Ransomware is getting worse

There has been another high-profile ransomware attack and this one could possibly be more significant that the ones before.  

We covered ransomware awhile back, on what it was and how it is a growing threat. You can read that blog here. 

Just last week, Colonial Pipeline, which accounts for 45% of the US East Coast’s fuel, was attacked by ransomware. It took down its systems and forced them to shut down operations.  

https://www.zdnet.com/article/colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45-of-east-coasts-fuel/

Also last week, Scripps Health, a very large hospital network with over 10,000 employees and 7,000 patients, got taken down by a cyberattack.

https://www.10news.com/news/local-news/scripps-health-ceo-addresses-cyberattack-in-an-internal-memo

and

https://healthitsecurity.com/news/scripps-health-ehr-patient-portal-still-down-after-ransomware-attack

both cover that news and the implications they are still dealing with.

In the past year there has been well over $215 million in damages from ransomware attacks around the world.  

With most of the workforce still working from home in 2021, due to the Covid-19 pandemic, its making cyberattacks and ransomware much easier to pull off. Where employees and their PCs were once safely behind the office firewall, are now at makeshift workstations in their home office, bedrooms, or kitchen, using all manner of cobbled-together technologies to get the job done. 

Companies now have a MUCH bigger attack surface. This is due to employees now on all different networks and at various locations. They are no longer working within their organization’s network and covered under its normally secure protection and firewall settings. Some are smart and using a secure VPN connection to stay within their office’s network protection, but most are not. ZDNet has a great article by Danny Palmer on this topic as well.  

If you suspect you or your company has been affected by Ransomware, I am sure your first thought is to shut down or reboot all the computers and server(s) in your office. This is something that you DO NOT want to do. Shutting down or rebooting may lead to restarting a crashed file-encryption process and potential loss of encryption keys stored in the memory.  

Experts instead recommend that victims just hibernate their computer(s) and disconnect it from their network. (Easiest way is to pull out the network cable from the back of it, if it is hardwired to the internet). If you suspect more than one machine is affected, disconnect the office network switch(s), and cut its connection to the internet to keep the infection from spreading further if possible. Once done, it is advised to reach out to a professional IT support firm for further steps. 

Victims should take note that there are two stages of ransomware recovery process they must go through. 

The first is finding the ransomware’s artifacts — such as processes and boot persistence mechanisms — and removing them from an infected host. 

Second is restoring the data if a backup mechanism is available. 

When companies miss or skip the first step, rebooting the computer often restarts the ransomware’s process and ends up encrypting the recently restored files, meaning victims will have to restart the data recovery process from scratch. 

In the case of enterprises, this increases downtime and costs the company operating profits. 

To learn more about dealing with ransomware attacks, you can check out the Emsisoft guide on how to remove ransomware and Coveware’s first response guide on dealing with a ransomware attack. 

Above all please keep up with regular training and remind your employees and co-workers, not to click on any questionable links or download anything that they are not sure of. Stress that if they should ever question something, it is always best to just ask their IT department about it first. While it might create more work to make sure something is legit or safe for you to use, it will tremendously save the company in the long run from massive expenses incurred from getting infected by ransomware. 

Stay safe out there everyone. 

Disaster Preparedness

Disaster preparedness means knowing what type of disasters you might face and what to do in each situation. Living in Idaho? You probably don’t need to worry about hurricanes. California? Better be ready for an earthquake, but don’t overlook the chance of severe weather, fires or even an Ebola outbreak. Unfortunately, disaster can strike anywhere in the country. The American Red Cross has a list of possible disasters that may affect you at http://www.redcross.org/get-help/how-to-prepare-for-emergencies/types-of-emergencies
The following tips can help you prepare for whatever Mother Nature throws at you.

1. Learn your area’s evacuation routes and shelter locations.

While a hurricane is bearing down on your home or after a flash flood warning has been issued, is not the time to figure out where you will go. Evacuations are common and it will serve you well to know the details ahead of time. You should know all the escape routes from your home, including the more obscure ones, such as getting out of that ground-level window in your bathroom. If you have children, draw them a home fire escape plan and post it near their bedroom door. Plan a meeting spot for your family to regroup if you must evacuate your home. Pick one meeting location right outside your home and one outside the neighborhood in case you must leave the area. Decide ahead of time where you would go in case of an evacuation, whether it’s a friend or relative’s house or a Red Cross shelter.

