection strategy to shield your company from ransomware, please consider reaching out to Umbrella. We’re here to help you avoid having a really bad day.