Petronella Blog Archive

Visit our New Blog

Spike in Ransomware

Blog Post

In the past couple weeks we have put out several articles about how hackers have been ramping up ransomware attacks on the health care industry in which cybercriminals encrypt a victim’s files then demand money to unlock them. Law enforcement has reported that there were 321 instances in the second half of 2015 alone.

The more attacks there are, the more hackers can fine tune their strategies. For example, rather than attack individuals, thieves are increasingly going after businesses. MISL/Samas, one of the newer strains of ransomware, now encrypts entire networks rather than individual computers. The March 28 attack on MedStar Health that forced the health care provider to shut down many of its systems was typical of a MISL/Samas attack.

While the newest strains of ransomware are far more damaging, most of them are still spread through phishing emails. These newer versions make computers unusable by encrypting the file system structure whereas older versions such as CryptoLocker, CryptoWall, and Locky, encrypted files but left the computer functional.

Most business are not putting enough effort into training and protection against ransomware attacks and in most cases wouldn’t fully understand an attack if it were to occur. Consequently hackers can easily stay ahead of efforts to defend against them.

Complicating things even further is that many organizations, like Hollywood Presbyterian Hospital, are paying off hackers. In that case, due to a lack of backups and a recover protocol, the quickest way to get their systems up and running again was to pay off the criminals.

Situations like this are a major concern for the FBI, because the high profit margin for ransomware attacks make it increasingly more appealing to criminal organizations. This is fairly easy to see in the massive spike in attacks. With 60-70% of victims paying the ransom, it only makes sense it would lead to more ransomware.

Organizations need to begin to take ransomware attacks seriously and start training their employees to be able to recognize phishing emails. Secondly, they need to develop robust backup and data recovery policies, especially in the health and finance industries. Otherwise, being a victim is only a matter of time and paying a criminal enterprise to regain access to their systems is an inevitability.

In order to better protect yourself from being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.