NBC and several other news organizations reported Wednesday in an article about an encryption virus that has hit several U.S. Hospitals and crippled them so much so that they are seeking to pay the perpetrators to unlock their data. This is a staggering reality that saddens and angers me as an IT security professional.
What is an encryption virus?
Cyber attackers have developed a virus that will silently work through all common documents contained on your hard drive and encrypt them beyond recognition. Basically this means that all the 1’s and 0’s that make up your document files are scrambled according to a complex equation that makes reordering them almost impossible without a unique code. Once this process is complete and all your data is scrambled, you’re notified of this and asked to provide a sum of money to get the code to unscramble your data. There is typically a timeframe of 48 hours or something before the code is lost for good.
What can you do to prevent this?
Like any cyber attack, it usually requires you to open something. Be very careful of what emails you’re opening, or what windows you respond to on the Internet. As noted in the NBC article above, viruses usually hide themselves as PDF’s in emails posing as invoices. Many people think invoices are important and will often open them without question.
What can you do once infected?
Once this data is encrypted there is really no hope of unscrambling it. Your options are to pay the ransom, or in the best case retrieve the data from backup and tell the cyber attackers to bug off. I recommend the latter.
How should I respond.
The article above is saddening for two reasons. 1: Because of the devastation caused for everyone involved in cleaning up the mess. The panic, the anger, the loss of time and money are all things that organization, especially hospitals, don’t need to suffer. 2: because the hospitals in the article are considering paying the ransom. This is funding terrorism and furthering the research and development by cyber attackers for more sophisticated attacks. If no one paid, the hours of development and administration that goes into supporting this kind of cyber-criminal activity would be useless and these programmers would move on. But some people pay large sums of money because they panic, and they didn’t have a plan when the attack hit.
We come across encryption viruses every so often on a business network. So far we have had our customers critical and server shared data back within the hour. We then take the desktop or laptop that was infected and totally rebuild it for the person to have them back up and running in a safe environment within 24 hours. At Velox Systems, we spend a lot of time and energy making sure our customers have good backups at several points throughout the day so we know that if the unthinkable happened, we can get our customer back up and running in a reasonable time to sustain business.
There are several types of threats out there that you probably hear about on a regular basis from the new media, social media, or internet forums. There are two basic categories to this, viruses and malware. Of course, by its definition viruses are malicious software and therefore could be considered malware, but in technical nomenclature we single out viruses as their own category.
The truth is that in the last five years, malware has become much more prominent than computer viruses and we see it more and more every day. So what is the difference between a Virus and Malware?
A Virus is a self-replicating software that causes your system to malfunction and tries to copy itself to other systems on your network to destroy as much as possible. Viruses are spread through email, network connections, and black-market websites.
Malware is software that is aimed at making the developer money. Malware can log your keystrokes such as when you log into a banking account. Malware can collect sensitive data on the network, or it can try to get you to provide sensitive information by prompting you. This information is then packaged and sent back to the developer for their use to exploit you, advertise to you, or otherwise spam you with further money-making schemes.
So what can you do to prevent attacks?
- Stay away from any questionable sites that harbor viruses and malware. Any site that offers information for illegal or inappropriate activity are a source for malicious software. These include hacking sites, pirating sites, torrents, adult sites, “free” TV episodes or movies, etc.
- NEVER provide your credit card information or banking account information to any software application on your system.
- ALWAYS make sure your banking website looks exactly as you expect. If you see any strange images or spelling, it is probably not authentic.
- If you ever notice suspicious behavior on your system, please contact the helpdesk immediately.
Several customers have reported getting an email containing a Dropbox link. These emails are coming from people they know. This is likely a result of the senders email being hacked and used to send malicious email to the victim’s address book on behalf of the spammer.
Two things you need to watch out for:
- Be very cautious opening an email containing a link to Dropbox. This is a common means of getting you to download malicious software
- Don’t be a victim of this kind of attack! Ensure your email password is complex for services such as Gmail, Microsoft email, Hotmail, etc. Check out our post on password security published last year: PASSWORDS EXPLAINED – WHY SHOULD MY PASSWORDS BE COMPLEX?
ANYONE CAN PROMISE DISASTER RECOVERY, BUT WHAT’S YOUR BUSINESS CONTINUITY PLAN?
At Velox Systems, we know our customers trust us to power and protect their most valuable assets and data. This doesn’t just mean we promise a backup of critical data, it means that we fight to provide business continuity when disaster hits.
For instance, if your current IT System Administrator is performing a backup every night using the standard server backup software what happens when disaster actually strikes?
Will you data be recoverable? Only from the previous day. If disaster hits at the end of the day, all collective changes over the last 6-8 hours will be lost
How soon will you be able to get the company running again? If you experience a total hardware failure of the server, you’re looking at days to replace the hardware and then hours to re-construct the server software and re-load the data.
Many organizations can’t afford this kind of down time. You see, it’s not about how much data you’re backing up, or even how often. It’s about your plan to resume business operations after the disaster strikes. This is where we focus our attention
Velox Systems offers several levels of Business Continuity solutions depending on the needs and budget of your organization. We can provide operation recovery times in as little as just a few hours from a system-wide disaster event.