Ransomware: A brief overview
Ransom malware, also known as ransomware, is sort of cyber-attack. This attack prevents the authorized personnel to get an access to their files or systems, either by locking their files or locking the entire screen of the system. After introducing ransomware hackers demand for ransom payment for the decryption of the data. Sometimes the data is lost forever if the demanded ransom is not paid by the victim.
Hackers ask to pay ransom in the form of virtual currency such as crypto-currency (Bitcoin). Some of the other payment options that are used by the attackers include Amazon gift cards, iTunes, etc.
However, there is not any surety that the victim will get an access to their system or files, even after paying the ransom.
Ransomware technology works in many ways to gain access to one’s system, the victim is often asked to download some malicious software or by developing malicious links that are often mistakenly clicked by the victims. In this way, hackers launch this attack and lock all files that are present on the network or on a system. Another way to introduce a ransomware is by Malspam; to trick victims, cybercriminals use social engineering to send unsolicited emails, which appears to be legitimate to the victim. Another method is by Malvertising, these online advertisements can allocate malware to the system while browsing sites.
As far as the working of ransomware is concerned, it is found that on the deep web, ransomware kits are available that enable the cybercriminals to buy and utilize special software tools to create and distribute ransomware with particular capabilities that restricts the accessibility of the authorized users to their data or system.
It is a noteworthy aspect that the attacker does not have to be technically sound; simply by purchasing an inexpensive RaaS (Ransomware as a Service), the attacker can easily launch an attack.
What are the risks and how could you prepare?
Unauthorized access to the data and denial of service attacks can prove to be a major hurdle in the adoption of different digital health technologies such as Electronic Health Records(EHR) due to the sensitivity of the data involved.
These ransomware attacks have the power to compromise the security and day-to-day operations of the clinics, specifically by preventing the healthcare providers to have an access to patient files.
For ransomware hacker’s, hospitals or clinics are the most desirable places to launch this attack because they can easily practice extortions. In the contemporary era, clinics and healthcare organizations have started to rely on the internet for storing and retrieving patient information. Hackers take advantage of this scenario and launch ransomware attacks for compromising the integrity of data.
It is found that to avoid any delay in the delivery of patient care and lawsuits, clinics are more likely to respond to the hackers by paying the ransom. Once the stolen data is gone into the wrong hands, that is, the files that contain personal and financial information of patients, their health-related information, etc. the healthcare unit becomes more vulnerable. The situations that often occur are delayed care delivery, wrong diagnosis, and treatment, etc.
Clinics can strengthen their defence against these attacks by backing up their data on daily basis for the reason that most ransomware attacks are done where health organizations do not make back up copies of their data.
Substitute for backing up of data, clinics can defend the attacks by keeping golden images of their system and configurations. Clinics should also have some expert cybersecurity vendors to avoid the danger of ransomware attacks.
Furthermore, cybersecurity experts suggest the health organizations disseminate user education about such malware and to avoid the suspicious emails and advertisements that ask the users to click or to perform particular activities.
Following these activities could help the health organizations to get affected by ransomware.
|Recommended for you|
|Watch Tom Lysemose live hacking a medical app|
|New IoT security framework from CISCO for healthcare devices|
|Stop worrying about the safety of medical records: Cryptolab develops crypto search engine|
Recent attacks on clinics
Many recent reports have depicted recent ransomware attacks that have been done on clinics and health organizations. Kaspersky Lab (Cybersecurity Company) have reported that in almost 99 countries worldwide, which includes United Kingdom, Ukraine, Egypt, Italy, China, Russia and India, around 45,000 attacks have been reported. Many hospitals, specifically walk-in clinics in England have been hit down by this cyberextortion that resulted in creating a state of emergency.
In the year 2017, the case reported in South Korea’s Yonhap news agency, where a university hospital was affected by this attack. On the other hand, communication official in Indonesia reported that this attack also has affected two hospitals there. To worsen the situation, due to loss of data on computers, the most troublesome case was found in Britain’s clinics where they had to deter their patients from providing health services.
Becker review has revealed that 88% of the ransomware attacks are introduced to hospitals. A recent report of HIT Consultancy has also revealed that there have been around four thousand ransomware attacks that are performed on daily basis, during the year.
The dramatic increment in the ransomware attacks has been observed, as the figure of 6000 attacks per was around 1000 attacks per day, during 2015.
Another attack was launched on Women’s Healthcare Clinic Group (WHCGPA), which is ranked as second largest cyberextortion case reported by Data Breach impacting 300,000 individuals. In this incident, clinic reported that by this attack only a few files were encrypted and security vulnerability allowed a limited access to patients’ data and yet we are unable to identify whether any specific information was acquired regarding this incident. The clinic further adds that all the encrypted files were restored in time, without losing any data. Moreover, this incident caused no serious impact on health care services of the clinic.
Solutions to ransomware attacks
Many variants of ransomware attacks include WannaCry, Cryptowall, Samas, Locky, and TeslaCrypt. In addition to many defensive steps to prevent the ransomware attacks is to ensure making the backup copies of the data. In addition to this, it is also suggested to the clinics and healthcare organizations to avoid installing suspicious software. In addition to this, it is also important for the organizations to have anti-virus software to avert the potential risks.
Digital Guardian site is one of them to provide solutions to ransomware attacks. This software provides protection against cyber attacks, while efficiently detecting the external threat automatically and blocking the threats.
Most importantly, the hospitals and clinics must ensure the provision of training and awareness programs to educate the employees about the consequences of clicking on the phishing and malicious emails.
Another solution is provided by CounterTack, with its surveillance techniques, it attempts to investigate the operating system enabling clinics or any organization to respond to the threat of attack even before its encryption of data.
Image credit: www.pixabay.com