NBC and several other news organizations reported Wednesday in an article about an encryption virus that has hit several U.S. Hospitals and crippled them so much so that they are seeking to pay the perpetrators to unlock their data. This is a staggering reality that saddens and angers me as an IT security professional.
What is an encryption virus?
Cyber attackers have developed a virus that will silently work through all common documents contained on your hard drive and encrypt them beyond recognition. Basically this means that all the 1’s and 0’s that make up your document files are scrambled according to a complex equation that makes reordering them almost impossible without a unique code. Once this process is complete and all your data is scrambled, you’re notified of this and asked to provide a sum of money to get the code to unscramble your data. There is typically a timeframe of 48 hours or something before the code is lost for good.
What can you do to prevent this?
Like any cyber attack, it usually requires you to open something. Be very careful of what emails you’re opening, or what windows you respond to on the Internet. As noted in the NBC article above, viruses usually hide themselves as PDF’s in emails posing as invoices. Many people think invoices are important and will often open them without question.
What can you do once infected?
Once this data is encrypted there is really no hope of unscrambling it. Your options are to pay the ransom, or in the best case retrieve the data from backup and tell the cyber attackers to bug off. I recommend the latter.
How should I respond.
The article above is saddening for two reasons. 1: Because of the devastation caused for everyone involved in cleaning up the mess. The panic, the anger, the loss of time and money are all things that organization, especially hospitals, don’t need to suffer. 2: because the hospitals in the article are considering paying the ransom. This is funding terrorism and furthering the research and development by cyber attackers for more sophisticated attacks. If no one paid, the hours of development and administration that goes into supporting this kind of cyber-criminal activity would be useless and these programmers would move on. But some people pay large sums of money because they panic, and they didn’t have a plan when the attack hit.
We come across encryption viruses every so often on a business network. So far we have had our customers critical and server shared data back within the hour. We then take the desktop or laptop that was infected and totally rebuild it for the person to have them back up and running in a safe environment within 24 hours. At Velox Systems, we spend a lot of time and energy making sure our customers have good backups at several points throughout the day so we know that if the unthinkable happened, we can get our customer back up and running in a reasonable time to sustain business.