HHS Releases New Guidance on Ransomware
One of the top newsmakers of 2016 has been ransomware. During the first half of this year, ransomware grew 300% to 4,000 daily attacks! But several high profile attacks of hospitals really put it in the spotlight. Although it has been around for several decades, in the past 4 years, Russian groups have further developed its capabilities and propagated its use worldwide. The dark web or darknet also significantly contributed to the increase in ransomware attacks due to its black market for such products.
It is typically delivered as a Trojan; that is it looks like a legitimate product or download, but in reality it is malware. It can be delivered encrypted so your antivirus software cannot detect it. Once on your network, it seeks your data and encrypts it so you cannot access it. Some recent versions encrypt your on-line backups first, then attack your active files to further increase the chance of you paying the ransom. Once your data is encrypted, a message will appear directing payment, usually in digital currency like Bitcoin. The FBI has established that specific versions of ransomware have netted their organizations at least $30 million, so if you are a victim, you can expect to see significant ransom demands. If their demands are met, the criminals say they will send you the key to decrypt your data. Numerous instances have been recorded where ransoms were paid and the key was not provided, and data is often stolen to further the culprit’s profits.
That is why Health and Human Services (HHS) has recently issued a new guidance on ransomware. The Guidance can be found at: http://www.hhs.gov/blog/2016/07/11/your-money-or-your-phi.html and the Fact Sheet: http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
If you are the victim of ransomware, you will need to implement your contingency plan and rebuild your IT systems using your backups. Not nearly as trivial as the sentence implies! Do you have a contingency plan? If so, is it current? What about your backups? When is the last time they were tested, that means a full restore from the backup media? This is why practices are so vulnerable to ransomware and criminals can reap tens of millions of dollars. Take a hard look at your situation. Be realistic and get help if you are not prepared.