Ransomware: The Growing Threat
Back in February, it was reported that Hollywood Presbyterian Hospital had become the latest high-profile victim of a cyber-attack. Hackers had gained control of the hospital’s network and encrypted all patient records. Doctors and staff were also prevented from utilizing their email applications and had to rely instead upon fax, phone or face-to-face communication. While hospital representatives stated that the quality of patient care had not been affected, others voiced their frustration over the inability to access health records and test results in the timely manner upon which our modern healthcare industry has become accustomed.
The method of attack in this case was a form of Ransomware. Ransomware has existed for several years, with the number of attacks escalating each year. Recently, hackers have shifted their focus away from individuals to large corporations. Why? If an individual is willing to pay $300 in bitcoins to recover their data, then surely a large company would be able to pay out much, much more. In the case of Hollywood Presbyterian, it was initially reported that hackers were seeking $3.4 million dollars’ worth of bitcoins. The actual amount paid, $17,000, was considerably lower, but still illustrates a perilous precedent.
In truth, any company can be a victim of a ransomware attack. All it takes, is a seemingly harmless or everyday email with an attachment. At first glance, everything appears normal but it is actually carrying an executable program which in turn encrypts files and the only way to get the key to unlock the encryption is to pay the ransom. This is likely why hospital officials considered the attack to be random rather than malicious.
So, what can corporations and institutions do to safeguard against these kinds of attacks? One of the first lines of defense is the authentication system. By moving towards a risk-based profile authentication or layering authentications, companies can make it harder for a hacker to go unnoticed. Other recommendations include backing up corporate data, taking advantage of cloud storage and redundancy, plus keeping antivirus and anti-malware software up-to-date.
For more information about ways to keep your company data safe, please email us at firstname.lastname@example.org or give us a call at 877 834 3684.