The FBI released a warning about recent ransomware attacks. Find out more about those attacks and how to prevent them from happening to you.
The FBI recently released the following warning:
HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS
Ransomware is a form of malware that encrypts files on a victim’s computer or server, making them unusable. Cybercriminals demand a ransom in exchange for providing a key to decrypt the victim’s files.
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.
Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted healthcare organizations, industrial companies, and the transportation sector.
Recent Ransomware Attacks
Alabama-based DCH Health System
According to Tuscaloosa News, “The DCH Health System has made a payment to the hackers responsible for the crippling attack on its computer system that’s impacted operations at its three hospitals since early Tuesday morning.
Hospital officials haven’t revealed how much was paid, but said in a statement Saturday that teams are working around the clock to restore normal hospital operations.
“We worked with law enforcement and IT security experts to assess all options in executing the solution we felt was in the best interests of our patients and alignment with our health system’s mission,” system spokesman Brad Fisher said Saturday morning. “This included purchasing a decryption key from the attackers to expedite system recovery and help ensure patient safety. For ongoing security reasons, we will be kept confidential specific details about the investigation and our coordination with the attacker.”
There has been no evidence that patient or employee data was affected, he said.”
The recent ransomware attacks have caused The DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center to use emergency procedures by closing all three hospitals. They continued serving the most critical patients that were currently admitted.
Cyber Defense Best Practices
According to the FBI’s Warning, these are the best practices that could prevent these recent ransomware attacks:
- Regularly back up data and verify its integrity. Ensure backups are not connected to the computers and networks they are backing up. For example, physically store them offline. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data.
- Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware and how it is delivered and trained on information security principles and techniques.
- Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
- Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.
- Implement the least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. Configure access controls with the least privilege in mind.
- Disable macro scripts from Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office Suite applications.
- Implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular internet browsers, and compression/decompression programs, including those located in the AppData/LocalAppData folder.
- Employ best practices for use of RDP, including auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
- Implement application whitelisting. Only allow systems to execute programs known and permitted by the security policy.
- Use virtualized environments to execute operating system environments or specific programs.
- Categorize data based on organizational value, and implement physical and logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and network segment as an organization’s email environment.
- Require user interaction for end-user applications communicating with websites uncategorized by the network proxy or firewall. For example, require users to type information or enter a password when their system communicates with a website uncategorized by the proxy or firewall.
To avoid being a victim similar to these recent ransomware attack victims, you need to have a cybersecurity strategy in place. Not sure where to start? A risk assessment will help you discover any potential security gaps. We have helped hundreds of clients improve their security positioning with a risk assessment.