Advice for health provider organisations
Ransomware attacks across the internet have been increasing over the last three years. People are tricked into becoming victims of ransomware through various means: phishing emails containing web links or attachments, visits to infected websites and malware hidden in content (files, photos etc) downloaded from the internet.
Any data stored on anything that is somehow (or has been) connected to the internet is vulnerable to a ransomware attack. Hospitals and medical facilities around the world are potential targets, along with every other individual or organisation. Ransomware poses real and significant risks – we can't ignore the threat.
How ransomware attacks
Ransomware is a type of malicious computer code (malware) that restricts access to a victim’s infected computer system, or the information stored on it, and demands that a ransom be paid to the malware operator to remove the restriction.
Once embedded in the victim’s computer systems, the ransomware may sit quietly in the background for some time, spreading itself around. Eventually it activates, locking the victim’s systems, or encrypting the information held on them, while displaying a demand to pay the ransom. Sometimes a countdown timer is also shown on the screen to remind the victim that their files are going to be deleted if they don't pay up promptly.
Fortunately there are a lot of actions we can take to reduce vulnerability to this threat.
Dealing with ransomware: at home and at work
Think before you click. If it looks suspicious, it probably is. Opening unsolicited emails, especially those with (often booby-trapped) attachments or links to unexpected websites, is very dangerous. For expert advice on how to work out if an email that has been sent to you can be trusted or not, see How to spot a suspicious email attachment.
Think before you connect. Don't plug in devices to your computing equipment that don't belong there. This includes turning off Bluetooth and Wi-Fi when you don't need it. Charging non-work cell phones and music players at work from anything other than mains power chargers can potentially spread computer viruses or lead to data being sent out to the bad guys without you realising it. Likewise, don't connect your work devices into non-work systems unless that's already authorised.
Disable macros, automatic downloading of fonts etc in documents downloaded from the internet, and disable autorun on your computer. Deception has become the game here with ransomware even being hidden inside fonts and macros. See Ransomware attack infects victims through PDF-borne spear-phishing campaign for more information.
How to disable these features for each operating system, application suite, or program will differ as the menu structures for those things differ. If having those features disabled is not already the default in your standard operating environments (your computer’s configuration), then look for a FAQ posted by your IT Service Provider that provides guidance on how to do disable those features, or ask them to do it.
Use accounts with minimum access rights. If you have administrator or power user/super user accounts, then don't stay logged on with those elevated privileges for longer than necessary. Ransomware wants to grab those elevated privileges (that have additional access) and propagate itself across everything it can see.
Apply security patches as soon as possible to minimise security vulnerabilities that can be exploited by the bad guys, and use only software that is currently maintained for its security patches. More annoying than waiting a few minutes for security patches to be installed is waiting a few days or weeks for your data to be restored after your system has been denied to you by ransomware – it's an easy trade off decision, so it’s best to do the right thing.
Place critical data in secure places that you know will be backed up and can be restored from. Backup systems and files should be disconnected and offline when not required because ransomware is now also targeting backups to make it harder, if not impossible, to restore your data.
Update anti-virus solutions and keep them running along with other malware protection measures. Don't switch them off. These protective measures don't stop everything but they do keep the general background noise of computer viruses and other badness away to allow the big nasty stuff to be dealt with.
Report security and privacy breaches quickly. The quicker they are reported, the quicker their spread can be stopped, and targeted advice to mitigate them can be published.
Keep up to date with security advice.
- Netsafe provides security advice for general readership.
- The National Cyber Security Centre (NCSC) provides technical advice relating to the latest or most prevalent infection techniques.
Following all of this advice will greatly reduce your vulnerability to the most common forms of ransomware.