Brian Krebs reports that Henderson, KY-based Methodist Hospital recently fell victim to the "Locky" strain of ransomware and: "...says it is operating in an 'internal state of emergency' after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up." In response, security experts note:
Tim McElwee, President, Proficio says: "Cyber-criminals are clearly targeting larger organizations with new strains of ransomware. Its high profitability and remarkable success virtually guarantee its presence as a threat in the coming years as the security landscape continues to evolve at a rapid pace. Despite its seeming ubiquity as a threat, ransomware heavily targets a few threat vectors. There are steps any organization can take to harden their network against it. Backing-up data and systems enables IT to wipe machines clean, and user training is key - a well-trained user is the best protection against phishing attacks. Constant monitoring for indicators of ransomware is equally crucial, and can be internally done or through a managed security services provider for the industrial strength security that healthcare demands. These are among the first lines of defense we recommend."
Adam Laub, Sr. Vice President, Product Marketing, STEALTHbits adds: "Ransomware exposes a problem that every organization struggles with daily – an overabundance of access to systems and data at the individual user level. Whether users realize it or not, much of their access to data is facilitated through the use of all-encompassing “well-known security principals” These are essentially groups that every user in the organization is a member of, and they're often used inappropriately to provide access to data typically residing in File Shares and similar repositories.
"All-employee access groups are the exact type of data under attack by Ransomware. It’s like getting a key to your hotel room and discovering that it actually gives you access to many other rooms as well. All a would-be intruder needs to do is try it in each door. Ransomware performs the same process: it’s trying to spread and go from the initial machine, and infects massive file repositories with terabytes of data in a single step. If access rights to file shares were better controlled via groups with only the proper users, the ability for ransomware to rapidly spread far and wide would be drastically reduced.
"While virtually every study being conducted on the prevalence of crypto ransomware suggests attack volumes will continue to rise, there’s also a glimmer of hope for organizations looking to avoid becoming the next victim. Much like fighting the common cold, ransomware detection, prevention, and damage mitigation requires both internal and external remedies.
"Traditional signature-based detection and prevention capabilities catch known variants of ransomware at the perimeter, whereas new and existing capabilities in pattern- and behavior-based activity detection are effective for quickly identifying what’s slipped past the gate and makes it inside. Additionally, routine backups of data, cyber insurance policies, and adoption of known best practices such as the clean-up and consolidation of sensitive data assets further mitigate the actual damage that can be done in even the most successful ransomware attacks."