Two Pronged-Approach for Defending Against Ransomware Attacks
January 18, 2017 No CommentsFeatured article by Richard Henderson, global security strategist at endpoint security company Absolute
Ransomware in IT healthcare environments continues to be an unholy menace to the day-to-day operations of hospitals. I’ve spoken with healthcare groups not just in the UK, but around the world, who have been hit at very large scales, effectively suspending all frontline digital operations in healthcare environments. It’s terrifying to consider the potential real-world physical impacts to patients when doctors and nurses are all of a sudden unable to review charts or tests in order to provide urgent care.
Sadly, this has meant in many cases that hospital administrators just pay up – the amount of time to clean up and get back up and running can literally impact people’s lives. Criminals know this and are continuing to exploit this to their financial gain.
In the case of this latest attack on NHS, which is certainly not unique to them, it appears the majority of systems being hit are legacy Windows XP machines. In most healthcare environments, this is due to a number of factors: legacy tools, software, and equipment that just won’t run on newer operating systems; lack of support from vendors (or vendors who may not even exist anymore!); staggering costs that can’t be budgeted for to replace systems… all of these factors can make for very fat, juicy targets for cyber criminals.
Protecting against these attacks should focus on two major prongs: the people using them, and the systems themselves. On the systems side, where machines can’t be moved up to (at the very least) Windows 7, organizations should really start discussing moving these legacy systems to tightly-protected virtualized systems with an abundance of security controls built in to not necessarily stop an infection, but to stop it from moving to other systems. On the people side, as most ransomware continues to enter environments through email (attachments and links), a concerted effort by security staff to build better awareness of what ransomware is and how to spot suspicious emails is critical for success.
From a philosophical perspective, I’ve spoken with more than one healthcare security professional who is now treating desktop systems as 100% disposable. To them, the work stations themselves are now seen as nothing more than appliances that can be spun up or destroyed on demand, and at the first whiff of compromise, systems are yanked off the network, wiped, and re-imaged.
Sadly, the ransomware threat isn’t going anywhere, especially in healthcare. It’s far too lucrative for attackers to give up on it, and with the staggering amount of legacy systems out there inside these networks, the targets are just too rich for them to ignore.