We have seen many variations of the ransomware attacks on the increase lately. Cryptolocker and Cryptowall are the two most prevalent threats, but a Forbes article about the HPMC attack revealed that HPMC was victimized by a variant called "Locky," which, according to the Forbes article, is infecting about 90,000 machines a day.
Details of the HPMC Incident
On February 2, 2016, three days before the HPMC attack, the Department of Health & Human Services Office for Civil Rights (“OCR”) announced the launch of its new Cyber-Awareness Initiative. That announcement included information on ransomware attacks and prevention strategies. Suggested prevention strategies from OCR included:
- Backing up data onto segmented networks or external devices and making sure backups are current. That protects you from data loss of any kind, whether caused by ransomware, flood, fire, loss, etc. If your system is adequately backed up, you may not need to pay ransom to get your data unlocked.
- Don't be the low-hanging fruit: Ensuring software patches and anti-virus are current and updated will certainly help. Many attacks rely on exploiting security bugs that already have available fixes.
- Installing pop-up blockers and ad-blocking software.
- Implementing browser filters and smart email practices.
Most of these prevention strategies are HIPAA security and overall general business security measures that ought to be in place for companies across the board. As OCR and the FBI (see below) both indicate, smart email practices and training the workforce on them are key elements to preventing phishing scams. If you are a HIPAA-covered entity, you should be checking in with Mintz's Health Law & Policy Matters blog on a regular basis.
FBI on Ransomware
One of the big questions arising out of the HPMC and other ransomware cases is: do we pay? If your business is about to grind to a halt, you likely have no choice. However, the incident should first be reported to the FBI and discussed with forensics and legal experts who have experience with ransomware in particular. The FBI's Ransomware information page provides some tips. Ransomware attacks should be part of your incident response plan and the "what do we do" should be discussed at the highest levels of the company.
When in Doubt, Don't Be a Click Monkey!
Before clicking on a link in an email or opening an attachment, consider contextual clues in the email. The following types of messages should be considered suspicious:
- A shipping confirmation that does not appear to be related to a package you have actually sent or expect to receive.
- A message about a sensitive topic (e.g., taxes, bank accounts, other websites with log-in information) that has multiple parties in the To: or cc: line.
- A bank with whom you do not do business asking you to reset your password.
- A message with an attachment but no text in the body.
All businesses in any sector need to take notice of the HPMC attack and take steps to ensure that they are not the next hostages in a ransomware scheme.