The United States and Canada have teamed up to alert both nations of the threat of ransomware, illustrating the harmful impact of these cyberattacks to individuals and organizations all over the world.
The United States Computer Emergency Readiness Team (US-CERT) within the Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre (CCIRC) jointly issued alerts in response to ransomware variants infecting computers in the healthcare industry in the United States, New Zealand and Germany. The alert gives useful information about ransomware, including its main characteristics, its prevalence worldwide, variants that may be developing, and how individuals and businesses can prevent and reduce the prevalence of ransomware.
Ransomware is a type of malware that contaminates a computer system and will restrict a user’s access to said system. Often, a message will appear stating that the files have been encrypted, and the message will demand payment from the victim – usually in the form of virtual currency such as Bitcoin – as a condition to access being restored.
Amounts vary, but typically, the attacker will request $200-400 dollars, according to the US-CERT alert.
Attacks have been rampant in recent weeks with many of them targeting hospitals, and the hackers’ demands haven’t been cheap. Last week, Maryland-based MedStar Health was victimized by what appeared to be a ransomware attack in which the hacker demanded $18,500 in Bitcoin.
Earlier this year, Hollywood Presbyterian Medical Center in California paid a $17,000 ransom in Bitcoin to a hacker after the hospital’s computer systems were seized in a ransomware attack.
These recent attacks were likely ransomware variants, which typically demand more lucrative sums and can damage the entire organization’s files, not just the particular user’s device. Sometimes, the ransomware can utilize spam emails, but in other cases, ransomware can take advantage of vulnerable web servers.
Systems damaged by ransomware are often infected with other types of malware which attempts to steal other information; one malicious malware, GameOver Zeus, was used to steal banking information and other types of data, according to the US-CERT alert.
One of the biggest impacts of ransomware, as the alert points out, is the lack of any guarantee that the encrypted files will be released, nor does decryption guarantee removal of the malware infection itself. The only thing certain is that the hackers receive the victim’s money and, in some cases, the victim or organization’s banking information.
US-CERT actually discourages organizations from paying the ransom due to the lack of guarantees that files will be released.
The US-CERT alert provides several recommendations for preventative measures individuals and organizations can take, including the following;
- Have a data backup and recovery plan which can be tested regularly for all critical information; backups should be kept on separate storage devices;
- Allow only specified programs to run on computers and web servers to prevent unapproved programs from running (known as application whitelisting);
- Make use of patches to keep software and operating systems current with the latest updates;
- Maintain current anti-virus software and scan all downloaded software from the internet prior to executing;
- The “Least Privilege” principle should prevail – restrict users’ access to unnecessary software, systems, applications, and networks through the usage of permissions;
- Preclude enabling macros from email attachments. Enabling macros allows embedded code to execute malware on the device. Organizations should have blocking software to cut off email messages with suspicious attachments;
- Do not click on unsolicited Web links in emails.
As usual, report hacking or fraud incidents to the FBI’s Internet Crime Complaint Center (IC3).
Randall J. Collins is a law clerk in Fox Rothschild’s Philadelphia office.