Ransomware is a type of malware that restricts access to the infected computer system, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, then spread to any shared network drives and other computers, and make it difficult or impossible to decrypt without paying the ransom for the encryptionkey. Other forms of Ransomware may simply lock the system anddisplay messages intended to coax the user into paying to acquire the key. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.
CryptoLocker is ransomware trojan which targets computers running Microsoft Windows. CryptoLocker propagates via infected email attachments, and via an existing botnet. When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment (through eitherbitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatens to delete the private key if the deadline passes.
How does it get in?
Typically, the virus propagates as a trojan, entering a system through, for example, a downloaded file or a vulnerability in a network service. Recently, there also have been entry points through infected Advertisements on legitimate websites, who outsource their advertising content. The program then runs a payload, which typically takes the form of a scareware program. Payloads may display a fake warning purportedly by an entity such as alaw enforcement agency, falsely claiming that the system has been used for illegal activities, contains content such as pornography and "pirated" media, or runs a non-genuine version of Microsoft Windows. The malware may also encrypt attached storage devices such as USB drives or external hard disks
Prevention, Protection, and Best Practices
Install Malware detection software, and ensure Antivirus software is in place and that both are kept up-to-date. Using software or other security policies to block known payloads from launching will help to prevent infection, but will not protect against all attacks.
Use credentials with the least amount of necessary access to systems to help prevent the spread of the virus by reducing the number of network touchpoints (ie, file shares, printers, servers, etc.). It is always a best practice for users to use non-administrative credentials, and only elevate credentials when necessary for installation, maintenance, etc.
Keep data backups stored in locations inaccessible to the infected computer. This will allow data to be restored to its state at backup time.
Finally, don’t underestimate the complexity of IT security. Security vulnerabilities may be present in operating systems, applications, configurations or risky end-user practices. Hire a compliance partner to perform penetration testing and vulnerability scanning as part of a comprehensive security regimen. A compliance partner can quickly execute the necessary tests to determine the likelihood of real-world threats against an organization’s IT assets and physical security.
BlueOrange Compliance has been providing privacy and security assessments, remediation and guidance since the inception of HITECH, and has over 50 years of experience in technology security, compliance and healthcare. Our national client base consists of hospitals, physician provider practices, Nursing Facilities, LTC Pharmacies, LPCs, CCRCs, homecare, hospice and business associates. If you want to learn how BlueOrange Compliance can help you turn HIPAA complexity into HIPAA compliance, visit us at blueorangecompliance.com.