Hospital Pays $17,000 to Hackers
The Hollywood Presbyterian Medical Center made national news this week when it was attacked by ransomware, a malicious program that encrypts data and then demands the victim pay a ransom for the key to decrypt files.
The most recent variant, called “locky” comes in a cleverly crafted email with a Word document attached, posing as an invoice. If the document is opened and executed, the program quickly encrypts files on networks shares and then displays a popup window informing the victim of how to pay to get a key to decrypt the files.
In the case of Hollywood Presbyterian, they reportedly paid $17,000 to obtain the key to decrypt their files. That’s a lot of dough! And many times, companies pay the ransom and don’t get the key. It appears that the hospital either did not have any backups or the restore failed (Computer World).
Data Backup
Any company must, simply must have a backup/recovery plan in place that is comprised of multiple types of backups. Data restoration must also be systematically tested to make sure it will work. In incidents with ransomware, restoring from backups is usually the only option to get the company back online. The good news here is there are many excellent solutions that can fill this need.
Business Class Security
You can’t protect your business with consumer level security software (or worse, “free” security software). A centrally managed, properly configured and well- maintained End Point Security system combined with Unified Threat Management (UTM) is required.
Systematically Update Your Infrastructure
Every device on a company network must be updated and managed. Older Operating Systems and unpatched systems make a company a sitting duck. There are always updates, fixes, enhancements and upgrades that must be managed.
Yes, this will cost money. But your business will significantly reduce the chance of a hack/infection and will be able to recover quickly without sending $17,000 to some unknown person or persons just to get your system back to a usable state.
No system is impervious to attacks, but it is possible to greatly improve your defenses, reduce the risk and recover quickly without sustained downtime or paying a clever thief a hefty sum.
Credit: Capella / Eric’s Boy / Juno / KC Medien / Moving Pictures / New Line