February 19, 2016

Posted in:


What We Can Learn About RansomWare From the Hollywood Presbyterian Hospital Cyber Attack

About RansomWare

Recent reports regarding a cyber incident at the Hollywood Presbyterian Hospital in California have highlighted the dangers of a rising trend of cybercriminals using ‘RansomeWare’ to hold company data hostage. ‘RansomWare’ is malicious software that encrypts the data on your computer, and like a worm works its way through a home or corporate network infecting and encrypting the data on one computer and server after another. In the case of the hospital, it impacted the entire email and medical records systems for days. Common names for these ‘RansomWare’ items are CryptoLocker and CryptoWall. After action reports on how the ‘RansomWare’ got into their system have not been provided yet, but what is clear is that despite that fact that law enforcement was involved in this case, the hospital paid an equivalent of $17,000 to obtain the encryption key and get their data back. Unfortunately, the FBI has stated for over a year now that the solution to this problem is exactly that; pay the ransom. “The RansomWare is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”

How Does ‘RansomWare’ Get on My System?

‘RansomWare’ is most frequently received by the initial victim through email or other unsolicited communication such as SMS/text and then spreads through the same means or worming its way through file shares and other avenues on a network. Some instances of initial infections are known to be transmitted through USB and other portable devices, which is why many companies forbid the use of such devices. However, just because you receive the email or infected file does not mean that your have been had. You will only be infected if the attachment within the email or document link is opened, which then opens a window then downloads and installs the actual CryptoLocker malware.

How do I Prevent Being a Victim?

IT and Security professionals have been saying for years – ‘don’t click on and open something that doesn’t look right!’ This is probably the single best action an individual can take to prevent this infection. If you clicked and you realize what is happening, kill the power on your computer, get it off the network ASAP and get Security and/or your Workstation team involved in recovery.

Edge, of course, takes action to prevent this through our multi-layered defense scenarios such as Anti-Spam filters, IPS systems that may block the ‘RansomWare’ download, firewalls and Sophos anti-virus systems.

Ok, I got the RansomWare. Now, what do I do?

First and foremost, don’t hide it. If you get the pop-up, like this below, pull the computer off the network and get Security and the Workstation team involved QUICKLY to prevent further damage. It is easy to rebuild your individual machine. It is a real pain if you hide it, the infection spreads and we have to rebuild servers or worse, pay the ransom.

RansomWare Screenshot

Go back