How to Protect Against Ryuk Ransomware
As countries worldwide struggle to come to grips with the Covid-19 pandemic, attackers have attempted to capitalize by launching a wave of ransomware attacks on hospitals across the U.S. and Canada. These attacks have taken place in locations ranging from New York, Nebraska, Ohio, Missouri, and Michigan, to Montreal, by using Ryuk ransomware.
But what is ransomware exactly? Ransomware is a type of malicious software that infects a device and encrypts all of its files. After encrypting the files, a cyber criminal contacts the victim and offers to restore access to the files for a ransom.
These attacks are so common now that the cost of ransomware is estimated to reach $20 billion by 2021. This article will examine what happened during the attacks and how to protect against ransomware.
The Covid-19 Healthcare Ransomware Surge: Here’s What Happened
On October 28th, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) jointly released a warning about a series of attacks that have been targeting healthcare facilities across the U.S. The advisory noted that “there is an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers.” It warned healthcare providers to take “reasonable precautions” to avoid falling victim to future attacks.
One of the institutions targeted in the attacks was St. Lawrence Health Systems in New York, which was compromised by Ryuk ransomware on October 27th. Several hours after the breach, the attack was detected and forced the healthcare provider to shut down its internal network and divert ambulances from Canton-Potsdam Hospital.
Similar attacks have also started to crop up in Canada. Back on October 19th, hackers targeted the Société de transport de Montréal (STM), putting the STM site out of action for over a week, and demanding a ransom of $2.8 million USD. A week later, hackers targeted the Jewish General Hospital in Montreal.
While it’s not clear who’s behind these attacks, the growth in cyber attacks taking place against hospitals during the global pandemic suggests that attackers know that blocking access to patient data and disrupting healthcare puts tremendous pressure on medical institutions to pay up.
Best Practices: How to Protect Your Enterprise Against Ransomware for CISOs and Security Leaders
As long as ransomware remains a threat to healthcare providers and enterprises, knowing how to prevent ransomware is critical for avoiding downtime. Remember these best practices to protect your systems:
1. Educate employees with security awareness training
Implement security awareness training to educate employees about threats and use phishing simulations to monitor their overall awareness of risk factors like ransomware, malware, and phishing attacks.
2. Use scenario-based training to prepare employees to confront real-world threats
Use scenario-based training to show employees how to respond to real-world threats. For example, teach employees not to open attachments or click on links from senders' links they don’t know.
3. Develop internal cyber security heroes
Train internal cyber security heroes to take charge of building a security-conscious culture within your organization and helping other employees to address modern cyber threats like malware or ransomware.
4. Providing ongoing communication and security awareness campaigns
Release regular communications and campaigns to notify employees about new ransomware strains and other cyber threats that put your systems at risk. For example, send out emails to let employees know about the latest security risks.
5. Regularly update all I.T. systems
Ensure all applications, operating systems, internal software, and network tools are up-to-date and secure so that cyber criminals can’t exploit any vulnerabilities to gain access to systems or information.
6. Help employees to select strong passwords
Remind employees to select strong, unique passwords, and discourage them from sharing them with others. Send regular reminders about password rules with examples of strong passwords and instructions to update.
Best Practices for Users to Protect Against Ransomware
For users, vigilance is the key to staying safe online and avoiding unknown threats. There are several best practices all users should follow to lower the risk of a ransomware breach:
1. Inspect website and email addresses for anything suspicious
Examine website and email addresses for suspicious names, extra characters, and spelling mistakes that could indicate a cyber criminal is directing you to a phishing site designed to steal your personal information and transmit ransomware.
2. Don’t click on unverified or suspicious links
Never click on unverified or suspicious links as these can infect your device and take you to phishing sites that put your personal information at risk.
3. Avoid opening email attachments from senders you don’t trust
Don't open email attachments from unknown or untrustworthy senders as these can infect your device with malware and ransomware. Stick to opening attachments from trusted senders to reduce the chance of a data breach.
4. Only visit websites that you trust
To limit your exposure to malicious entities, only visit and download files from websites that you trust. For extra security, do not install any software that has not been authorized by IT.
5. Avoid unfamiliar physical storage media
Try to avoid using unfamiliar physical storage media, such as USB flash drives and backup hard drives, as these can infect your device. Hackers will often leave corrupted physical storage media in communal spaces to trick employees into spreading malware.
6. Complete regular antivirus scans and software updates
Perform regular antivirus scans and software updates to eliminate system vulnerabilities that attackers can try to exploit. Software updates prevent common strains of ransomware like Wannacry.
7. Regularly back up your files
Periodically back up your files so that if you fall victim to a ransomware attack, you'll be able to restore your files without paying a ransom. Never pay a ransom as this only incentivizes more attacks.
Recap
The spike in ransomware attacks targeting healthcare providers throughout the global pandemic shows that cyber criminals will seize any opportunity to scam organizations under pressure and with little tolerance for outages. With ransomware attacks on the rise, security awareness training is essential for preventing these entities from breaching your network.
Security awareness training will give your employees detailed guidance on how to avoid these attacks so they can work safely without putting company systems and sensitive data at risk.
ON-DEMAND WEBCAST Protecting Your Healthcare Organization From Cyber Threats
With the current COVID-19 pandemic breeding uncertainty and unique challenges, the healthcare industry has become a prime target and is facing cyber threats at an alarming rate.