Watch out! More ransomware attacks incoming

Posted on Monday September 04, 2017

Ever since the WannaCry and Petya ransomware outbreaks, healthcare organizations have been on their toes. But just when they thought they could relax, a new strain of ransomware has come along. A “Locky-variant” ransomware campaign is currently underway, and it's every bit as dangerous as previous ransomware attacks.

Using old tricks The new ransomware strain, known as ‘IKARUSdilapidated,' behaves the same way as other Locky variants. Hackers use carefully crafted emails to trick users into downloading and opening a ransomware-infused docx, pdf, jpg, or zip file that has the power to encrypt all local files. Even filenames are converted into a random 16-character combination followed by a “.lukitus” file extension. Once everything is locked down, the ransomware demands a payment made in Bitcoin to release the files.

According to recent reports, over 23 million ransomware emails were delivered on August 28, and potentially thousands of users could have been already infected by the ransomware.

While most hardened security measures can detect the original Locky code, hackers regularly evade detection by updating it just enough to become unrecognizable. As a new variant, IKARUS is often identified as an “unknown file,” allowing it to slip through outdated security tools. What's more, the fraudulent emails are more convincing and far more difficult to spot.

Healthcare still at risk Although many healthcare companies have been dealing with ransomware for years, there's little guarantee that they can prevent attacks. The healthcare industry is an especially lucrative target because they manage a huge amount of patient information that they can't afford to lose, which means they're more likely to pay the ransom.

In fact, research shows that 88% of all ransomware attacks were aimed at the healthcare industry in 2016, costing approximately $6.2 billion, and that amount is expected to increase as hackers continue to reuse and recycle successful ransomware campaigns.

Most firms are slow to update their software, fail to run basic security tools, and haven't implemented a rigorous security program from a managed services provider, making it easy for hackers to pick them off. Additionally, healthcare employees usually don't receive (or have time for) comprehensive security awareness training, leaving them vulnerable to even the most basic ransomware attacks.

What can you do? Like it or not, hackers will continue to churn out more ransomware that is as dangerous as Locky, but there are some things you can do to keep your servers and patient data safe.

• First of all, update your systems diligently. Many of the clinics and hospitals affected by WannaCry were caught with outdated and unsupported Windows XP computers, so make sure you're running the latest operating system and checking for updates as frequently as possible.
• Second, set your firewalls, intrusion prevention systems, email protections, and antivirus software to forbid downloading or opening unknown file types until they're verified as safe. This should shield you from newly developed ransomware strains.
• Next, provide your teams with security training seminars. Encourage them to keep their guard up when browsing the internet by putting up ransomware prevention posters or email reminders throughout the clinic.
• Finally, consider hiring a managed IT provider that will regularly back up your files. If ransomware ever locks down your local system, offsite backups will help you recover encrypted files without giving in to the hacker's demands.

If these measures seem like a lot of work for your company, call our managed healthcare IT experts. We'll make sure that ransomware never puts your practice out of business.