Earlier this year, the Waikato District Health Board (DHB) suffered an unprecedented ransomware attack when over 600 servers were taken down and personal information of employees and patients were leaked onto the dark web.
At least five percent of the DHB’s workstations were running out-of-date software that’s prone to malware-related cyber-attacks and it left five hospitals paralysed in May.
Ransomware is malware (or commonly referred to as a virus) that’s becoming increasingly common globally and across New Zealand. The virus can enter an organisation in many ways – the most common being an email with a dangerous attachment or a link.
Once it infects a computer it starts encrypting and deleting files and can spread throughout the network leaving a path of destruction.
According to a recent Stuff article, The Waikato DHB was warned about the inadequacy of its IT security practices months before the ransomware attack brought Waikato Hospital to its knees.
An internal cyber security document dated December last year also warned that a lack of training meant staff posed an unintentional threat to its systems.
What is ransomware?
Ransomware is a crime, a cybercrime to be exact. Take a computer virus and add the ability to lock (encrypt) and destroy all your personal files and hold it for a ransom payable only in crypto currency. That’s the most common description of a ransomware attack. Some variants also spread through a business network, infecting and encrypting files leaving a path of destruction.
In many cases, you don’t know your computer is infected until a ransom demand is displayed or you no longer have access to your data and files. Once ransomware takes over your computers and servers, your files and data will remain encrypted even after you remove all traces of the infection.
There is no guarantee that you will get any of your files back, even after paying the ransom.
How does ransomware affect my business?
The truth is: ransomware attacks are terrifying especially for small businesses that can’t afford to pay a ransom for lost data. There are mainly two ways that ransomware creeps into the business undetected:
- Phishing: Phishing is an email sent by a cybercriminal disguised as something legitimate. The cybercriminal phishes for anyone that can fall for the bait, just as you’d attach a worm to the end of a fishing hook.
- Guessing Passwords: Many businesses allow remote support connections to their workstations and servers. Criminals simply guess usernames and passwords to access your systems remotely.
An FBI advisory states that the most common access routes into businesses are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints.
Here are tips to help you fend off ransomware attacks:
Tip 1: Ransomware easily enters your business via email. Make sure your employees are aware of the risks associated with dangerous emails, how to identify them, and where to report them to. Cybersecurity awareness and protections must be implemented at every level of the business, including at the leadership level.
Tip 2: Ask your support vendor to secure any remote connections into your business. This includes laptops, servers, and any other devices they support remotely.
Tip 3: Keep your anti-virus systems up to date and make sure your systems are patched frequently.
Tip 3: Ensure that your computer and server backups are completed regularly and tested throughout the year. Make sure that ransomware can’t spread to the backup servers too.