To pay or not to pay, that is the question

Who’s settling the ransomware bill?

Well resourced and IT literate professional firms have been key targets for ransomware attacks - some pay the ransom, others choose not to - but the effects can be just as damaging either way.

In what was quite a stupid move, Hancock Health has just paid $55,000 to restore access to its systems after a ransomware attack.  Even if it all went smoothly, they’ve just informed the world that they’re vulnerable and open to paying ransom demands.

 

Paying the ransom may not help

Bingham County, Idaho chose to pay their ransom back in February 2017 but soon discovered that the reality of restoring a complex IT system that had just had all its files disabled wasn’t quite that straightforward.  The ransom was just $3,500 but the total clean-up bill is an estimated $100,000 and systems will take “up to a year” to fully restore.

 

It can be expensive either way

In the case of Erie County Medical Centre, the management team realised that not paying the $30,000 ransom would be expensive.  Restoration of systems has cost around $10,000,000 and has taken around six weeks.  The reality is, however, that paying the ransom would still have incurred the same $10,000,000 in restoration costs.

 

They behave like criminals

When Kansas Heart hospital paid a “small, undisclosed amount” to attackers, it was assumed they’d keep their side of the bargain.  Instead they only decrypted some files and then demanded a second ransom for the remainder.  At this point the hospital decided not to pay up, realising it was no longer “a wise manoeuvre or strategy”.

 

Securing your network is cheaper

Almost all of the recent the ransomware attacks on healthcare providers have been through a brute-force attack on RDP – the Windows Remote Desktop Protocol on port 3389.  We were advising firms to prevent access to these ports fifteen years ago – and their continued use in 2018 is absolutely crazy.

There are simple, practical ways to provide secure access to RDP using fixed and mobile VPN solutions.  Correctly configured, these can offer excellent protection – and remove the low-hanging fruit of an open RDP port.

 

Don’t forget your endpoints

There is a new generation of endpoint protection which can help to prevent ransomware attacks spread via phishing e-mails.  Rather than relying on traditional signatures, they can detect and prevent the characteristic behaviours which can be seen in fileless attacks which are becoming increasingly common.

 

Cloud providers, please take note

Open RDP access is common on cloud / dedicated Windows environments.  There are plenty of tools out there to automate the detection and attack on RDP – you can even scan every device on the Internet in minutes.

Providing customers with a reliable VPN solution – and a hardened environment with physical firewalls and appropriate security policies already in place for interactive logins – is essential in today’s world.

Posted

17th January 2018
(6 years ago) under

Comment

Tags

Brute force   Healthcare   Ransomware   RDP  

Discover Brand:fire

Get an independent view of your cyber security.

Download brochure or Contact Us