So, have you heard of ransomware?
If cybersecurity is anywhere in your job description, chances are the answer will be a resounding “Yes!” followed closely by “Keep it away!”
Unfortunately, you barely have to be plugged into the InfoSec space to know that ransomware is running rampant. Recent headlines about this scourge abound, particularly in the healthcare and public sector arenas.
In Verizon Enterprises’ much-cited Data Breach Investigations Report, researchers found that 39% of crimeware incidents in 2015 were related to ransomware. Wired Magazine reports that victims of this type of malware paid $24 million to cyber criminals in 2015.
As if that weren’t enough, other estimates put the total cost of just one type of ransomware at $325 million since it was discovered in January last year. As Wired reports, this staggering figure includes the cost of stripping cleaning the infected machines and restoring backup data, which can take weeks or months.
Ransomware on the Rise
The FBI has even issued their own warnings about ransomware. In their weekly podcast, FBI officials warned of it as an evolving threat increasingly targeted businesses, local governments, and other larger organizations.
“[Cyber criminals are] seeing that there’s more money in these larger enterprises as opposed to someone like your grandma or my grandma that just has one computer,” warns Jeffrey Coburn, with the FBI’s Major Cyber Crimes Unit.
Though the first modern wave of ransomware was reported in 2005, the FBI and InfoSec experts of all types have seen a marked uptick in attacks since 2015. And the attackers are becoming more sophisticated. As the FBI reports, delivery methods have expanded beyond the standard phishy email to malicious code injected via out-of-date plugins on legitimate websites.
Sick of Ransomware
The results of a ransomware attack can be truly crippling, especially for healthcare facilities where lives literally depend upon access to computer networks. You don’t have to dive deep into the headlines to find out that some of the biggest ticket attacks recently have hit hospitals and other healthcare organizations. The attack against Hollywood Presbyterian Medical Center comes to mind, in which hospital officials coughed up $17,000 in bitcoin to release their network from the clutches of ransomware.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Hollywood Presbyterian CEO Allen Stefanek said in a statement after the attack. “In the best interest of restoring normal operations, we did this.”
A Holistic Approach
A number of experts, including our own Tom Pendergast, have pointed out that the rise of ransomware, particularly in the healthcare space, is yet another tick in the “Pro” column for comprehensive security employee awareness programs. As Dr. Pendergast told HealthData Management, healthcare employee security awareness needs to grow beyond HIPAA-specific training to content focusing on the dangers of phishing and other types of cybercrime.
Luckily, ransomware can be thwarted by some of the same core employee behaviors that protect networks from other types of cyber attacks.
But don’t take our word for it: listen to what a man with a particular set of skills had to say to a hacker in our security awareness reinforcement animation focusing on ransomware. It’s designed to be shared with your employees, free of charge, to remind them of best practices to avoid getting “Taken” by this particular cyber menace (watch the video, you’ll get the joke).
Want to learn more about MediaPro’s comprehensive, integrated approach to awareness training and reinforcement? Contact us today for a free demo.