How a Hospital Escaped Ransomware

Ransomware has rapidly become the most harmful form of malware, measured in monetary costs. It encrypts the files on the victim's computer. A message says that to get their data restored, victims have to send an anonymous Bitcoin payment to the extortionist. If they pay, they may or may not get a key which will let them recover their files. The extortionist is richer and can use the money to build a bigger malware network, hitting more victims. Because payment is through an untraceable channel, the criminal can run the scheme longer without getting caught.

bigstock-Computer-Error-59947367.jpgHospitals are favourite targets for ransomware. Hollywood Presbyterian Medical Center paid about US$17,000 to get its files back. They're particularly vulnerable targets because lives could be at stake if they can't resume normal operation quickly.

It's not always unbeatable, though. Kaspersky Labs report that they were able to defeat the encryption which a ransomware attack imposed on an unnamed Brazilian hospital. The attack, also believed to be Brazilian in origin, goes by the cumbersome name of Trojan-Ransom.Win32.Xpan.a. Kaspersky let the hospital recover its files without paying any ransom. They report they can do the same for anyone else hit by this particular form of ransomware.

The most common way of delivering ransomware is through "phishing" email. In this case, though, the criminals looked on the Internet for computers with Remote Desktop Protocol enabled. They tried large numbers of passwords and were able to get into computers with weak passwords. Once connected, it was a simple matter to install the ransomware. The attackers evidently targeted computers in Brazil, as the messages, including a demand for a "donation," were all in Portuguese.

Beating ransomware

The lesson is that not all ransomware is unbeatable. The Kaspersky article mentions that an earlier version of the Xpan ransomware used a simple encryption algorithm that wasn't hard to break. As with all software on the Internet, a large proportion of ransomware isn't very competently written.

However, many forms of ransomware haven't been broken, and new ones turn up all the time, created by people who think it's a safe and lucrative form of crime. The best protection is still a combination of keeping malware out and backing up all data to an offsite location.

Paying up in response to ransomware is never a good idea, unless the alternative is as dire as what some hospitals have faced. There's no guarantee that you'll get your files decrypted, or that the demands won't escalate.

If you get hit by ransomware, do a Web search on key phrases from the demand text. You may find out that a remedy is available. As long as people submit to the criminals' demands, they'll keep taking in money and attacking more people.

Mirus IT can provide the support that will let you manage your data efficiently and safely. Please contact us for more information.