2. Have an Emergency Go Kit and know how to use it.

You should have an Emergency Go Kit with some basic necessities. Necessities include food, water, basic first aid supplies, and other emergency equipment that you already have (such as flashlights, rope, lighter, knife and duct tape). The key is to have this kit assembled and ready to use in an easy-to-grab bag, not scattered all over your house. Make sure everything is in working order and items aren’t expired. Some kits are available for purchase pre-packed, but remember, if you don’t know how the items work, they could be useless. Don’t forget prescription medication and important documents, such as Social Security card, driver’s license, credit card, birth certificate, etc. Keep items near your kit so they are easy to grab. Ready.gov and RedCross.org have additional tips at the links below.

http://www.redcross.org/get-help/prepare-for-emergencies/be-red-cross-ready/get-a-kit

https://www.ready.gov/build-a-kit

3. Keep an updated USB flash drive loaded with a copy of your important digital documents and family photos in your “Emergency Go Kit”.

Chances are if you need to evacuate your home, you may not have the time or space to grab your computer. It is advised to keep any important digital copies of documents you may need, along with any family photos and files you do not want to risk losing, on a USB flash drive in your go kit. Another option is to keep them on a secure online cloud storage system, (Dropbox, Google Drive, etc…) that you can access from another computer at a different location if needed.

4. Know how you’ll reconnect with people who matter to you.

If cell networks aren’t working, you don’t just need to worry about how your Netflix stream will be affected. Consider how you will contact your family or friends to let them know you’re safe. Figuring this out ahead of time can make everything much easier in a difficult situation. According to the America Red Cross, use an out-of-area emergency contact to have family members check in with, since it may be easier to make long distance calls. Everyone should also have a list of emergency contacts and local emergency numbers.

5. Remember those who may need special preparation.

Children, infants, seniors and those with disabilities may need special consideration while planning for an emergency. In an evacuation, remember to take any needed medication or special equipment. Talk with your neighbors about how you can help one another and check on each other in case of a disaster.

6. Learn what to do if you’re caught away from home.

Obviously, you may not always be at home when disaster strikes. In the case of an unexpected emergency, you should be prepared to react from different locations, including your workplace or car. As mentioned before, know your evacuation routes, communication plan and how you’ll receive emergency notifications. Have a plan for reconnecting with your children, who may be at school, daycare or after-school activities. Talk to your children’s schools about how they will communicate with families in case of an emergency, if they have a shelter-in-place plan, and where they will go if they have to evacuate.

7. Prepare for your pet’s needs.

If you need to evacuate, you should never leave your pet behind. Try to evacuate to a friend or family member’s house, as pets may not be allowed inside public shelters. Keep a pet emergency kit on hand with food and other important items. The ASPCA recommends microchipping pets so they can be identified and returned to you even without tags (or you may want to invest in a GPS tracker so you can find them yourself). The ASPCA has an app that helps you keep track of animal records required to board pets at an emergency shelter and has other helpful tips for a variety of situations.

8. Sign up for emergency alerts and know how officials will communicate with you during a disaster.

You can get emergency alerts on your cell phone if you haven’t disabled them already. The blaring noise overtaking the silent mode on your phone can be annoying, but this is probably the best way to be informed about emergencies. The emergency alert system also broadcasts over radio and television. NOAA weather radio can alert you if severe weather is expected – 24 hours a day, seven days a week. Tune into social media as well, but don’t rely on it exclusively, as you may lose internet connection.

9. Learn emergency skills that can always come in handy.

Knowing little things can make a huge difference, such as how to use a fire extinguisher or perform basic first aid. Get trained in CPR or the even simpler hands-only CPR, which could help save someone’s life when you least expect it. Learn how to shut off utilities in your house in case of a disaster that may damage gas, water or electrical lines.

10. Find out how to help your community during a disaster

Want to help out even more? Learn how you can be a community leader during a disaster or teach others how to be prepared. Various volunteer positions with local emergency response agencies or nonprofits are always needed.

Disaster can strike at any time, but by planning ahead we give our families the best chance of getting to safety.

Why hackers are going after healthcare records…

 

When data is stolen from a bank, it quickly becomes useless once the breach is discovered and passwords are changed. However, data from the healthcare industry, which includes both personal identities and medical histories, can live and affect people for a lifetime.

Cyberattacks will cost society more than $305 Billion over the next five years.   According to industry consultancy, Accenture, 1 in 13 patients will have their data compromised as a result.

chart

The healthcare sector is uniquely vulnerable to privacy breaches.  Recent government regulations have required healthcare providers to adopt electronic health records (EHR) under the Patient Protection and Affordable Care Act.  This has the potential to expose patient data to potential compromise unless providers make equal investments in the security of the systems used to house and manage that data.   To comply with legal requirements, healthcare organizations often store detailed medical information for many years. The probability of a breach and the potential severity of the consequences increases according to the amount of data store and the length of time it is stored.

To a hacker, healthcare records contain valuable information, including Social Security numbers, home addresses, and patient histories. Criminals can sell this data for a premium on the black market, providing incentive to focus attacks on the healthcare industry.

With the push toward integrated care, medical data is being shared with many different entities whose employees may have access to patient records. This extended access to medical records also increases the potential for privacy breaches.

