Forget the Old Viruses, Here Comes the Ransomware

/ /

13. 09. 2016

It is a lovely morning on your casual weekday. You arrive to your office on time and turn on your PC as you always do. While you are taking off your coat, the computer screen pops a message with this rough meaning: “Transfer 87 Bitcoins (50 000 USD) via this payment system or the database of your entire company will be irretrievably lost.” The lovely morning turns into a nightmare called ransomware.

Even thought you may have never heard of ransomware before, it has been known to cyber scene for few years already. Ransomware is a specific type of malware or virus which is downloaded to the company´s system through a personal computer or implanted when a router is hacked, but there are many other ways how this may be done. The malware then locks down as many files or websites as it manages to. But it does not stop there. Would you like to get your data back? First, you need to pay a specified amount of ransom to cyber criminals. Then, if you are lucky, the criminals will provide you with a unique decryption key that unlocks your files. If you are not lucky, the criminals managed to steal both your data and money.

The problem has lately escalated especially in healthcare industry where the data at risk happen to be critically sensitive. However, this is not the main reason why cyber criminals chose to attack healthcare systems. According to Craig Williams of Talos Research, “A lot of people in the healthcare industry—they set up websites in a kind of fire and forget fashion. They hire an IT guy, they get the billing system set up, hook it up to the website and then they never touch it again. That’s the perfect environment for this type of malware to thrive in because it’s not maintained. They have no full-time security staff and few if any fulltime administrators. As a result, the software just goes unpatched,” Williams says for Ars Technica.

Unfortunately, that is exactly what has been happening the past few months. Several different hospitals were attacked by ransomware in first half of 2016. According to International Business Times, there was a major malicious campaign hitting hospitals in the US, Japan and South Korea mainly, followed by other countries including Germany and the UK. Some of the attacks were successful and hospitals paid the ransom to criminals, e.g. Hollywood Presbyterian Medical Centre allegedly had to pay 17,000 USD in Bitcoins to hackers although the inside sources say the amount was much higher.

Luckily, there are solutions that prevent cyber criminality and protect companies from its damage. Companies such as Binary Confidence offer Active Security Monitoring– that is installing a probe into system that monitors the traffic and exposes ransomware downloaded directly or discovers secondary indicators, such as efforts to connect with Command & Control server and others. Since ransomware is usually spread in spam or through drive-by downloads with multiple phases, Active Security Monitoring is capable to catch all these phazes or at least alert on one of them. Another option of protection against ransomware is File Integrity Check, whose role is to launch alarm every time ransomware tries to encrypt important files.

Of course, there are other more complicated and customized solutions. One of them is to insert new directories composed of enormous number of other directories in order to slow down ransomware and substantially increase the chance of its exposure. Even though it is not the core business of Binary Confidence, the company can also backup client´s files well enough what appears to be the most effective prevention out there.

It takes incredible effort to combat cyber criminals. They are usually few steps ahead of public or private organizations but with help of security firms like Binary Confidence there is still a fair chance to catch up on them on time.

References:

ibtimes.co.uk, infoworld.com, arstechnica.com

[our manifesto]

Join our newsletter

Sign up to get the latest information and news from Binary Confidence.