Thursday, March 24, 2016

Ransomware demands are often smaller, to enable payment, but scouting out of targets gets more sophisticated.

A hospital in western Kentucky has been hit by ransomware, according to a CNN Money report.

The ransomware was submitted by email, that got past spam filters and anti-virus software.  The demand for payment in bitcoin is relatively low, about $1600.  It is thought that lower demands increases the likelihood of payment.

The hospital has refused to pay and had apparently backed up everything off line frequently.  But could patient care be compromised?

However, on March 21, Matt Zapotosky and Ellen Nakashima reported on some very large hacks of hospitals and local governments, where hackers had staked out the facilities for some times and tried to compromise the backups.   However, any organization could make daily backups that are completely offline (much harder with incrementals).

In my own mind, there would be a question as to whether Carbonite backups could be affected, because they are shown as virtual drives to Windows.  But Carbonite’s own discussion of the issue sounds reassuring, link.

Still, it’s a good idea for home users to keep backups on totally detached physical devices.  The safest possible solution is optical (electromagnetic devices like thumb drives could be destroyed by some kinds of neighborhood vandalism, but that hasn’t been reported).

Update: March 31

US Cert offers a detailed explanation of ransomware in a bulletin today.

No comments: