The US and Canadian Governments have issued a joint alert about ransomware infections in the wake of more hospital infections.
After the FBI issued a statement where it recommended victims do not pay the ransom and backup files, the US Department of Homeland Security and the Canadian Cyber Incident Response Center joint statement highlighted “its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.”
US-CERT recommends that users and administrators take preventive measures to protect their computer networks from ransomware infection, including: employing a backup and recovery plan; using application whitelisting; applying patches and keeping anti-virus up to date; filtering email attachments and web links; and restricting users’ permissions to install and run unwanted software applications, and applying the principle of “Least Privilege” to all systems and services.
In recent incidents, The Hollywood Presbyterian Medical Center declared an “internal emergency” on Friday 5 February after “significant IT issues” were reported by CEO Allen Stefanek, while a group of German hospitals were reduced to swapping handwritten notes instead of emails after an infection.
Last week, healthcare provider MedStar Health was forced to disable its network after ransomware infected several systems while Brian Krebs reported on the Henderson, Kentucky-based Methodist Hospital placing a scrolling red alert on its homepage this week, stating that “Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services.”
Brian Spector, CEO of MIRACL, said: “Public institutions like hospitals are a key target for hackers because they hold such a treasure trove of personal data. In the US, the potential bounty is even larger, due to the additional layer of financial transactions taking place, but that’s not to say that UK hospitals are safe."
“Hospital IT systems are notoriously fragmented and complex, with networks crossing wards, laboratories and offices. They are also among the most vital and important in any organization – because if their systems go down, people’s lives may be at risk. For this reason, criminals may believe hospitals are more likely to succumb to ransomware demands than other organizations, and target them more as a result.”
Research done by DataGravity CISO Andrew Hay showed the cost of cleaning the ransomware infection. For the Methodist Hospital, with a total revenue of $425,196,926 and an average net income per day of $97,124 and being locked down for five days, he estimated the average net income lost was $485,620.
For the Hollywood Hospital with a total revenue of $970,317,733 and an average net income per day of $57,479, based on the ransom demand of $17,000 the cost was $229,918.
“Those with a lot to lose, a lot of money to pay and poor backups are most likely to be targets. In the case of hospitals, the loss of information isn’t merely a financial cost but can be a matter of life or death for lots of people. This makes it much more likely that a hospital will be willing to pay up if they lose crucial patient data and cannot recover it,” said Luke Jennings, Head of Research and Development at Countercept by MWR InfoSecurity.
“It’s difficult to accurately locate the location of the human attacker behind the keyboard, and therefore these attacks. Even if a server involved is located in a particular country, that does not mean the operator of it is located in that same country. Additionally, ransomware authors often make use of Tor and digital currencies to further hide themselves.”