US DHS/Canada Joint Alert-Hospital Ransomware

By   Information Security Buzz Editorial Staff
Chief Editor , Information Security Buzz | Apr 04, 2016 12:24 pm PST

The US Department of Homeland Security and the Canadian Cyber Incident Response Centre have just issued (late Thursday) a joint alert following a surge in ransomware extortion attacks, including hospital attacks.  Cyber security experts comment:

John Gunn, VP of Communications, VASCO Data Security:

“The recent increase in ransomware attacks is being driven by a proliferation in ransomware toolkits. Anyone can buy the tools to conduct ransomware attacks for as little as $100 on the dark web. It’s a numbers game – more attackers equals more victims.

“The most effective defense against ransomware attacks still depends on human intelligence. People have to stop clicking on links in malicious emails – they didn’t just win the lottery, they don’t have a huge refund coming, and a beautiful foreign lady does not want to date them.”

Carmine Clementelli, Product Manager, PFU Systems/Fujitsu:

“This once again underscores the need to detect threatening behaviors on the network before attackers can escalate privileges. No matter how well trained and aware users are and diligent the perimeter defenses, the human factor (such as opening an invoice to process it) and always-on data resources will always leave sensitive information such as patient data vulnerable.”

Brian Laing, VP of Products and Development, Lastline:

“We have seen a seen an ongoing increase in ransomware affecting a variety of different verticals, not just healthcare.  Companies need to make sure they are prepared for getting hit by ransomware.  It will happen!  One of the biggest reasons why companies are unprepared is that they simply do not understand the impact.  Getting hit with ransomware is not as simple as dealing with machines being down for some length of time, because they’ll be restored ultimately. Nor is it as simple as this years’ product designs or other company and patient or customer data being leaked.  If an organization does not have backups of the files, they are down completely!  As we’ve now seen, verticals such as healthcare can be devastated by this type of attack.  Hospitals don’t just lose money due to lost business in this type of attack. Without ongoing access to patient records, lives at are stake.”

 Dr. Csaba Krazsnay, Product Manager, Balabit:

“Situations like this are why I urge cyber TTXs (table top exercise). At & after these major events, many experts – including lawyers, soldiers, law enforcement, hackers, etc. – sit down next to a round table and imagine a “what .. if” cyberspace scenario. Usually we ended in a case when a direct cyberattack causes damage in human life. As healthcare uses IT heavily, unavailable full patient data or compromised medical devices can lead to a dangerous situation. My feeling is that one of the worst TTX scenarios came alive, and this alert from the US and Canadian governments rings the bell. Cyber criminals have found a new set of targets with a well-known attack, and neither the victims nor the authorities are well enough prepared. What will happen? Smart people will sit down and find out the solution. Hopefully, this scenario will be the part of a TTX in this year and not something that can continue to threaten lives.”