Ransomware, a word that has been on and off the news for a few years. What used to be very scarce has become mainstream. Criminals are still targeting companies regardless of their business sector through advanced email techniques and have much success doing so! Email threats may be blocked by SPAM filters or prevented by protecting your NEU (Network, Endpoint and Users) but what happens when the main Line of Business software you use is hacked and used to distribute ransomware?

Criminals behind ransomware infections are becoming smarter and smarter and optimizing their systems to infect endpoints by hitting hard on software companies. They breach a SaaS (Software as a Service) servers and figure out a way to deploy their ransomware through it to subscribers. This is huge progress in terms of ransomware delivery techniques. It's hard to prevent it from getting on to your system when it comes in that way but you can manage it by fully protecting your network, educating your staff and having proper backups in place.

We have posted several times about how you can protect your network but as ransomware infections persist and increase in size of damage we thought a short article directed at security at dental clinics was due once we saw the news about "Ransomware hits hundreds of dentist offices in the US".

Ransomware infections are extremely serious threats and must be taken as such. Dental clinics are supported with a fully digitized system from patients info and appointments management to taking and storing X-Rays. If a network is infected, the file encryption process will probably take several days to complete. Once it completes the process, a message will appear on the desktop of "Patient Zero" which is the computer the ransomware began the process from. At that moment (and possibly along the way things will stop working because of encrypted files) your operation will potentially halt. Files become inaccessible and systems become unusable. The problem with this is now that the encryption process took several days to complete the backups associated with those days are useless, considering encrypted files were backed up.

Let us assume a dental clinic is hit with ransomware (regardless of the infection method) and staff cannot operate and do their daily tasks. The first thing a technical support rep will check is backups. In this case, backups cannot be used as they house encrypted files. Another possible solution is checking for available decrypters online, but chances are the current ransomware infections are just that, current! and thus the tech will not find one. This leaves the tech with the option to pay the ransom. The payment process alone is a time-consuming task. By the time a payment is done and assuming the criminals provide the correct decrypter and key (I haven't seen a case where an incorrect key/decrypter was provided - ironically some of these criminals have a conscious!), a clinic would be down for 2-3 days with no ability to serve their loyal patients. Estimated losses are over $55,000 in addition to what's more valuable, reputation.

How can we try to minimize the possibility of a ransomware infection?

  1. Educate your staff and spread awareness about ransomware and how it gets in the networks. Forwarding this article or sharing it is a good start.
  2. Install a network-level firewall with Advanced Malware Protection and Content Filtering. K2 Networks highly recommends Meraki firewalls.
  3. Install a centrally managed antivirus. Scan and update daily. K2 Networks highly recommends Webroot SecureAnywhere.
  4. Perform periodic maintenance on computers and servers.
  5. Have a strong disaster recovery plan and test it periodically.
  6. Talk to your insurance provider about your Cyber Insurance policy.

Security must be taken seriously. Here are notable ransomware infections:

  1. https://www.zdnet.com/article/ransomware-hits-hundreds-of-dentist-offices-in-the-us/
  2. https://www.cbc.ca/amp/1.5170951
  3. https://www.wbaltv.com/article/baltimore-city-network-email-outages/27395392
  4. https://barrie.ctvnews.ca/wasaga-beach-pays-ransom-following-computer-system-hacking-1.4026570
  5. https://www.cbc.ca/news/canada/calgary/samsam-ransomware-attack-university-calgary-1.4924568

Thank you for taking the time to read this article.