Ransomeware: Are You Safe?
Have you heard the news about the ransomware attack that crippled MedStar Health, one of the largest healthcare providers in Maryland and Washington, D.C.? The virus reduced their operations to pen and paper efforts after its networks were attacked by the virus, which encrypts files on computer systems and holds the data on them hostage until the victim pays up.
Our in-house Systems Administrator and overall security guru, Mike Hughes, acted quickly and sent out an interoffice memo to all of Visionary's employees to make sure we were aware of the increase in email phishing attacks, understood what ransomware is, and know how to keep our computers and accounts safe.
This is what his memo said:
Good morning team,
Just wanted to make you aware of an increase in email phishing attacks that is affecting businesses and hospitals recently. The entry point is usually an unsolicited email with an attachment.
An example might be something that purports to be from your bank or another service you use, and the attachment might be a past-due bill or invoice. Macros, or automated steps in a document can be used to take over your computer. When written properly anything you can do, the macro can do. If you can edit a file on a drive, the macro could edit that same file.
What ransomware does is quietly reach out to all available network resources and encrypts every file it has access to. These scripts may lay dormant and only run after hours – this is why we have a policy to turn your PC off at the end of the day. The "ransom" part comes from a built-in payment system that accepts payment using anonymous methods to deliver $200 - $5,000 to the thief in exchange for the decryption key. From what I’ve read, this usually works, but there is certainly no "customer service" number to dial if it doesn’t.
If a recent backup is unavailable or is also encrypted, the likelihood of recovery is bleak. Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office, says: “The ransomware is that good… To be honest, we often advise people just to pay the ransom.”
While the most likely point of entry is unsolicited email messages, any other exploit can get this going such as a malicious advertisement that makes its way onto a trusted website.
Take precautions when exploring outside websites, even if Google linked to them. Many people are under the impression that a link in Google is safe. It is not. While Google has some basic methods to try to screen malicious sites out, any changes made since the page was last crawled are unknown.
Thanks, and have a safe day!