It Isn't Halloween Yet, but Ransomware is Already a Fright

Ransomware is computer malware designed to block access to a computer system until a ransom is paid. Incidents of attacks are rapidly increasing. In the first quarter of 2016, attacks were quadruple the rate seen the previous year, according to a leading security vendor. The group is seeing an average of over 4,000 ransomware attacks per day since Jan. 1.[1] Pretty scary stuff.

Imagine you are working and suddenly your computer is frozen and you cannot access any files. A window appears stating that unless you pay a certain amount of money your computer will stay frozen. Most likely you were up against a tight deadline and you hadn’t had a chance to save your work because you weren’t expecting the attack. Or, it’s mid-morning in your doctor’s office, you have a line of patients checking in, ready to pay their co-pay, and you cannot access your computer. When ransomware makes a grand entrance, it commands full attention.

How does the hacker gain access?

So, how did the ransomware get there? Often, hackers place ransomware using spear phishing techniques or via a Trojan, where a file looks legitimate, but is not. For example, the ransomware can be installed onto your computer via an email attachment, perhaps a phony invoice, or an employee accidentally inserting a USB drive with the malicious payload on it. Once installed, the criminals overtake a company’s network allowing them to lock everyone out from their computers and hold them hostage. Basic attacks can simply block access. More sophisticated threats can encrypt files or the entire hard drive, preventing use until payment is received and the criminal provides the decryption key to restore access.[2] The infection may begin encrypting files and folders on local drives and potentially spread to other networked computers. Be aware, paying the ransom doesn’t ensure access will be restored. You’re dealing with criminals. Given there may be no cure, it is important to focus on prevention.

Are you a target?

Both individuals and businesses large and small can fall victim to ransomware. However, hospitals and health systems are a primary target. A recent study by Solutionary revealed healthcare as the industry most targeted by ransomware, with 88 percent of their detections.[3] In March 2016, Hollywood Presbyterian Medical Center was locked out of their systems for a week until the decision was made to pay the $17,000 ransom so operations could return to normal. There are strong opinions as to whether one should pay the ransom or not. Not only is money at risk in healthcare, but patient safety may be as well if health records cannot be accessed, for example.

How do you protect your organization?

There are relatively simple techniques everyone should follow in order to not become a victim. With phishing attacks, the hacker tries to lure you into opening an attachment by making it seem important and personal. Do not open files from an unknown sender, do not click questionable links, always check with your security officer if in doubt. It is critical that businesses regularly train and educate employees. In addition to addressing the human factor, make sure technical controls are in place. Businesses may also benefit from having a business continuity plan in place.[4]

How do you keep sensitive payment data safe?

In the event an organization is hit with ransomware, one great benefit of using TrustCommerce is that all sensitive payment data is secured and unreachable to the hackers. If your systems files have been infected, you are still able to access the TrustCommerce TC Vault to view all payment history and make charges, credits and so forth. You can then use our reporting to later update your internal systems as needed. The TC Vault virtual terminal and/or PayWithIt mobile application also provide methods to take payments from unaffected computers or devices if your connected system cannot be accessed. Consider these options as you develop your business continuity plan.

Preparedness goes a long way

The ransomware threat is real and the risk is great. Don’t be tricked. Be proactive, prepared, informed and vigilant in your efforts.