With the recent WannaCry attack, ransomware is back in the news. Around 200,000 systems were hit by this malware, which blocked doctors from gaining access to patient files and forced emergency rooms to send people away. Unpatched Windows XP and Server 2003 systems were the culprit of this mass ransomware worm, which spread around the world via a few email link clicks.
What is ransomware?
As a refresher, ransomware is a form of malware that targets critical data and systems for the purpose of extortion. It's frequently delivered through phishing emails. After the user has been locked out of the data or system, the cyber attacker demands a ransom payment in order for the user to (supposedly) re-gain access.
How can you protect your networks?
Infected with ransomware? Do this.
To pay or not to pay.
There are serious risks to consider before paying the ransom. USG does not encourage paying a ransom to criminal actors. Why? Some victims who paid the demand did not re-gain data access, some were targeted again by cyber actors, and some were asked to pay more to get the promised decryption key. Plus, paying could inadvertently encourage this criminal business model.
How law enforcement can help.
Law enforcement agencies and the Department of Homeland Security's National Cybersecurity and Communications Integration Center can assist organizations in implementing countermeasures and provide information and best practices for avoiding similar incidents in the future. Affected organizations should conduct a post-incident review of their response to the incident and assess the strengths and weaknesses of its incident response plan.
Report and mitigate ransomware attacks.
If you have questions or want more information about reporting ransomware attacks, contact the FBI cyber task forces at www.fbi.gov/contact-us/field or the internet crime compliant center at www.ic3.gov. To mitigate an attack, visit the Department of Homeland Security at www.us-cert.gov or the NIST cybersecurity framework at http://www.nist.gov/cyberframework/. Finally, our team is happy to help answer your questions or provide guidance; reach out to us.
- May 17, 2017: OCR HIPAA Security Rule information distribution update # 4
- "How to Protect Your Networks from Ransomware" – U.S. Government interagency technical guidance document