Ransomware is Becoming Smarter, But So Can You


On April 6, 2016, the Department of Homeland Security and the Canadian Cyber Incident Response Centre recognized the increasing danger of ransomware by releasing a special warning to health care facilities and other businesses.


“With the intent of educating, guiding and preventing abuses in the technology utilized by healthcare professionals and networks,” the warning stated, “The United States Computer Emergency Readiness Team (US-CERT), within the Department of Homeland Security and the Canadian Cyber Incident Response Centre, have jointly issued a special alert for both nations on the threat of ransomware and recent variants of the virus.

“The alert highlights the threat to the healthcare industry in the U.S. and worldwide, as well as threats to other businesses and individuals, outlining important steps to help organizations from falling victim to a ransomware attack, and guidelines for responding in incidents in which an organization is fending off ransom demands.”


Read on for a summary of the warning signs and precautions you need to know in order to avoid the devastating effects of being victimized.


What is Ransomware and How Does it Work?


Ransomware refers to malicious programs unintentionally downloaded from the internet that can encrypt or lock your computer’s systems until a demanded ransom is paid. Paying the ransom offers no guarantee that the virus will be removed, however.


In the process, you can jeopardize very important information and lose money and valuable time.


Warning Signs of Ransomware: Their Methods


This isn’t new wisdom: If you want to defeat your enemy, it helps to know how they think, what they are after, and the methods they use to get it.


Malicious actors, or those that send out the ransomware, love email. They can send you something with a convincing subject line and request that you open an attachment. Even a simple Microsoft word document can have embedded malware. More often than not, they will be compressed files that will release multiple viruses on your computer.


Actors have also posted convincing and dangerous links on social media. Instant messaging sites are a favorite of theirs. They often exploit vulnerable or outdated web servers. Their malware can be released by a simple click on a website; the bad programs will download and run without you ever knowing.


The impact can be widespread. When one company computer is infected, its specific data is the least of your worries. Many kinds of ransomware will penetrate the contents of shared or network drives and encrypt things the whole company depends on.


The Department of Homeland Security’s warning stated, “In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide.”


One example came just this year, and cost millions to remedy. Hollywood Presbyterian Medical Center in Los Angeles, California was targeted and the malicious actors were able to lock the hospital’s computer systems, debilitating the lab, the emergency room, and pharmaceutical orders. The hospital stumbled by for nearly a week, sending patients to other nearby hospitals, until they finally caved. They paid the ransom of $17,000 in Bitcoin, and luckily, their systems were restored.


This doesn’t have to happen. Another incident in Henderson, Kentucky at Methodist Hospital was overcome after a difficult weekend when the hospital restored all of its data with information stored and updated in backup drives.


So, how do you make your story like the hospital in Kentucky and not like the story of the hospital in California? Keep reading.


What can you do to prevent malware?


First and foremost, be an aware internet user. If it looks suspicious, don’t give it the benefit of the doubt. For more specific and effective safety nets you can set up, read the following:


  • Use application whitelisting. This will keep unapproved programs from running without you knowing. This is one of the most effective preventions.
  • Back up your data. Even if you have a whole company to back up, it is better than losing that entire database to one malicious actor. Test your backups regularly, this can limit the amount of data that can be encrypted and make recovery faster. Store them a separate device and offline if at all possible.
  • Don’t click “Remind Me Later” on your software update pop-ups. Out-of-date applications and operating systems are more vulnerable than you would think.
  • Update your antivirus software. This one is quite obvious, but easy to forget.
  • Scan all software downloaded from the internet before you execute it. A few extra seconds before a download can decrease your chances of being victimized significantly.
  • “Apply the principle of ‘Least Privilege’ to all systems and services.” In other words, restrict permissions.
  • Don’t enable macros from email attachments if you can help it. Block all emails from suspicious sources.
  • Don’t download email attachments from people you don’t know.


Please, for the safety of your company, don’t see this list as another to-do list that is worth procrastinating. Act now, protect your information, and stop these malicious actors.
To read the original article and/or access more resources to safeguard you, click here.

Leave a Comment