Monday, 3/28/16, what appears to be a ransomware attack forced a hospital in Maryland and Washington D.C. to shut down their network. Ransomware attacks on hospitals have been increasing. Attacks on individuals are also on the rise.
Ransomware is the most direct route from a victim’s wallet to a hacker’s pocket. The hacker infects a computer, tablet, or phone with malware that makes a threat and demands a ransom. Extortion. Pure, simple, and lucrative. Ransomware has extorted hundreds of millions of dollars from innocent victims during the last few years. Despite some notable busts, the number of assaults has increased each year for several years.
The Course of an Assault
An assault follows a predictable course. The initial infection comes from executing an attachment from a malicious phony email, or clicking a web site that is a drive-by infector. Then comes the threat and demand—the choke and puke, as it is called. The victim is ordered to pay, usually in bitcoins.
Threats
Sometimes the threat is idle. The victim might click on a dodgy site that promises salacious celebrity photos. Shortly thereafter a realistic image pops up that looks like it came from the FBI, the county prosecutor, or whoever. The pop up accuses the victim of downloading something illegal. Send money and the charges will be dropped. Another variant pops a message saying that the victim’s computer is infected with a deadly virus. Buy this expensive software to clean it up or suffer the consequences. In most cases, threats like these are entirely bogus. A good anti-virus scan will probably take care of the infection.
File Encryption Threats
There is another type of ransomware that is a more serious threat. These infections disable the victim’s computer by encrypting the victim’s files. The encryption is strong and nearly impossible to decrypt without the key, which the hackers will gladly supply, for a ransom, usually between three hundred and eight hundred dollars for an individual. Businesses are hit for larger ransoms.
These criminals are ruthless and heartless. Lately, hospitals have become a favored target, no doubt because the threat to patients ups the urgency. A hospital in the Los Angeles area recently paid out $17,000 to get their files back. Around a dozen other hospitals have been hit.
Solutions
This threat is so effective, on at least one occasion, the FBI recommended paying the ransom, but you don’t have to fall victim to these file encryption attacks.
First, follow basic cyber hygiene. Don’t open email attachments unless you are absolutely certain the email is from a trusted source. Don’t visit dodgy web sites. Use an anti-virus and run scans regularly. Keep your system and anti-virus up to date. These steps will protect you from infection in most cases.
If your defenses don’t protect you, a good backup will still keep your data safe. What makes a good backup? It must be kept current, either by frequent runs or continuous backup. Most ransomware will encrypt any drive that is accessible to the infected computer, so your backup must not be connected directly. The easiest way to do this is with a reputable cloud backup service, not a cloud storage service. Cloud storage services, such as Dropbox or OneDrive, will not provide a full restore. They can help, but a regular backup is more likely to completely restore your system.
Using backups, Methodist Hospital in Kentucky was able to recover from a ransomware attack that put the hospital into an internal state of emergency for four days. They did not pay the demanded ransom.
In a Pig’s Eye
If you have a reliable backup, when the ransom demand appears, raise your right hand in a fist and shout out “in a pig’s eye,” completely reinstall your OS to get rid of the malware, restore your data files from your backup, and return to normal. You might not need to completely reinstall, but reinstalling is a sure way to remove all malware. You will have to update and patch the system. That will probably be automatic, but you should check.