Editor's Note: King's Ransom

May 16, 2016
An old-school cyber attack has found new legs...are your clients prepared?

Say the word ransomware to a physical security guy, you probably get an eye roll. When you say it to a healthcare security professional, their eyes get wide as saucers. “Never before in the history of humankind have people been subjected to extortion on a massive scale as they are today,” says Symantec, in its report, “The Evolution of Ransomware.”

What was once a simple method for cyber criminals to extort a few hundred bucks out of a random computer user has rapidly evolved into a multi-million-dollar threat to the industries like healthcare and retail. As the trusted security advisor to these vertical markets, it is paramount for dealers and integrators to be as aware of these threats as they can be — in preparation for the seemingly inevitable phone call that starts with the word “Help.”

Case in point: Earlier this year, the computer systems of a California hospital were held hostage by hackers demanding millions of dollars in bitcoin in order to have them unlocked. The hospital eventually agreed to pay $17,000 bitcoin to have access restored.

It is just one of a huge influx of these attacks. Between 2013 and 2014, there was a 250-percent increase in new crypto ransomware, according to Symantec. So far in 2016, cyber threat monitoring and mitigation provider ThreatSTOP has identified 10 new variants of ransomware — nearly as many as were discovered in all of 2015.

Crypto ransomware is designed to find and encrypt valuable data stored on the computer, making the data — such as customer databases, business plans, proposals, reports, source code, forms, and tax compliance documents — useless unless the user obtains a decryption key.

Putting aside the obvious costs of giving in to the ransom demand, just think about what this could mean to your retail customers, for example. “If a computerized point-of-sale (POS) system is unavailable due to a ransomware infection, a retailer would not be in a position to transact sales,” the Symantec report explains.

The same goes for healthcare providers. According to an article by SecurityInfoWatch editor Joel Griffin (www.securityinfowatch.com/12194953), hospitals warehouse a treasure trove of sensitive data, including patient medical histories, billing records and personally identifiable information (PII). Because access to these files is of critical importance in the day-to-day operations, hospitals simply do not have the time or the luxury of trying to recover the files from an alternate source or of becoming bogged down in a long negotiation with hackers, so most simply pay up.

So what can a security integrator do? as always, it is critical to be a trusted advisor. Most ransomware threats are the result of clicking a malicious link on the web or more commonly, through an email. Help your clients craft a cyber awareness strategy for employees. Recommend backup and disaster recovery plans.

“If they have good backups, then (they) go down for a day, then wipe out and restore the affected systems,” Stu Sjowerman, founder and CEO of IT security awareness training firm KnowBe4 told SecurityInfoWatch. “If (the) restore fails, it becomes a business decision to pay the ransom or not. Downtime in a large organization or hospital is easily into millions of dollars a day [in losses] — will they pay $18,000 or even $50,000 in ransom to get their systems back up and running? It’s not really a hard decision.”

Now there’s some tangible ROI for your clients! And your help in saving them from this type of disaster will make them a life-long customer.

Paul Rothman is editor-in-chief of Security Dealer & Integrator (SD&I) magazine. Access the latest issue and the full archives at www.secdealer.com.