As you are probably aware, the number of publicly announced ransomware attacks seem to be going up geometrically. Some examples in the last month include:
- Hollywood Presbyterian Medical Center – their systems were down for 10 days until they paid a ransom
- Henderson Kentucky Methodist Hospital
- Desert Valley and Chino Valley hospitals in Southern California
- Now it is Medstar Health in DC – 10 hospitals and 250 clinics
- Norfolk General and Ottawa hospitals in Canada
- And probably many others that have not made the news
As a result of these attacks and others, the U.S. Department of Homeland Security Computer Emergency Readiness Team (US CERT) in partnership with the Canadian Cyber Incident Response Centre (CCIRC) issued a ransomware alert.
The alert says, among other things, that paying the ransom does not guarantee your files will be decrypted. It also does not guarantee that the malware will be removed from the infected systems.
The alert made some recommendations:
- Keep all of your software up to date – operating systems, applications, mobile, desktop and server.
- Maintain current anti virus software and do real time file scanning
- Restrict users permissions to install software – use the principle of least privilege
- Avoid enabling macros from email attachments
- Do not follow unsolicited web links for emails
While these recommendations are not earth shattering, they are reasonable steps.
The FBI has been telling people that they may well have to pay the ransom because there is not much that they can do, the CERT alert is telling people not to. The FBI is being practical; CERT is being philosophical. When your files are gone, it is hard to be a philosopher.
One thing that the alert does not say is that good, current, off line backups, a disaster recovery plan, a business continuity plan and an incident response plan are critical in case of any cyber security incident. The hospitals that were successful – that got back online, quickly, with minimum disruption all had good backups and plans.
Are you ready? All it takes is one employee clicking on the wrong link.