Henderson, KY-based Methodist Hospital has become one of the latest targets of "Locky" ransomware, which encrypts and deletes files. Victims have to either pay a ransom to regain their files, or – if they’re able – wipe systems and restore files from a quarantined, non-infected backup. The hospital stated: 'Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services."
Tim McElwee, President of Proficio, a Managed Security Services Provider (MSSP) helping organizations improve the effectiveness, efficiency and economics of meeting IT security and compliance goals, notes:
"Cyber-criminals are clearly targeting larger organizations with new strains of ransomware. The high potential profitability virtually guarantee ransomware’s continued emergence a threat in the coming years as the security landscape continues to evolve. Despite its seeming ubiquity, ransomware heavily targets a few threat vectors."
“Every organization can take steps to harden their network against it. Backing-up data and systems enables IT to wipe machines clean, and user training is key – a well-trained user is one of the best protections against phishing attacks that carry ransomware. Constant monitoring for indicators of ransomware is equally crucial, and can be internally done or through a security services provider for the industrial strength security that regulated and digital asset-centric sectors need. These are a few first lines of defense – there’s certainly more."
Adam Laub, Sr. Vice President of Product Marketing with STEALTHbits Technologies, concurs. He notes:
"This attack exposes an underlying security problem that just about every organization struggles with daily – an overabundance of access to systems and data at the individual user level. Much of the user’s access to data is facilitated through the use of all-encompassing 'well-known' security principals. Access is broadly permitted, and is often limited only by groups that many – or every - employee belongs to. These groups facilitate access to data typically residing in File Shares and similar repositories – which the exact types of data typically targeted by ransomware."
"It’s the IT security equivalent to getting a key to your hotel room and discovering that it actually lets you access any other rooms as well. All a would-be intruder would need to do is try that key in each door. Ransomware performs the same process in essence. If access rights to file shares were better controlled via groups to only the proper users, the ability for ransomware to rapidly spread far and wide would be drastically reduced. That’s just one of many prevention steps."
“Still, there’s hope for organizations looking to avoid becoming the next victim. Much like fighting the common cold, ransomware detection, prevention, and damage mitigation requires both internal and external remedies."
"Traditional signature-based detection and prevention catches known ransomware variants at the perimeter, while pattern- and behavior-based activity detection are effective for quickly identifying what’s slipped past the gate and has made it inside. Additionally, routine data backups of data, cyber insurance policies, and known best practices such as the clean-up and consolidation of sensitive data assets all further mitigate actual damage a ransomware attack can cause."
Proficio is a leading Managed Security Service Provider (MSSP) focused on changing the way organizations meet their IT security and compliance goals. Its advanced, cloud-based solutions and expert Security Operations Center constantly team monitor and scan critical assets to defend enterprise and SMB networks and applications from cyber-attacks, and stringently protect compliance.
STEALTHbits Technologies' access management solutions block malicious access to unstructured data such as email, file systems, presentations, etc. (≈ 80% of organizational data). By ensuring that only the right people can access large, highly-sensitive data pools, STEALTHbits helps customers cut their risks and operational expenses, and demonstrate adherence to compliance requirements.
Tim McElwee is the President and Chairman of the Board at Proficio and a senior executive with over 20 years of experience building, operating and growing information technology companies. Tim has held multiple executive positions. Tim has co-authored multiple patents and has a proven track record of launching new companies.
Adam Laub is the Senior Vice President of Product Marketing at STEALTHbits Technologies. He is responsible for setting product strategy, defining future roadmap, driving strategic sales engagements, supporting demand generation activities, enabling the sales organization and all aspects of product evangelism.