In summary, as companies move to digital record-keeping, the industry is so focused on regulatory compliance, that cybersecurity has largely been a secondary thought. Companies with legacy systems are trying to connect to and integrate EHRs. Security is not always considered an integral part of that, and patching systems are always filled with issues.

Source:

https://www.accenture.com/t20150723T115443__w__/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_19/Accenture-Provider-Cyber-Security-The-$300-Billion-Attack.pdf

‘Ransomware’ a growing threat

It is 6 a.m. and you’re drinking your favorite cup of coffee as you sit down at your computer to check your daily emails. You get a message from UPS with an attachment that says “track your shipment”.  “Hmm…” you wonder to yourself, “I don’t remember ordering anything. Maybe someone sent me gift or something?” You then proceed to click on the attachment to track your package. Suddenly your computer screen blinks and starts acting weird, a window pops up with a warning…

ransomware example

 

ransonware 2

You sit there in shock as you slowly come to realize you have just gotten infected with some kind of a virus.  You start to panic as you start checking your various files on your computer and are finding out that you cannot open them up as they are encrypted. “Oh no…” you whisper to yourself, “How could this have happened? All the photos of my kids growing up over the years, all my scanned banking statements, PDF copies of my Tax returns, my resume, my entire music library that I have spent the last 6 months ripping my music CD collection to…. All encrypted! I don’t have any backup copies anywhere!” you scream to yourself in horror.

That scenario could have very well happened to you. More and more people and businesses these days are falling victim to “ransomware”. Ransomware is a malicious code that locks up computer files and cybercriminals demand a ransom to free them.  “Ransomware” may have many various names and variants, but they all have one goal in mind. To hold every digital file you own on your computer as well as across your network, hostage until you pay their ransom fee, typically by paying an online currency, such as Bitcoin. Once paid, you might get a “key” and be able to unlock your files. However there have been several cases of this not happening at all, after a ransom is paid and files have been permanently lost.

Some of the more recent and known ransomware code names are “Petya”, “ Jigsaw”, “Crypto-locker”,  “CryptoWall”, “Rokku”, “KimcilWare”, “Coverton”, etc…  Usually ransomware will have you go buy a green dot money card from your local Walgreens or Walmart, and load up the specific dollar amount they are asking for. They will have you follow instructions to convert that amount into Bitcoin (which is currently untraceable) and send it to them over the “Dark-web” using a Tor browser or something similar.

Most ransomware is delivered via email. The typical overall themes are usually shipping notices from delivery companies or purchase orders. In the past year, we have seen the content of these emails being both near-perfect in local languages and also looking much more legitimate than previously. While the majority of ransomware attacks still happen opportunistically, you will often see them being ‘localized’ so they fit their targeted countries. Also, many attacks are being delivered by mass random emails. The intention is to infect as many as possible to maximize the chances of getting a result. Ransomware is also delivered via drive-by-download attacks on compromised websites. Although the problem is well known, avoiding infection is a bigger problem, as well as what to do when you are infected.

Because ransomware is able to encrypt files on mapped network drives, disconnect the mapping where possible if you are not using the drive. Organizations must make sure backups are not accessible from endpoints through disk mounts; otherwise those will be encrypted as well. Once the backups are done and stored securely, we recommend checking that the backups are working and that you can recover from them.

The best way to recover from an attack by ransomware relies largely on if a good backup policy is employed for your data and its entire system backups. Regular backups are the most reliable method for recovering infected systems, which makes it all the more important to prevent the initial infection. Rather than a simple backup, in order to be effective, a backup must be “dated”, with older versions of files available in case newer versions have been corrupted or encrypted. Also get into the habit of storing backups in an offline environment, because many ransomware variants will try to encrypt data on all connected network shared and removable drives. It’s imperative to always have known good and up-to-date backups that are as close to real time as possible. One thing to consider is making sure you don’t overwrite your backups with the compromised data, so that when you go to restore, you are able to. If backups are not an option, you may be able to use Windows’ own shadow copies to restore files, if the ransomware has not disabled its use.

Having a layered approach to security is one of the clichés of modern infrastructure, but for repelling ransomware, it should be taken very seriously.  The best way to protect against a virus is to have defenses set up to ensure you never receive any viruses in the first place. Deploying a layered approach, utilizing technologies such as anti-virus, web filtering and firewalls will help prevent this from happening to you. More modern consumer security software now contains personal firewalls and web filtering alongside the more traditional anti-malware.

Current ransomware will typically run an executable from the App Data or Local App Data folders, so it is best to restrict this ability either through user policy, Windows or by third-party prevention kits that are designed for this purpose. As well as adopting a layered approach, getting software patches installed and being up-to-date remain the best form of security.

