You arrive at your office, turn on your computer and see the message to the right. You try everything you can think of to get into your programs, but nothing works. Your data has been kidnaped.
You call your computer guy who rushes over. He tries 5-6 possible solutions without success.
He then says, “I recommend we wipe your computer, reinstall your software and use your backup copy to restore your data. You do have a backup copy, right?”
How Ransomware Works
A recent U.S. Government report found that on average, there are 4000 ransomware attacks per day. Millions of computers around the world have been locked by malicious programs that are designed to extort money from users. They have gotten money from businesses of all sizes, government departments (including police departments) and individuals.
The bad guys infect your computer, encrypt your data so you cannot use it, and then use an untraceable communication system (Tor) and an untraceable finance system (Bitcoin) to get your money. For example, the Hollywood Presbyterian Hospital attacker demanded $3 million to release its patient data. The hospital negotiated the price down to $17,000 and got its data back.
As of December 2019, the “Sodinokibi,” “rEvil” and “Ryuk” ransomware viruses are causing the most trouble. Healthcare practices and their online computer providers are being hit each day. The criminals demand payment or their data will be lost.
What to do if You Are the Victim of a Ransomware Attack
Health and Human Services would like you to do the following:
- Never pay the ransom, but to contact your local FBI Field Office Cyber Task Force or US Secret Service Electronic Crimes Task Force (secretservice.gov/investigation/#field) immediately to report the ransomware and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
- Report cyber incidents to the US-CERT (us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (ic3.gov).
- If your facility experiences a suspected cyberattack affecting medical devices, contact the FDA’s 24/7 emergency line at 1-866-300-4374.
Ransomware May Be a HIPAA PHI Breach
On July 11, 2016, the Health and Human Services Office for Civil Rights released a new HIPAA guideline on ransomware. Per the HHS, “A ransomware attack usually results in a ‘breach’ of healthcare information under the HIPAA Breach Notification Rule unless you can demonstrate (and document) that there is a ‘low probability’ that the information was compromised.” This easy-to-understand guideline explains how to prevent, report and recover from a Ransomware attack: www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
How to Block Ransomware Infections
Fortunately, you can reduce or eliminate your risk of such an infection with these steps.
- Never open an attachment from someone you do not know or even a suspicious email from someone you do know. In the second case, send the person you do know a new email asking about the attachment.
- Only download a file from websites that you completely trust. For example, a user manual that is not from the manufacturer’s website. If you open the file and do not see a user manual, you have been infected by something.
- Before clicking on a link on a website or in your email, roll your mouse cursor over the link before clicking it. You should see a small window pop up somewhere (e.g., near your cursor or at the bottom of your screen) that shows where the link will be taking you. If it does not look right, do not click it. For example, if you roll your cursor over this link: www.google.com, you will see it takes you to Google. This link takes you to Yahoo: www.google.com.
- Set up and use user accounts that do not have the power to install anything. Only the practice’s Administrator account should have this power. The Administrator should only use this user account for Administrator duties, not day-to-day work.
- Install and use anti-virus software.
- Keep all of your software up-to-date. Every time you get a notice to update your software, do it. These updates may block recently-discovered infections.
- Try not to install software from a company that you are not familiar with. If you are confident it will not open the door to a problem, read the “End User License Agreement” before you install it.
- If you use Windows XP or Windows Server 2003, upgrade to Windows 10 or Windows Server 2012 as soon as possible. Microsoft is constantly and automatically updating their latest software to protect your data better than ever.
- If you give a service technician access to your system, make sure to close the access when done and reboot your computer, as well. Do not allow 24/7 access to your computer system to anyone.
- Backup your data every night. You can use physical backups, like tapes or disks, you can backup your data online or, ideally, both. If you use physical backups, remove the disk or tape as computer viruses can access your backup copy if it is in your computer. To be completely safe, follow the 3-2-1 rule: three copies of your data, stored in two different formats, with one copy stored off-site.
- Make sure your backups are encrypted. Search the web for encrypted backup systems to find the best deals.
- Check your backup copies on a regular basis to ensure they are usable.
- Find a computer security person or company that can quickly help you, in an emergency. Ask them to run a scan to ensure a ransomware virus is not sleeping on your hard drive. A good place to start is bleepingcomputer.com.
- Consider buying ransomware insurance.
Learn more at krebsonsecurity.com/tools-for-a-safer-pc.