Ransomware Defense 101

When a ransomware attack turns your most important files into encrypted gibberish and paying to get those files back is your only option, you're in big trouble.

Ransomware is a type of malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique that encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented crypto viral extortion attack, recovering the files without the decryption key is an intractable problem, and an untraceable digital currency such as Bitcoin is demanded as the means for paying the ransoms, making it practically impossible to locate and prosecute the perpetrators.

Subscribe to Patient Safety Advocate
Patient Safety Advocate is a free bi-monthly newsletter created by CAP's risk management and patient safety experts, specifically for the independent medical practice.

Unfortunately, when it comes to ransomware, once your files are encrypted, there’s not much you can do — besides cut your losses or pay up. And even if you do pay up, there’s a chance you won’t get your files back, so you’re out access to the files and your cash.

That’s why it’s so important to prevent ransomware attacks from happening in the first place.

Ransomware Prevention Tips

1.  Establish a real backup solution. I don't mean an external hard drive in your office, or a remote backup service like Carbonite or digital tape. We advocate implementing a Business Disaster Recovery (BDR) device. A good BDR, properly configured and deployed, will create near real-time backups, take copies off the network, make them inaccessible to an attacker, synchronize with offsite data centers, and step in to replace a compromised server to keep your operations running. It's time to stop considering these devices as optional. The only way to survive a ransomware attack and not pay the fine is to restore from backup. Newer variants are proving to be "unhackable,” meaning once the ransomware encryption takes root, you have three options: pay the ransom, restore from backup, or lose your data. That’s it.

Please stop thinking you won't get hit. It's just a matter of time.

2.  Make images of key workstations. If your network is properly configured, all your critical and sensitive data is stored on your server(s), and those are being backed up by your BDR. However, in many cases, certain workstations on your network have applications installed or are configured in such a way that would be troublesome to recreate. Those workstations should have periodic images created of their hard drives. Those images, along with a generic image to use on your typical workstations, greatly simplify the task of rebuilding a compromised network. Those images need to be stored offline.

3.  Institute a practice of continual workforce training. If you think meeting the HIPAA requirement of annual training is adequate, you are mistaken. Today's cyber climate is changing so rapidly, you need to prod your user base on a daily or weekly basis to keep security at the forefront of their minds. Of course, your team will make mistakes, but keeping them trained and alert will reduce the chances of getting hit with a successful ransomware attack.

Of course, there’s more you can do, but even if you only follow the advice offered in Prevention Tip #1, you will have dramatically increased the likelihood of surviving a ransomware attack. In fact, not only surviving the attack but reducing your actual downtime to mere minutes. BDRs aren't cheap, but they're cheaper than being down for days, paying the HIPAA fines for the breach, paying a ransom, or losing all your data. If you need help selecting or implementing a BDR, we can work with you or your IT team.

Finally, stay informed. One of the most common ways that computers are infected with ransomware is through social engineering. Educate yourself on how to detect phishing campaigns, suspicious websites, and other scams. And above all else, exercise common sense. If it seems suspect, it probably is.  

 

Jeff Mongelli is CEO of Acentec, Inc., a nationwide provider of HIPAA compliance and medical IT management services. If you have any questions about this article or would like recommendations, please contact him for a free consultation at 800-970-0402 or at jeffm@acentec.com.