Last Updated:

A Virus Won't Stop Ransomware

You operate a busy hospital and several affiliated clinics. At 3:30 in the morning
on a Friday, your entire IT network screeches to a halt—no one can access any
information, and all critical systems that run on the network are useless. The
icing on the cake is that you then received a notice demanding money to restore
your systems. This is a crisis of massive proportions. Your main hospital
immediately turns away incoming ER patients; you can’t accept any new
admissions; you postpone surgeries; and you must start moving patients to other
facilities. It takes several weeks to fully restore operations.

This actually happened to a health system in the western United States in 2019, and is an example of the growth of ransomware, and the threat it imposes on all kinds of organizations. Other attacks in California and Michigan actually putsmaller medical practices permanently out of business last year.

Ransomware started out as a consumer threat, demanding small amounts of
money such as $100 to “unlock” PCs and cellphones, and was mostly a scam that
preyed on the uninformed. Today, ransomware has matured into the largest,
fastest growing and potentially most malicious malware threat. Healthcare is
heavily targeted, but so are financial services, energy, education and
transportation, especially in instances where the criminal can target essential
Industrial Control Systems (ICs) and supply chains.

Other attacks include Distributed Denial of Service (DDoS); some are deployed
in massive numbers by Botnets; others are introduced by so-called Trojan
Horses, including Advanced Persistent Threats (APTs); and many are the result
of “insider” actions by disgruntled current or former employees. In short, no one
is immune.

How Do You Respond?

Given the increasing number and sophistication of these attacks, the best
response is to deter them with proactive IT protection systems, tools, processes,
and procedures.

One such tool is the WebHouse Auditor Service, an integrated “watchdog”
visibility platform that provides an unprecedented level of visibility, protection
and control of your enterprise IT systems. From a single platform, WebHouse
Auditor Service exposes security vulnerabilities, detects and reports anomalies in
user behavior, and identifies threat patterns and emerging issues in advance to
head off the prospect of actual operational damage including loss of or exposure
of information, which also leads to potentially catastrophic brand and
reputational damage. WebHouse Auditor works well with the Netapp product
suite, which provides industry leading data storage solutions. Netapp is a close
partner of WebHouse and our Auditor Service provides an extra layer of visibility
into their products.

If the worst does happen, it’s important to take the right steps as soon as possible
to stop the attack and work to restore service and access to vital information. And
the US Government does not encourage paying a ransom, if for no other reason
than even after paying, there’s no guarantee that the criminal will restore access
to your data and systems. They may in fact sell it to other criminals who will
exploit it, such as personal ID information such as SSNs, or credit card numbers.
If you are the victim of an attack, it’s vital that you immediately isolate your IT
systems and network from access to the internet and other services, and ensure
that “mirror” data centers and/or access to cloud-stored data are secured. You
should also contact your nearest FBI Field Office to report the event and request
assistance. In any event, you need to consider ransomware and other malware as
potentially business-ending threats, assume you’ll be attacked at some point, and
take every possible step to ward them off.