Do you like thrilling movies like “The Man Who Knew Too Much” by Alfred Hitchcock or “96 Hours” by Frédéric Schoendoerffer? What both films have in common is the nerve-wracking story about the kidnapping of a family member. Do you find yourself taking the side of the good guys, praying and keeping your fingers crossed that they will set their most valuable treasure free and get them back alive? Well, then you are very close to what some companies had to experience as well with seeing sensitive business data being taken hostage by ransomware. Ransomware, as its name suggests, is malware designed to make a target’s data unusable or to prevent access to computer systems until a ransom is paid, usually in untraceable digital currency. It’s quick, lucrative – and very easy.
Imagine an ordinary working day at the office: You just started, working yourself through your inbox when you spot an official information from one of your business departments with an attached document. You are directed to a download link to access your files. You are not thinking about it because you know your company and your departments, so you just follow the instructions, download your file and open it. At some point later that day you notice that you are no longer able to access your systems and several files with a strange name have been created without your knowing. This is a critical moment because sensitive files on your device might have been encrypted. The truth is: Your files have been taken hostage and the only way to get them back is by paying a ransom.
Ransomware incidents have reached a new level of frequency and we expect the number to continue to increase. Affected companies are often willing to pay whatever sum is demanded so they can regain control and get back to business. It’s quite similar to families being willing to pay kidnappers whatever is required to release their loved ones – a copycat scenario if you will for the Cyber Security arena.
For our January Cyber Threat Bulletin we collected some examples of companies that were hit by such ransomware attacks and experienced varying consequences. Such as Hackensack Meridian Health, New Jersey’s largest hospital system operating 17 hospitals, nursing homes and outpatient centers, as well as psychiatric facility Carrier Clinic. The health system provider was targeted by a Cyber Attack in early December 2019, crippling its computer software systems for nearly five days. The attack impacted the hospital’s computer software systems, from scheduling and billing systems to labs and radiology. As a consequence, the medical teams had to reschedule approximately 100 non-emergency appointments and surgeries.
Galt, California municipal systems, also became a victim of ransomware. The city reported that the full extent of the damage is not known but both the email and the phone systems have been impacted. This includes all Sheriff’s office emails, posting of daily arrest affidavits, updates of jail booking photos, fingerprinting, background checks/criminal histories, distribution of case reports and traffic crash reports.
Last but not least, LifeLabs, a Canadian laboratory testing company, paid ransom money to get back the data of its 15 million customers – including names, addresses, emails, logins, passwords, date of birth, health card numbers (for health insurance) and even highly-sensitive lab test results.