In a recent news story, a hospital in Kentucky was targeted by ransomware. Ransomware is a software program that criminals insert onto a company’s computer network and use to encrypt vital data and demand a ransom payment be made for its safe decryption.
According to security industry experts, the attack on the Kentucky hospital was a server-side ransomware called SAMSAM. SAMSAM, we are told, is a variant of an older ransomware called SAMAS. SAMSAM is not like other ransomware that we have seen in recent years. It doesn’t insert itself into the target system by use of malvertising or malicious email attachments. Instead, criminals use open-source application servers like JexBoss and other Java-based application platforms to gain access to an unpatched server.
Once installed on a company server, the malware can be distributed throughout the network infecting all workstations within the Healthcare organization. The criminal then chooses what files on the server and in the machines he wishes to encrypt, opens a popup dialogue box, and makes his ransom demand. In recent intrusions, the demands have been as high as 1.5 bitcoin (approximately $633 USD) to decrypt just one system file.
Because SAMSAM is a variant of SAMAS, it has the ability to encrypt both network and network-based backups. In addition to this capability, using SAMAS, the criminals controlling the program can manually locate and delete any files or any backup files in network-based backups.
Because this ransomware has been used to disrupt health services, the threat it represents has climbed to a level of urgency within the FBI. In their efforts to combat this threat and bring to justice those responsible, the FBI has put out an emergency plea asking experts from the IT security industry to help them.
To protect against this type of threat, your organization must be diligent in applying all security patches as they are released. Ideally, this would be through a regular process that is monitored to ensure the patches were successfully applied.
Is your practice safeguarded against threats such as these? Apex can help! Give us a call today at (800) 310-2739 or send an email to firstname.lastname@example.org. We have decades of experience in protecting organizations just like yours from cyber-intrusions.