3 things to know about ransomware

Hollywood (Calif.) Presbyterian Medical Center made headlines when hackers held its medical records for ransom. The medical center ultimately paid. Shortly afterward, the Los Angeles County health department suffered a similar attack, though no ransom was paid in this case.

Here are three things to know about the different types of ransomware, their delivery channels and how to lessen risk exposure to such attacks, according to a report from the Institute of Critical Infrastructure Technology.

1. Three ransomware variations include:

•    Locker ransomware. Locker ransomware typically restricts access to a device's interface but does not affect the underlying system or files. From 2014 to 2015, approximately 36 percent of binary-based ransomware was of this type.
•    Crypto ransomware. Unlike locker ransomware, crypto ransomware targets underlying information and systems. The user can do anything on the device except access the encrypted files. Oftentimes, this type of ransomware includes a time limit. If the victim does not pay the requested ransom within that time, the decryption key will be deleted and access to the data will be permanently lost. From 2014 to 2015, 64 percent of ransomware attacks detected were carried out using crypto ransomware.
•    Hybrid ransomware. It is possible hackers could employ both types of ransomware in concert with one another, according to the report.

2. Ransomware is distributed through the following methods:

•    Traffic distribution system. A TDS will redirect Web traffic to a site, which hosts an exploit kit. Some hackers may hire a TDS to spread their ransomware, according to the report.
•    Malvertisement. In this case, a malicious advertisement would take a user to a malicious landing page if clicked on.
•    Phishing email. Phishing scams are the most common way to disseminate malicious content. A single click on a malicious link or attachment could compromise an entire network.
•    Downloaders. Downloaders deliver malware into systems in stages, which makes the malicious intent less likely to be recognized by signature based detection.
•    Social engineering. Social engineering relies on maneuvering users into breaking their own security protocols to introduce the malware into their system.
•    Self-propagation. Self-propagating ransomware will have a functionality that supports its continual spread throughout a system.
•    Ransomware as a service. Experienced hackers may outsource their successful malware to less technically adept cyberattackers.

3. The ICIT report recommends having a dedicated security team, conducting staff training, promoting awareness and implementing layered defenses to lessen the risk of falling prey to ransomware.

More articles on health IT:
How a former NFL quarterback got into the world of health IT startups
HIMSS16 highs: 25 attendees on their most exciting moments
9 IT jobs among the highest paying in America

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months