Ransomware and the Case of the Hollywood Presbyterian Hospital
Ransomware- To pay or not to pay.....
NOT- The answer is NOT to pay, or better yet, not to HAVE to pay. Allow me to explain.
By now, you've likely heard about the CryptoLocker or CryptoWall attack- the ransomware that very recently took hold of Hollywood Presbyterian Hospital in California. Hackers infiltrated the hospital's network, locked critical files- CT Scans, documents, patients' pharmaceutical needs, lab work, etc., and then demanded a ransom for the information needed to unencrypt or unlock these files. Reportedly, the demand was for 40 Bitcoins or $17,000, and after 10 days of not being able to access these documents, the hospital paid the ransom.
What does that tell us? Mainly that this hospital was completely unprepared and did not have proper backups that are crucial to business continuity and disaster recovery. The ONLY reason anyone would ever have no choice, but to pay the ransom and hope for the best is because a proper backup solution was not implemented. And, as I've said many times before, hackers aren't exactly known for being honorable, so there's a good possibility that you could pay the ransom and get absolutely nothing in return.
CryptoLocker/CryptoWall infiltrate systems typically by way of a phishing email with a link or rogue attachment. We recently saw an attack that came in by way of an attachment called "My_Resume.zip." The firm was hiring at the time and had just posted an ad, so when an email came in with a "Resume" attachment, they didn't think twice. The clue-in should have been the .zip part. We always advise our clients to err on the side of caution and to not open attachments from unknown senders or attachments you were not expecting, especially if they're .zip or .exe attachments. Those we advise against opening altogether.
So let's backtrack for a moment- BACKUPS. Backups are absolutely imperative, and not just any backups; I'm talking tested, daily, or, ideally, hourly back-ups. The Engineering Team at Electro-America won't even consider a network design that does not include a complete business continuity and disaster recovery plan; that's how crucial it is....unless you have some strange desire to lose days of work and have money you're eager to give away to hackers.
Electro-America has successfully saved companies from the fate of the Hollywood Presbyterian Hospital, protecting them with solid backup systems that allowed us to pinpoint the entry of the attack, eradicate the infection, and restore all in the same day. Experts are predicting an increase of these types of attacks in 2016, so it's all the more important to protect your business!
Concerned about business continuity and disaster recovery? Contact us today at 908-687-0020 for a free consultation or use the new appointment scheduler in the lower right of our website.