We’ve covered cryptolocker and other encryption-based malware on the blog in the past. Read up if you’re unware, but the gist of the scam is that an attacker locks down your system after you click a suspicious (or innocuous-looking) link. You can only gain access to your files if you pay the ransom, usually in Bitcoin. This can happen to your work servers, not just personal computers. One click-happy or poorly trained employee could bring your organization to its knees.
For Hollywood Presbyterian Hospital in Los Angeles, the cryptolocker threat became all too real. This attack may have been targeted, as the hackers are requested $3.4 million to unlock the hospital’s computer systems. More or less everything in the facility is tied to the computers, even the emergency room. For now, that means some patients requiring certain equipment or testing have been moved while the facility works off paper.
The FBI and LAPD are investigating, but smaller organizations with smaller ransoms probably don’t have the help of the law. In this case, if the hackers were located, the decryption key might be found. But other, smaller companies are often targeted randomly, locking them out of their systems for days or weeks until ransoms of $200 - $2000 are paid. Today, news broke that the hospital was able to pay the relatively small sum of $17,000 to unlock their system. Of course, that doesn't include the costs of downtime while they waited to resolve the situation.
Cryptolockers aren’t the only malware that can take down your IT systems. Botnets hijacking your resources, rootkits granting administrative access, spyware collecting data, Trojans, viruses, and worms can all restrict or remove access to the applications, files, and data your business needs to operate.
While prevention (including anti-virus/anti-malware and employee training) remains the best way to keep your IT systems malware-free, sometimes you end up getting infected. Some malware, like common viruses, can be removed with a full system scan by a reputable anti-virus program. When you’re totally locked out of your system or performance has hit an all-time low, this might not be an option.
If your computers are completely inoperable, you’re going to have to face the music one way or another. That means either paying the ransom, losing your files, or turning to an older backup. How old that backup is depends on your practices—do you copy to external storage every so often? If so, you might have just lost 1,000s of important new files.
Regular cloud backups or disaster recovery are a good way to ensure you lose a minimal amount of data in these cases. Cloud providers generally have strong security protocols, but backups can also be encrypted for additional peace of mind. A cloud backup can be configured to update every day, or even every few hours, only uploading the new or changed files to minimize internet transport and storage costs.
Consider revising your disaster recovery plan to include cyberattack. How fast can you wipe and restore your servers and computers to full functionality? Is the cost of a cloud backup more or less than a potential ransom, plus the time and money lost before it gets paid? What other benefits could you gain from an IT disaster recovery plan?
Don’t be caught unprepared. Healthcare may be becoming a popular target, but all industries can be greatly affected by malware. If it strikes, cloud backup might save your operations.