Ransomware: A Prescription for Prevention

[Editor’s Note: Especially in the past few years, cybercrime has skyrocketed at an alarming rate as criminals increasingly find opportunities to target businesses, causing unimaginable chaos from data breaches to attacks on the supply chain. To help businesses shore up their digital defenses, we’re publishing a 5-part series about cybersecurity, covering topics from the benefits of the cloud to multi-factor authentication. In part 1 of this series, we look at ransomware attacks on healthcare facilities, how organizations may prevent such incidents, and what to do if they do. To view the other parts of this series, scroll down to the end of this article.]

Ransomware: A Prescription for Prevention – Part 1 of 5

Healthcare facilities are frequent targets of cybercriminals for ransomware attacks. After all, they’re storehouses of gigabytes of confidential information that can be used to commit identity theft and other scams.

According to a Sophos report, more than one in three healthcare organizations globally reported being hit by ransomware in 2020. So, what can you do to prevent being the victim of a successful ransomware attack? We take a closer look here.

Not If, But When

Cybercriminals know that the more targets they have, the higher their chances of successfully deploying a lucrative ransomware attack.

Knowing that it’s only a matter of time before your clinic, hospital, or other medical facility falls within their crosshairs is the first step to prevention. On the other hand, denying the problem is the first step to disaster.

A Different Kind of Hack

Contrary to what movies and television would have you believe, ransomware doesn’t result from the efforts of hackers breaking into your system through code-busting algorithms, and system overrides.

The reality is cybercriminals hack the human mind by tricking your employees into deploying the ransomware for them. Their delivery mechanism for this malicious payload is your company’s email.

By sending fake but convincing messages, they get recipients to click links or download malware that quickly spreads throughout your network, locking it down and locking you out. These ‘phishing’ emails typically blanket your organization, with the goal of one person falling for the scam with a click of a mouse.

A more sophisticated method, called ‘spear phishing,’ targets a specific individual in your organization using open-source information available online and personal details found on social media.

For example, cybercriminals might target an administrator in your clinic who posts pictures of her dog on Instagram with an email that appears to come from her veterinarian about a heartworm test. When she clicks the link to see the results, the ransomware attack begins.

Any Email Will Do

There’s a reason cybercriminals use email to deploy ransomware attacks. First, virtually every medical facility (and organization, for that matter) uses it. Second, they can take many approaches and tactics when crafting email messages.

These include offers for free merchandise for your facility or an executive profile on an industry-related site. Or notices of patient privacy violations or pending legal action. Cybercriminals will stop at little to find an angle that works and go to great lengths to appear convincing.

Recognize the Signs

Phishing and spearphishing emails may vary widely in approach, tone, look, and feel, but they usually share the following traits. Knowing how to recognize them is the first step:

Appeals to Emotion

Cybercriminals like to put targets off guard with emotion-baiting claims that get them to click without thinking things through. An alarming subject line, such as ‘Class Action Suit’ or email content threatening immediate legal action, is common. Appeals to ego, such as an offer for a flattering professional profile, have proven successful as well.

Composition Issues

While phishing has gotten more sophisticated, telltale signs such as grammar mistakes, typos, or a tone that feels off still occur. Incorrect logos, images, or colors in emails posing as reputable brands are additional clues the email is fake.

Technical Giveaways

An address field that is completely empty or filled with names you don’t recognize is a sure sign of phishing. Another is a sender email address with a domain name (the part after the @ symbol) that doesn’t make sense or looks suspiciously spoofed, like goog1e.

Weird Attachments and Links

Be wary if an email includes an attachment with a file type you don’t recognize. Emails that include long links of gibberish or simply links and no text are also suspect.

Hyperlinks, images, or words you can click can also be troublesome. However, hovering your mouse above them without clicking may reveal the real web address.

Awareness Training is Key

Your facility’s email network is your front line of defense against ransomware-deploying phishing and spearphishing attempts. As such, everyone with an email account should be able to recognize the signs of phishing. An online search of phishing awareness training will reveal several resources that can help.

Don’t Pay the Ransom

Let’s say your medical facility is hit with a successful ransomware attack despite your efforts toward training and prevention. If you’ve done some preparation, you can deny the requests of your attackers and continue operating without disruption.

How? First, you must regularly back up all your data on a separate network or in the cloud. In addition to being an everyday best practice, having backup files can be a lifesaver in a ransomware situation.

Furthermore, paying ransomware once puts your clinic on the list of targets worth hitting again, and repeat attacks are known to happen. Denying the ransom tells your attackers to move along to more attractive targets, and in most cases, they will.

Part 2: Making the Case for Multi-Factor Authentication

Part 3: Protecting Your Cloud-Based Enterprise: It’s Everyone’s Responsibility

Part 4: The Hidden Risks of Mobile Devices and Removable Media

Part 5: Protecting Your Remote Workforce from Cybersecurity Threats