Last week, NBC News reported that Universal Health Services (UHS) was hit with potentially the largest medical cyber incident in U.S. history. A ransomware attack targeted UHS’s computer system, which consists of over 400 locations. The loss of access to data forced some hospitals to resort to recording patient information the old fashion way; with pen and paper. Many medication systems are also online, further impeding functionality of core services. This is only the most recent from a storm of ransomware attacks targeting major corporations, governments, schools, and the healthcare sector.
Ransomware has been a popular attack method in recent years. Victims often resort to paying the ransom to unlock their data in order to quickly restore operations - with the average payment reaching upwards of $84,000 in 2019 and jumping to $178,254 for the first and second quarters of 2020. This problem predates the COVID-19 pandemic, just look at the 70+ state and local governments that were victims in 2019. Like many problems though, COVID-19 has exacerbated this trend. However, there are steps that you can take to protect yourself against ransomware attacks.
It is better to be proactive and allocate a small portion of your budget towards cyber protection than to be caught in a scenario that could damage your bottom line, along with the data and trust of your customers, employees, and network. The more proactive one is in investing in cyber protection, training their employees, and executing a fully thought out cyber risk strategy, the less likely they are to be the next victim of a ransomware attack.
Ransomware, a malware that locks and encrypts a user’s computer or device, is most commonly deployed through email, via malicious links or attachments. To prevent falling victim to this common attack, follow these best practices:
- avoid clicking links from senders you do not recognize
- do not provide your login information unless you have just prompted a password reset
- use an email browser that displays warning banners for suspicious looking emails
- check the address to verify the sender is not imitating a well-known company
- Back-up important files in a separate location/network
Paying ransoms only incentivizes criminals and does not guarantee decryption of your data
Vetted Ransomware Options
The WhiteHawk Cybersecurity Exchange is vendor agnostic and continuously assesses the best third-party solutions for identifying, prioritizing, and mitigating your cyber risks. When it comes to affordable, impactful, and easy to implement solutions for ransomware; below are four options vetted by the WhiteHawk team.
- TrendMicro for email protection
- Sophos for protecting files from ransomware
- Bitdefender for advanced threat defense
- Mimecast for targeted threat protection
If Ransomware Still Happens
Notify your IT team immediately if anything seems wrong. The earlier you act on a breach, the more you can do to save data and recover from any attack. One indicator that your computer is infected with ransomware is being logged out of everything and having a “ransom screen” appear. Isolate the infected systems by disconnecting from your network or powering down if disconnecting isn’t possible to stop the spread of the ransomware. Notify the relevant individuals immediately (local law enforcement/FBI/CISA). The Treasury Department issued an advisory earlier this month stating that payments made to sanctioned groups or sanction-affiliated groups may break U.S. sanction rules. To find the most affordable, impactful, and easy to implement solutions tailored just for you, schedule a free 20 minute consultation with us.