October is off to an inauspicious start in Alabama for some regional hospitals. Three hospitals that are part of the DCH Health System – DCH Regional Medical Center, Northport Medical Center, and Fayette Medical Center – were hit with a variation of the Ryuk ransomware. As of October 4th, the hospitals are still being impacted by the ransomware and are redirecting non-critical new patients to other hospitals but are continuing to care for existing patients.
Ryuk is a particularly nasty strain of malware that was first discovered in August of 2018. Ryuk is generally used as part of sophisticated targeted attacks aimed at larger enterprise organizations in a practice known as “Big Game Hunting”– essentially targeting larger organizations for larger ransoms, although Ryuk has been used to target smaller organizations as well.
The effected hospitals were able to continue functioning because they had crafted plans to operate without their computer systems. This is part of a good incident response plan that all organizations should have – basically, pre-plan how to operate if something bad happens so that when you find yourself in that situation, you are prepared.
60% of businesses that suffer a data loss – such as one caused by ransomware – go out of business within six months due to a combination of loss of revenue, expenses to remediate the situation and/or recover or recreate the data, loss of customers, and a loss of reputation. So, what differentiates those 60% that don’t survive versus the 40% that do?
Some people might attribute that to luck. Roman philosopher Seneca is famously quoted as saying “Luck is what happens when preparation meets opportunity”. Organizations that survive these types of events tend to be the ones that had contingency plans and proper risk management governance.
What can companies do to make their own luck?
- Ensure that they have a solid, multi-layer defense against malware, including firewalls with an unified threat management capability with an active and up-to-date subscription, endpoint antivirus, and endpoint antimalware. A solid and layered malware system will dramatically lower the chance of malware reaching your endpoints.
- Ensure that employees are properly trained in email security; According to FireEye, 91% of cyber attacks begin with an email. Employees being trained to recognize attacks can reduce the chance that malware that makes it through the first technical layer are able to take hold. Furthermore, properly training your employees in email security will help make your organization less vulnerable to non-technical attacks, such as invoice fraud and CEO scams.
- It is not enough to just try to prevent an attack, you must assume that something may eventually get in and you will need to be able to recover from an attack. Ensure that you have proper backups for ALL critical systems and ALL critical data, with the ability to rapidly recover from those backups. If it takes 3 days to recover, that’s 3 days of business you are going to lose.
CORTEX offers services to help with all of these processes and more. Please contact us for more information on how we can help you and your business better protect itself from ransomware attacks like these.