In February 2016, hackers intruded in the computer network of Hollywood Presbyterian Medical Center in Los Angeles, CA. After encrypting sensitive medical information, the hackers and the hospital negotiated a ransom of $17,000 to return the files.
The hackers were able to get into the hospital’s system through a malicious file called ransomware. Ransomware is a form of malware that invades a target computer and encrypts data, so that users can no longer access their files. The most common ransomware programs are CryptoWall, Locky and TeslaCrypt.
After scanning an infected hard drive for common file types, such as media files and documents, the software will encrypt those files, hiding them in in a coded message. Only users with an encryption key, a more complex version of the Ovaltine decoder rings, can read the files.
The ransomware will then leave a note in the desktop with instructions to pay a ransom for the key. The message often threatens to raise the ransom amount if it is not paid by a deadline. It may also demand that the target transfer the ransom money to a pre-paid account or through Bitcoin, a digital currency that keeps transactions anonymous, so that the ransom cannot be tracked back to the hacker.
Ransomware often uses AES-256 and RSA encryption. Breaking the code would take a government-sized institution an unreasonable amount of time. It is simply easier for businesses to pay the ransom.
Data recovery software may be able to recover your data on the attacked drive, since ransomware often makes a copy of the file to encrypt, and deletes the original copy. However, more recent ransomware may try to overwrite drive sectors when the victim tries to recover the original files. Victims may risk losing their files altogether.
The FBI’s Internet Crime Complaint Center reported that ransomware cost its victims more than $18 million between April 2014 and June 2015. The most common sources of ransomware attacks are malicious links, pop-ups, and file attachments from unsolicited messages. Prevention is the best way to stop ransomware from costing your business lost data, money, and time.
Here are a few tips to prevent ransomware from harming your business.
- Frequently back up your files to an offline source to recover your data in the event of an attack.
- Be wary of vague emails, phone texts and social media messages with unfamiliar links and unsolicited file attachments.
- Apply the latest patches for each computer’s operating system and antivirus software.
- Always keep the firewalls to your network on.
- Install an ad or pop-up blocker on your network’s web browsers. (If your business relies on web ad revenue, weigh the risk between lost ad income and security. Make exceptions for trusted sites.)
- Use the same precautions on your phone as you would a computer when on a network.