Page 19 - Cyber Warnings
P. 19
The first thing we need to establish is the fact that Ransomware is no different than any other
form of malware in terms of its delivery means – usually, but not exclusively, via email with
either malware attachments or links to infected websites. The difference - and the scary part - is
how it is used to extort money from victims.
Once the malware has been invited onto a user’s computer it can then get to work, encrypting
files before announcing its presence and declaring its ransom demand. The nature of its
immediate demands and very tangible threat is precisely what makes it more feared than other
malware. However, your line of defense and your approach to preventing Ransomware should
be the same as it would be for any other Malware. Don’t be thrown by the sensationalism
surrounding Ransomware – Pragmatism should always prevail.
Corporate Ransomware Case Study
LA Presbyterian Med Center Case Study: The fact that this was a relatively quick and easy
‘Hack for Cash’ is driving this predicted trend. The LA Presbyterian Medical Center attack
speaks to both the targeting of Healthcare as well as the increase in Ransomware.
The assault on Hollywood Presbyterian occurred Feb. 5, when hackers using malware infected
the institution’s computers, preventing hospital staff from being able to communicate from those
devices, said Chief Executive Allen Stefanek.
The hacker demanded 40 bitcoin, the equivalent of about $17,000, he said.
“The malware locks systems by encrypting files and demanding ransom to obtain the decryption
key. The quickest and most efficient way to restore our systems and administrative functions
was to pay the ransom and obtain the decryption key,” Stefanek said. “In the best interest of
restoring normal operations, we did this.”
The hospital said it alerted authorities and was able to regain control of all its computer systems
by Monday, with the assistance of technology experts. Phil Lieberman, a cybersecurity expert,
said that, while ransomware attacks are common, targeting a medical institution is not.
“I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk,
and it is sickening to see such an act,” he said. “Health management systems are beginning to
tighten their security.” http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-
bitcoin-20160217-story.html
CryptoLocker - Best avoided!
You don’t want to see this Classic Ransomware operation - after the malware is in place, a
unique encryption key is generated for each computer infected and is used to encrypt data on
the machine. If the ransom is not paid within the allotted time the files are lost forever.
19 Cyber Warnings E-Magazine – June 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide