Ransomware attacks have surged in the last year.¹ Healthcare providers and other businesses have fallen victim. Previously, these cyberattacks mostly targeted individuals, who often paid only a few hundred dollars to retrieve their files. Now, many businesses have found themselves locked out of their networks and unable to access them unless a ransom is paid.
Ransomware is a form of malware that infects devices via a Trojan, a kind of malicious code disguised as legitimate software. It often appears as an attachment or program that seems to come from a trusted source. Once opened, it installs malware on your device. Then, the Trojan encrypts information and/or blocks access to the device or network, while also leaving a message demanding payment.
Even if this payment is made, the hacker may not release your information. In this case, your system is totally unusable.
Frequency of Ransomware Attacks Increases
In 2019, ransomware incidents disrupted many organizations’ infrastructure and ability to do business. That same year, the number of organizations that contacted the security firm Emsisoft after ransomware attacks grew to 205,280 — a 41 percent increase from 2018. In the last quarter of 2019, the average ransom payment more than doubled, rising to $84,116.²
According to the FBI, ransomware attacks are becoming “more targeted, sophisticated, and costly.” The agency received 1,493 reports of attacks in 2018, although the number of total incidents is probably higher.²
The cybersecurity company McAfee reported that across all sectors, ransomware attacks increased by 118 percent during the first quarter of 2019. Over 2.2 billion stolen account credentials appeared on the dark web over the course of the quarter. Of these targeted attacks, 77 percent relied on user interaction for execution. An example of user interaction would be opening a suspicious email and clicking on an attachment, which could install ransomware on your device.¹
The healthcare sector has long been a target for ransomware attacks. The industry is more affected by data breaches than any other, accounting for 25 percent of total breaches across all industries.³ Healthcare data is extremely valuable on the black market because it can be used to commit healthcare fraud, which is very profitable.
How to Protect Yourself from Ransomware
New forms of ransomware appear daily and often come from sources outside the U.S. Hackers are difficult to identify or track because they use Bitcoin and anonymous messaging platforms to communicate with victims. However, there are security measures you can put in place to protect yourself.
One of the most important measures you should take is formulating a Disaster Recovery Plan. Once created, the plan should be tested to identify potential weaknesses. Your security mindset should be: it’s not if it will happen, but when. Here are some steps you can take to protect your business.
Update your software:
Software updates are critical; they often include patches to security holes in the software. You should have a plan in place for how and when you will implement updates. In general, you should also limit the programs allowed on devices and only allow software that has been properly vetted on the company network.
Learn to recognize social engineering:
Social engineering refers to an attack where someone is manipulated into giving up information. Phishing is a common example of this. Train your staff properly on how to identify malware attacks. For instance, never open email attachments from unknown sources; these could contain malware. When in doubt, delete the email, or forward it to IT to review.
Install anti-malware programs:
It’s important to have both firewalls and anti-malware software on all devices that are connected to the internet. Because new malware appears on the internet every day, your anti-malware software should be regularly updated. A definition file is a list of known malware, which the software can use to find and eliminate malware. Be sure your software is also scanning all attachments that come in.
Back-up. Back-up. Back-up:
You should always keep multiple copies of your data in multiple locations. Try following the 3-2-1 backup rule: have at least three backups, on two kinds of media, with at least one offsite. This will allow you to restore systems by reverting to an earlier, uncorrupted copy of your data.
What to Do If Attacked
The FBI has stated that it “does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data.” There is no guarantee that a ransom payment will prompt the hackers to provide you with a decryption key, and it may result in a second demand for money. Even with a valid decryption key, you may not be able to recover some or all of your data.⁴
Ultimately, the decision of whether or not to pay a ransom is your own. Each situation is different, with varying amounts of money involved. Consider how much it will cost to recover the system versus the hacker’s asking price.
The best strategy to combat ransomware is being proactive: our total HIPAA compliance solution helps you build a security program customized to your business in just three easy steps. Prevention is the name of the game with ransomware.