Author(s): Raghu Gopal
In the past week, the Hollywood Presbyterian Medical Center in Los Angeles became the latest high-profile institution to be hit by a ransomware attack, resulting in a shutdown of the hospital's computer systems. Hospital staff had to fall back to paper, pens and fax machines for record keeping and communications. Despite assistance from local law enforcement, the FBI and security experts, the hospital ended up paying the attackers $17,000 to get their systems back online. The hospital's management decided that paying was the most pragmatic way to get things up and running again.
Ransomware is a remote digital shakedown in which the victim is unable to access files until a pay-off is made. In return for payment through an anonymous method like bitcoin, victims are sent digital keys to unlock their data. Cyber-attackers typically use standard encryption protocols, which tend to be nearly unbreakable. The attacks are often initiated through e-mail phishing campaigns. Once triggered, the malware can spread rapidly to other computers on the same network. Hospitals are a prime target: their computer systems are vital to saving lives, and management will be reluctant to engage in the lengthy process of restoring locked data from back-ups. The personal information held in hospital records is also an attractive source of data for identity theft.
Earlier this month, a Mississippi school district had its systems taken down by ransomware, and last year police departments in Massachusetts and Maine were attacked and had to pay up to regain access to their data. A recent report by a security alliance founded by Fortinet, Intel Security, Palo Alto Networks and Symantec reveals how CryptoWall ransomware has infected millions of computers around the world, extorting millions of dollars from victims. In most cases, victims pay the ransom to retrieve their data.
It will take action on multiple fronts to tackle this problem. Security remains a paramount concern not only on PCs but all connected devices. Mobile devices are far from immune to this sort of threat, and the growing focus on hacking the Internet of things shows there's no room for complacency when it comes to security. Software companies, hardware manufacturers, employers and individuals must all play their part in guarding against cyber-crime. Unfortunately there's no respite expected anytime soon.