We all know not to negotiate with criminals. It sounds easy. However, as Hollywood Presbyterian Medical Center in Los Angeles can attest; it’s not so simple. When their communications systems were seized and held hostage by ransomware in February 2016 the refused to negotiate with the cyber criminals. After a 10 day standoff, in which staff at the 434-bed hospital were forced to operate by pen and paper, they admitted defeat and met the demands of US$17,000 to regain access to their system.
This is becoming more and more common. We are increasingly hearing stories of ransomware attacks – malicious software locking up a computer or network until a ransom is paid. Typically, payment is demanded in Bitcoin as it is untraceable.
Hackers access institutions by targeting individuals. Corrupting an individual employees system often grant access to the entire network.
Cybercrime is becoming increasing difficult to trace and prosecute. So much so that the FBI cybercrime chief Joseph Bonavolonta told securtiy experts earlier this year the he “often advises people just to pay the ransom”.
Techbuy have advised of the following actions which can be taken by an organisation to mitigate their exposure to loss:
Ransom Trojans aren’t difficult to remove—some of them even remove themselves. If you’ve got backups, then just remove the Trojan, recover the files from a backup, and hope the user at fault has learned a lesson.
Keep software up to date
Some ransom Trojans target user carelessness—click this link, open this attachment. Others exploit holes in software. Patch your software, especially those from popular vendors. They’re the first ones hackers will probe for vulnerabilities because they have the most customers to hold hostage.
Ransomware writers love to disguise a program as an invoice, an “urgent” document, or a notification that you’ve missed a delivery. These are often hidden in ZIP archives, so filter those (and executables in general).
Show file extensions
Make it harder for the authors of ransomware to hide their intentions because you’ve allowed Windows to hide the file extension. If a file is really called “Invoice.doc.exe,” then you shouldn’t allow it to present itself to the user as “Invoice.doc.”
Forcing Windows to call an executable an executable gives your users at least a fighting chance.
Restrict user privileges
One infected user can’t bring down another user if they don’t have access to their machines in the first place. Giving a machine access only to what it really needs makes it harder for your network to fall like a line of dominoes.