Protect Your Agency from the Growing Threat of Ransomware
Law enforcement agencies, public hospitals, and healthcare facilities are easy targets for ransomware hackers, according to cybersecurity experts because of their vast networks, and employees who are unsure how to safeguard against such attacks.
The media is abuzz with news of recent ransomware attacks on millions of Apple computers, but The Department of Homeland Security and the Multi-State Information Sharing and Analysis Center are warning that cyberattacks against emergency services and the healthcare industry are occurring more frequently.
Ransomware infections, most notably the Cryptowall and Cryptolocker, encrypt the contents of the victim's hard drive and then demand a payment, usually via a bitcoin transfer or other hard-to-trace path, before they will decrypt the files. Essentially, hackers hold user data or a computer system hostage until they are paid.
In February, Hollywood Presbyterian Medical Center in Los Angeles suffered a ransomware attack and could not access its computer systems for 12 days. As the Guardian reported, the hospital regained access only after it relented and paid the attackers $17,000 in bitcoins.
Last week, Melrose Police Department in Massachusetts purchased a bitcoin for $489 and gave it to cybercriminals to regain access to its network after they infected a detective’s laptop with an email virus, according to the Melrose Free Press.
Last December, The US Senate Committee on Homeland Security and Governmental Affairs penned a pair of open letters to the Department of Homeland Security (DHS) and Attorney General Loretta Lynch, asking the two offices to deliver full reports on how they deal with ransomware, and if any agencies have paid off hackers to unlock their files.
On Monday, a committee aide told Nextgov that staff still are reviewing responses from the government, since some of the answers were just received.
Bracing for an increase in attacks, DHS has offered a list of best practices for first responders and emergency system operators to follow to avoid vulnerabilities.
• Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
• Maintain up-to-date anti-virus software, and keep operating systems and software up-to-date with the latest patches.
• Be cautious about all emails received, including those purported to be from “trusted entities,” and be careful when opening links within those messages.
• Do not input personal information or login credentials in pop-up windows or links within an email, and do not open attachments or click on links in unsolicited emails — access the links by navigating to the organization’s website directly.
• Look for uniform resource locaters that do not match a legitimate site, but appear to be associated with the site through small spelling variations or different domain names (.com vice .net).
• Be wary of downloading files from unknown senders. Malicious code can be embedded in commonly emailed files, such as .doc, .pdf, .exe, and .zip; and be particularly cautious of double file extensions (evil.pdf.exe).
• Only download software from trusted sites, and enable the feature to scan email attachments before downloading and saving them to a system or network.
Posted in General News