As continuous research is done to create better defenses against malicious computer attacks, cybercriminals have also come up with more ways to get cash into their pockets as quickly as possible.
In past years, a new breed of computer virus has started infecting computers and mobile devices. These viruses are unlike the previous malware, as they lock down the computer — including the precious files in it — and only unlocks it when the user has paid the demanded amount. Cryptolocker, Cryptowall, and TeslaCrypt are the new computer viruses that belong to a family of infections known as ransomware.
Cryptolocker is the earliest version of ransomware that started infecting computers in 2013. It easily infects computers through phishing links usually found in email attachments and through computer downloads. Once a computer has been infected with ransomware, all the files are held ‘hostage’ by the cybercriminals. In some cases, ads of pornographic websites appear on the screen each time a user clicks. These cybercriminals demand payment in order to unlock the files and restore the computer to its previous state.
As an added pressure, these criminals threaten users to delete all files if certain demands are not met within a specified period (usually within 24 hours). The desperate user usually doesn’t have any choice but to give in.
Ransomware Threat in Hospitals
Threats from ransomware have affected computers of hospitals. According to Reuters, a study from the Health Information Trust Alliance of 30 mid-sized US hospitals revealed that over half of these establishments (52 percent) were infected with the malicious software.
Just last month, Methodist Hospital, an averaged-size facility in western Kentucky, was operating “in an internal state of emergency” after a ransomware attacked its networks, holding its computer files hostage until they pay up. The attack led to limited use of the hospital’s web-based services.
There has been a growing incidence of ransomware attacks on hospital computers in North America that has led the United States and Canada to issue a joint cyber alert against these extortion attacks. In it, the governments discouraged victims of the attacks to pay these criminals, as there is no assurance that files will be retrieved.
How To Prevent Ransomware Attacks
Ransomware attacks are serious threats. When computers in hospitals stop functioning, there will be delay in information access and flow that may compromise the safety of the patients. When there is a ransomware attack, caregivers will have no access to patient’s data, which can be crucial for those who are unconscious. It can also result to delayed or undelivered lab requests and prescriptions. And the medical devices that rely on computers to be operated can be inoperable throughout the period the computer is held ‘hostage.’
With more medical facilities relying heavily on technology for its operation, it’s crucial to keep the computers malware-free. The following are some tips on how you can prevent these ransomware attacks:
- Back up your data. One of the best things companies can do to protect themselves from ransomware is to regularly back up your files. This can give you a peace of mind, even if a malicious attack happens. Since ransomware can also encrypt files on mapped drives, it’s important to have a backup regimen on external drive or backup service that is not assigned a drive letter. The one key element that is missing during the backup process is testing the backup to make sure that it is working. Do not miss the testing step.
- Make file extensions visible. In many cases, ransomware arrives as a file with a .PDF.EXE extension. By adjusting the settings to make these file extensions visible, you can easily spot these suspicious files. It also helps to filter email files with .EXE extension. Instead of exchanging executable files, you may opt for zip files instead.
- Take advantage of a ransomware prevention kit. The rise of ransomware and its threats has paved way for cybersecurity companies to come up with ransomware prevention kits. These kits protect the computer by disabling files that are run from the App Data, Local App Data folders, and executable files run from Temp directory.
- Disable the RDP. The Remote Desktop Protocol (RDP) is a Windows utility that enables others to access your desktop remotely. If there is no practical use of RDP in your daily operations, then it’s best to disable it, as it’s often used by ransomware to access targeted machines.
- Update your software regularly. Running outdated software makes your computer more vulnerable to ransomware attacks, so make sure to regularly update your software.
- Install a reliable anti-malware software and firewall. This is applicable to malware in general. Having both the anti-malware software and firewall creates a double-wall protection against these malicious attacks. If some gets past the software, the firewall serves as the second level of protection from the malware.
- When ransomware attack is suspected, disconnect immediately from the network. This isn’t a foolproof solution, by but disconnecting immediately from the network or unplugging from the WiFi as soon as ransomware file is suspected, you can reduce the damage caused by the malware. It may take some time to recover some files, but doing this can somehow cut back the damage.
Ransomware poses a serious threat, not just to the security of hospital files, but to the patient’s safety as well. Hence, companies — especially healthcare facilities — must not take this malware issue lightly.
[David Chou was recently named CIO at Children’s Mercy Hospital in Kansas City, Mo. He previously held senior executive roles at University of Mississippi Medical Center, AHMC Healthcare, and Cleveland Clinic Abu Dhabi. To follow him on Twitter, click here.]