The final piece of advice to protect against malware is to ensure your user privileges are locked down. Most organizations or people sharing a home computer are not watching or analyzing all their users’ activities. Cyber criminals will return to someone who paid, so payment to recover your files simply confirms that you will be a good target for future attacks and scams. Most malware will execute with the same privileges as the victim executing the payload. If the person getting compromised has local or global administrative privileges, the malicious code will have access to the same resources. In the instance of ransomware, this also means ransomware will have the capacity to encrypt data across network drives, shares and removable media.

Infection by ransomware does happen. There are free tools that exist from companies such as Kaspersky and Cisco that may work in removing them. There are websites such as www.bleepingcomputer.com  and www.thehackernews.com that have great tutorials on how to remove some of the more popular ones. The worst thing about a restore is the time it takes, but this is obviously less expensive than paying a ransom.

Of course, the biggest problem with paying ransoms is that you are dealing with criminals, and there is no guarantee that the victim will get their data back, or that the attacker will not leave other forms of malware running on the system. Like other scammers, cyber criminals will return to someone who paid, so payment to recover your files simply confirms that you will be a good target for future attacks and scams.

If you are a victim, then consider the sensitivity of your data, your profile and the sophistication of the attacker before you pay, because low sophistication in communication could mean low quality of encryption.

This is a modern problem in malware, combining both sophisticated and basic tactics, and people are still getting caught, despite the fact that there are fairly straightforward methods to avoid becoming a victim.

As ransomware gets more and more advanced, you will start hearing about it on the news more often.  You can almost guarantee that a lot of companies have been affected by it as well, but have elected to keep it under wraps. If word got out that their confidential data was affected, it could potentially ruin a business.

Here are a few recent news articles of events of ransomware that had happened…

http://www.wsj.com/articles/ransomware-a-growing-threat-to-small-businesses-1429127403

http://thehackernews.com/2016/02/ransomware-medical-record.html

http://thehackernews.com/2015/10/fbi-ransomware-malware.html

http://www.reuters.com/article/us-apple-ransomware-idUSKCN0W80VX

http://arstechnica.com/security/2016/04/ok-panic-newly-evolved-ransomware-is-bad-news-for-everyone/

http://www.scmagazine.com/ransomware-and-pos-attackers-to-zero-in-on-small-businesses-retailers/article/466318/

http://www.cio.com/article/3055323/security/ransomware-world-war-business-and-the-post-modern-cio.html

The Impact of Creative Expression on Aging Adults

By: Deb Rogers

Creative expression through arts and crafts for the adult can have a positive impact on the overall health and well-being for the aging adult. For adults affected with dementia, arthritis and even some with visual impairment, arts and crafts can often impact their quality of life.

Activities such as music, dance, and various forms of art such as painting, writing, and making things by hand can play an important role in maintaining and improving physical, mental and psycho-social well-being. In a loved one with Alzheimer’s or other forms of dementia, creative activities can boost cognitive function by stimulating the brain. It may even stir memories or provoke language in someone who struggles to speak. Music for example, can reduce agitation, behavioral issues and encourage movement with clapping and or dance. The older adult with visual impairment or dementia may enjoy activities more tactile in nature such as finger paints, beads, or clay. Activities which involve fine motor skills help to keep joints in the fingers from stiffening. Even rolling a ball of yarn can be therapeutic.

In long term care facilities Activity Directors and Occupational Therapists have long used art to restore and maintain function, promote cognitive skill, concentration and stimulate eye hand coordination. In addition to mental stimulation and general well-being, art also promotes opportunities for socialization preventing feelings of isolation and boredom, depression and increased anxiety. One-to-one programs are often provided in the long term care facility to those who are unable or unwilling to participate with the general population.

Art Therapy is a mental health profession which uses the creative process to help restore a “sense of personal well-being” and is practiced in various types of settings from wellness centers to hospitals and even private practice. Art therapy can provide the opportunity to communicate what may be difficult to express in words, provide and outlet for emotions and increase self-esteem just to name a few benefits. Art Therapy can even help the older adult transition into long term care or assisted living due to life changes.

Remember, art in all forms stimulates creative thinking and the senses; relieves stress and promotes relaxation; prevents isolation, loneliness and boredom; improves muscle tone and stimulates eye hand coordination; prevents depression and anxiety and improves cognition.

Sources:

http://www.americanarttherapyassociation.org/SeniorToolkit/SENIORTOOLKIT.pdf

http://www.arttherapy.org/upload/whatisarttherapy.pdf

http://www.aplaceformom.com/blog/10-17-14-facts-about-senior-isolation/

http://www.boomers-with-elderly-parents.com/elderly-activities-crafts.html

http://www.holidaytouch.com/retirement-101/senior-living-articles/creativity-and-aging-benefits-of-art-on-senior-health

http://www.nursinghomeactivitiesresource.com/crafts-for-seniors.shtml

http://www.sciencedirect.com/science/article/pii/S0890406599000213