Anyone who owns or manages a healthcare company should be aware of the industry’s recent rash of ransomware cyber attacks. This style of hack will bring your organization’s operations to a grinding halt. Ransomware freezes your company’s computers, forcing you to pay a ransom in the form of bitcoin in order to regain access.
The SAMSAM Ransomware Family
The ransomware virus is evolving as time progresses. The latest version version of ransomware family, known as “SAMSAM”, is specifically targeting the healthcare industry. This style of ransomware is installed when hackers gain access to highly vulnerable servers. It is quite the unique version of the ever-evolving virus as it is not strictly limited to malvertising. An example of malvertising is a malicious file attached to an email correspondence. The new variant of ransomware actually travels by way of un-patched servers. SAMSAM ransomware relies on such un-patched servers to tap into the data stored on a number of the healthcare provider’s machines. The hackers use this widespread, unauthorized access to pinpoint critical data systems for encryption.
A Deeper Look at the Nuances of the new Ransomware Attacks
The hackers behind the latest version of ransomware attacks rely on access to an open source application server known as JexBoss as well as a number of other Java-based application platforms. They utilize an array of exploits to obtain remote shell access to a healthcare provider’s server. Once the server is accessed, SAMSAM is installed directly onto the desired Web application server. The infected server spreads the ransomware client across machines that run on Windows operating systems. This infection is accomplished by moving laterally across the network.
Ransomware Attackers Keep the Lines of Communication Open
The cyber criminals behind the ransomware attacks design this style of attack in a manner that encourages communication. Victims can directly communicate with the hackers to negotiate the terms of the ransom. Once payment terms are agreed upon and payment is made, the healthcare provider’s computer network is unfrozen. Payment is made in the form of bitcoins rather than cash. Some ransomware hackers require as little as one and a half bitcoins while others demand upwards of 20 bitcoins to relinquish control of infected systems.
SAMSAM Ransomware is able to Wreak Incredible Havoc
Cyber security experts agree that SAMSAM ransomware is similar to SAMAS, a family of crypto-ransomware that is famous for its ability to encrypt files on the infected system as well as those across an entire network. Even network-based backups are vulnerable to this style of cyber attack. According to a statement made by the FBI, the cyber criminals behind SAMAS also use the malware to manually locate and erase backups. As a result, affected businesses have no choice but to pay the ransom or deal with the ramifications of a massive data loss. Such an attack is similar to a targeted attack in which the infiltrator selects its victims and exercises full control over what transpires. It is a stark contrast from the typical crypto-ransomware that operates in an automated fashion.
Possible Solutions to Prevent Ransomware Infiltrations
The recent spate of ransomware attacks against healthcare providers has prompted many to request assistance from the FBI’s digital security personnel as well as other computer security experts. The industry-wide hope is that emergency assistance can be provided when ransomware attacks strike. Healthcare executives are also requesting the FBI’s assistance to uncover the sources of these brutal attacks. It should be noted that Trend Micro has stepped up to the plate to monitor activities pertaining to both the SAMSAM and SAMAS versions of ransomware. Healthcare providers can obtain protection against this vicious cyber attack with Trend Micro Security, Worry Free Business Security and Smart Protection Suites. It is also worth noting that healthcare institutions should disable automatic macro loading in all Microsoft Office programs to boost security. The implementation of strong password policies along with frequent patching schedules will also provide additional protection against ransomware.