News / Could a Ransomware attack close your operating theatres?

You graduated, travelled the world, got your first job, found the love of your life, had a wild 30th, bought a house, married the love of your life, had a baby, had another one, had a wild 40th, 50th… all the best moments captured beautifully through photos and shared with friends and family via the wonders of technology. Then one day you opened an email and clicked a link…and found yourself suddenly faced with something called Ransomware.

Every photo, every file, all those memories taken as ransom. So what do you do? This is the question that faces anyone affected by Ransomware whether this be individuals or corporations. What do you do?

Before we attempt to tackle this question, let’s look at an example of where the impact of Ransomware could be extremely harmful – Healthcare. Realistically, targeting organisations whose everyday operation depends on access to critical digital information and technology is likely to be more favourable than holding the average Joe or Jane’s photo collection ransom.

One of the most important technological infrastructures is that of the Healthcare system. We depend on extremely advanced technology for support with diagnosing, operations and treatment. This technology has allowed for great medical advances and has become an indispensable asset of the Health Industry. Clearly then, availability of these devices is critical and can be life-threatening.

So when we learn that the closure of the NHS North Linconshire Trust’s Operating Theatres and the cancellation of thousands of appointments was due to Ransomware, we need to start paying attention. When, following this, the media highlights the budget and resource constraints that the NHS face, cyber criminals don’t need to be that clever to recognise that it’s highly unlikely that money has been invested in security. The result – an easy target. The implication of Ransomware to all the technologies that support modern medicine is truly significant.

In what ways can Ransomware actually have devastating impacts on the Healthcare System? Put your black hat on and think about it.

Fundamentally, taking something of value whether it be a human, technology or data is devastating. Cyber criminals have recognised that targeting a victim’s most critical or valuable possession, holding it ransom and demanding money is an extremely lucrative way to make money. Let’s put this into perspective. Crypto-wall is one of the most famous examples of Ransomware which generated $325 million in revenue. Big Money. So what exactly is Ransomware?

Ransomware denies access to a device until a ransom is paid. Examples of the most powerful versions are CryptoLocker and Teslacrypt which use very strong cryptographic algorithms to encrypt the ransomed data so it appears that all your files have been corrupted – your data gets converted into a random body of text. The “Ransomware business model” is to demand payment for the key that will convert your data back to the original format. As we’ve highlighted, Ransomware makes money, so cyber criminals are coming up with ever more innovative and clever ways to spread their poison. Traditionally the attack vector has been the infamous dodgy email link but as awareness of this develops, cyber criminals are most definitely looking for more creative approaches.

Now let’s rewind and attempt to answer the question, “What should you do?”

There is too much focus on “prevent” and whilst this is somewhat important we must recognise that spending big money on “prevention” technologies will never guarantee protection against a ransomware attack. Nothing can guarantee protection. We need to approach the threat as if it will happen to us – what do you do? How do you respond? You prepare so that you’re ready to respond – so that your response is as organised and fluster-free as possible. Preparation involves both the tools and processes being in place to “prevent” as well as the protocols clearly defined, communicated and available for “response”.

Let’s first look at how to prevent…

One of the easiest and simplest ways to protect your kingdom is to make sure that when a brick falls out of your wall, i.e. when a hole appears, you fix it – make sure your technologies are patched and updated regularly to protect against new vulnerabilities. The importance of this can be highlighted by what Symantec discovered in 2015 – 362000 Crypto-Ransomware variants! So if you don’t periodically patch against new vulnerabilities, you’re asking for Ransomware. Remember that all it takes is one unpatched computer to threaten your entire network so Patch Management needs to be high on your agenda.

Perhaps you are thinking, “yes that is something I need to do but first I need to figure out where the critical vulnerabilities and the security control gaps are in my existing Cyber defence capabilities, particularly those which are specific to malware and ransomware.” Great thinking. This is an important step in preparing for Patch Management and is known as Cyber Capability Assessment. It’s really the first step that must be taken in order to build your wall – understand your vulnerabilities, recognise your risk.

So what happens if that email arrives. Do your staff know how to respond to that email? How would they know? They would know by being trained – by being made aware of what a suspicious email looks like and what to do about it. Most issues and problems are solved with proper education. Think about that statement. Your staff are your first line of defence so preparing them is crucial – prepare them by educating them. Invest in Security Awareness Training.

Let’s now imagine someone has clicked on the link and you have now become a Ransomware victim. What happens next depends on both how prepared you are and how you respond. Do your staff know how to respond? Do they know who to inform? Does the person who is being informed know what their responsibility is? This would all be outlined in an Incident Response Plan. If critical systems become unavailable a Business Continuity Plan will define how to access the backup of data and how to activate a redundant system so that as the name of the plan implies – business can continue and the interruption to business is kept to a minimum.

Finally, following any incident, you must always reflect on what has happened. Record it. Review it. Learn from it. Could you have prevented it? How could you have responded better? Give feedback to the people who were involved in the incident so that next time, the technology performs better and your staff respond faster so that should this happen again, the impact to the business is smaller.

A final note – you really don’t want this to happen again and cyber-criminals know that which is why they are starting to offer “immunity packages” so that they won’t do it again. Tempting!

Everything highlighted in bold are services we offer.

We can help you prepare so that if it does happen you are ready.

  • PLUS
  • Certified Information Systems Security Professional
  • PCi
  • Information Security Management System - ISO Certified
  • Cisco Certified CCIE
  • Centre for Internet Security
  • TOGAF 9
  • HM Government G-Cloud Supplier
  • crest

Get in touch