News from Nowhere – Your money or your data, ransomware

news from nowhere logo - a blog on the NHS and public health and wellbeing

A significant number of NHS Trusts in England have been hit by ransomware in the past year, according to data from a freedom of information (FOI) request. The FOI request was made by global risk mitigation and cyber security expert NCC Group. Sixty of 155 Trusts responded but 31 of these withheld information with many citing patient confidentialities. However, 28 confirmed they had indeed been a victim of ransomware.

Ransomware is a type of malware that restricts access to systems in some way, often by encrypting files and then demanding a ransom to obtain access. With NHS Trusts holding a range of sensitive data on patients and employees, an attack of this nature locking staff out of patient records could cause serious disruption to services and ultimately impact patient care. Many ransomware attacks are delivered via phishing emails. These are often well crafted and disguised to resemble something non-malicious to fool the recipient. Phishing emails often take the form of parcel delivery notifications, imaginary customer complaints or fake official letters.

Ollie Whitehouse, technical director at NCC Group said: “The damage that a successful ransomware attack can cause makes these findings not simply an issue for a Trust’s IT team, but for its board of directors too. Paying the ransom – which isn’t something we would advise – can cost significant sums of money, yet losing patient data would be a nightmare scenario for an NHS Trust. In the past the ransomware writers were sometimes quite careless and there was often a way to retrieve files. However, they have improved their capabilities and data retrieval is usually no longer an option. It makes preparation even more important.”

2 Replies to “News from Nowhere – Your money or your data, ransomware”

  1. Ransomware was first seen in in Russia in 2006 and has grown from a text file message asking for cash, through asking those affected to ring a premium telephone number, and has spread rapidly because it is a profitable business model. Yes a business model! It is often cheaper and easier to pay the ransom than resolve internally, often it is impossible to resolve if standard protection measures have not been followed within the organisation. The ransomware authors also use simple and easily accessible, and ironically well designed, electronic payment gateways to make the victims payment pathway as simple and easy as possible.
    The two main culprits are: directors/senior managers viewing IT as a cost and not as a critical business service and not resourcing ITS properly (investing in skilled staff, robust email scanning tools / hosted security, etc).
    Staff: poorly trained or motivated to use basic personal security processes (understand not to use embedded links in unrecognized emails, 3-2-1 file saving model) to stop this type of attack.
    Ransomware is still growing and is big business and is now moving into gaming and social media, the recent Pokemon Go exploit uses social engineering to embed the ransomware.
    Be careful of Pikachu…..

  2. Comment
    Ransomware is proving a lucrative business – with the Cyber Threat Alliance quoting over £225M in damages associated with these attacks – and this is just the beginning. As cybercrime toolkits continue to develop, even the most novice cybercriminal can become a master of ransomware, helping to grow the market on an industrial-scale level.
    With a recent FoI request highlighting how nearly half of NHS trusts in England have fallen victim to ransomware, the significant threat that this attack poses to the British health system is clear. Trusts should begin taking the necessary steps to prevent ransomware infections and reduce their impact when successful. From backing-up systems daily, training staff and deploying the most up-to-date security technology, to ensuring the development of an active incident response policy following an attack, organisations can fight back against the ransomware attackers – protecting their data, revenues and reputations.
    Organisations looking to learn more about the preventative measures and the tools available to combat this threat should look to the No More Ransomware Project, from the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, and Intel Security and Kaspersky Lab.

    Gordon Morrison, director of government relations at Intel Security

Leave a Reply

Your email address will not be published. Required fields are marked *