Ransomware: Why Is it Winning?

It’s hit and it’s hit hard. In the past week, dozens of companies around the world have had their data held hostage causing the phones at cyber security agencies in South Florida to ring off the hook. Businesses in Germany, Ireland, and the U.S. have become victim to a new crypto-ransomware virus. And the hackers are winning.

Just this past week in the U.S., the Hollywood Presbyterian Medical Center in Los Angeles and the Methodist Hospital in Kentucky have had their data held hostage by anonymous hackers that could be anywhere in the world. Records belonging to thousands upon thousands of patients was encrypted and locked. Hospital staff also lost the ability to schedule appointments or access any of the data on the hospital servers. But that’s not even the worst part - the worst part is that the hackers got paid.

This type of malware attack is aptly named ransomware. Data is held for ransom, people’s lives are put at risk, and the victimized institution loses the ability to function; but it can all go away if they pay the ransom. And that is exactly what the administrators at the Hollywood Presbyterian Medical Center did. They paid $17,000 in bitcoins to the hackers in order to regain access to their files. With the rising threat, cyber security agencies in Miami, Florida do not want major corporations, lawyers, and medical facilities to have to pay anything to these cyber criminals.

Moreover, it’s not just hospitals being targeted. Any business or organization that holds sensitive or important records for patients or clients can be targeted by these malicious hackers. Law firms and hospitals are popular industries being targeted the most, since they tend to have higher urgency for information, there’s a greater chance that the hacker will get their ransom.

ERM, a Miami based cyber security firm is currently conducting ransomware investigations for two existing clients and sees examples of these attacks happening with more frequency. Ransomware attacks are difficult to detect but easy for attackers to develop. Attacks usually come in the form of email messages to unsuspecting company employees or individuals. ERM cybersecurity professionals explain how two recent attacks unfolded.

• Company HR reps are sent emails telling them to download a file from Dropbox as per company policy – and within minutes the entire system is locked; skull and cross bones in red across the screen. This is not an exaggeration; that’s exactly what the Samsam ransomware does.

• A company staff member is sent an email telling them to “Click for a software update”, which the untrained employee then clicks. A hacker somewhere in the world has access to the system. Within a few days, the hacker has installed key-logging software onto the computers of important staff members. They then gain access to the core systems of the company servers, install the software, and leave a document for the system administrators to find called decrypt.txt. Within that document are instructions to pay or never have access to their systems again. Sound like fiction? This is the exact account of the ransomware attack that Hollywood Presbyterian Medical Center in Los Angeles just experienced.

There is one common mistake that all of these organizations made: underestimating the value of cyber security and training employees on proper cyber security protocol. Preemptive planning, and implementing incident response plans, and guidelines which explain how to defend against attacks are the only way to avoid falling victim to any form of cyber-attack. By performing regular penetration testing with cyber security companies like ERM, you decrease the probability of falling victim to a ransomware attack.

ERM recommends the following best practices to protect against ransomware:

• Maintain a strong firewall and update firmware regularly
• Install reputable Anti-Virus software. Beware of fakes.
• Backup data consistently
• Enable popup blockers for browsers
• Provide training and awareness content on regular basis which reference best practices and tips
• Enable Browser popup blockers