Hit by Ransomware? Check out these tools to see if any of them can help you.

Ransomware stock image

If you’ve been hit by ransomware, check out the tools found here to see if any will unlock your files. There are over 121 ransomware decryption tools and it’s growing every day.

Another couple website that we like to check for virus/ransomware removal tools is bleepingcomputer.com and majorgeeks.com

Here’s a recent article covering The No More Ransom website listed above.

“The project, founded by Europol, the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky, and McAfee, launched five years ago and has grown to involve 170 partners across law enforcement, cybersecurity companies, academia, and others. 

The No More Ransom portal now offers 121 free ransomware decryption tools which can decrypt 151 ransomware families. They’ve helped more than six million ransomware victims recover their encrypted files for free – all without the need to give into the demands of cyber extortionists. 

Available in 37 languages, ransomware victims around the world have used the portal to help against ransomware attacks. The website’s ‘Crypto Sheriff‘ allows users to upload encrypted files to help identify which form of ransomware they’ve fallen victim to, then directs them to a free decryption tool if one is available.”  

Ransomware is getting worse

ransomware stock image

There has been another high-profile ransomware attack and this one could possibly be more significant that the ones before.  

We covered ransomware awhile back, on what it was and how it is a growing threat. You can read that blog here. 

Just last week, Colonial Pipeline, which accounts for 45% of the US East Coast’s fuel, was attacked by ransomware. It took down its systems and forced them to shut down operations.  

https://www.zdnet.com/article/colonial-pipeline-cyberattack-shuts-down-pipeline-that-supplies-45-of-east-coasts-fuel/

Also last week, Scripps Health, a very large hospital network with over 10,000 employees and 7,000 patients, got taken down by a cyberattack.

https://www.10news.com/news/local-news/scripps-health-ceo-addresses-cyberattack-in-an-internal-memo

and

https://healthitsecurity.com/news/scripps-health-ehr-patient-portal-still-down-after-ransomware-attack

both cover that news and the implications they are still dealing with.

In the past year there has been well over $215 million in damages from ransomware attacks around the world.  

With most of the workforce still working from home in 2021, due to the Covid-19 pandemic, its making cyberattacks and ransomware much easier to pull off. Where employees and their PCs were once safely behind the office firewall, are now at makeshift workstations in their home office, bedrooms, or kitchen, using all manner of cobbled-together technologies to get the job done. 

Companies now have a MUCH bigger attack surface. This is due to employees now on all different networks and at various locations. They are no longer working within their organization’s network and covered under its normally secure protection and firewall settings. Some are smart and using a secure VPN connection to stay within their office’s network protection, but most are not. ZDNet has a great article by Danny Palmer on this topic as well.  

If you suspect you or your company has been affected by Ransomware, I am sure your first thought is to shut down or reboot all the computers and server(s) in your office. This is something that you DO NOT want to do. Shutting down or rebooting may lead to restarting a crashed file-encryption process and potential loss of encryption keys stored in the memory.  

Experts instead recommend that victims just hibernate their computer(s) and disconnect it from their network. (Easiest way is to pull out the network cable from the back of it, if it is hardwired to the internet). If you suspect more than one machine is affected, disconnect the office network switch(s), and cut its connection to the internet to keep the infection from spreading further if possible. Once done, it is advised to reach out to a professional IT support firm for further steps. 

Victims should take note that there are two stages of ransomware recovery process they must go through. 

The first is finding the ransomware’s artifacts — such as processes and boot persistence mechanisms — and removing them from an infected host. 

Second is restoring the data if a backup mechanism is available. 

When companies miss or skip the first step, rebooting the computer often restarts the ransomware’s process and ends up encrypting the recently restored files, meaning victims will have to restart the data recovery process from scratch. 

In the case of enterprises, this increases downtime and costs the company operating profits. 

To learn more about dealing with ransomware attacks, you can check out the Emsisoft guide on how to remove ransomware and Coveware’s first response guide on dealing with a ransomware attack. 

Above all please keep up with regular training and remind your employees and co-workers, not to click on any questionable links or download anything that they are not sure of. Stress that if they should ever question something, it is always best to just ask their IT department about it first. While it might create more work to make sure something is legit or safe for you to use, it will tremendously save the company in the long run from massive expenses incurred from getting infected by ransomware. 

Stay safe out there everyone. 

Why hackers are going after healthcare records…

 

When data is stolen from a bank, it quickly becomes useless once the breach is discovered and passwords are changed. However, data from the healthcare industry, which includes both personal identities and medical histories, can live and affect people for a lifetime.

Cyberattacks will cost society more than $305 Billion over the next five years.   According to industry consultancy, Accenture, 1 in 13 patients will have their data compromised as a result.

chart

The healthcare sector is uniquely vulnerable to privacy breaches.  Recent government regulations have required healthcare providers to adopt electronic health records (EHR) under the Patient Protection and Affordable Care Act.  This has the potential to expose patient data to potential compromise unless providers make equal investments in the security of the systems used to house and manage that data.   To comply with legal requirements, healthcare organizations often store detailed medical information for many years. The probability of a breach and the potential severity of the consequences increases according to the amount of data store and the length of time it is stored.

To a hacker, healthcare records contain valuable information, including Social Security numbers, home addresses, and patient histories. Criminals can sell this data for a premium on the black market, providing incentive to focus attacks on the healthcare industry.

With the push toward integrated care, medical data is being shared with many different entities whose employees may have access to patient records. This extended access to medical records also increases the potential for privacy breaches.

In summary, as companies move to digital record-keeping, the industry is so focused on regulatory compliance, that cybersecurity has largely been a secondary thought. Companies with legacy systems are trying to connect to and integrate EHRs. Security is not always considered an integral part of that, and patching systems are always filled with issues.

Source:

https://www.accenture.com/t20150723T115443__w__/us-en/_acnmedia/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Dualpub_19/Accenture-Provider-Cyber-Security-The-$300-Billion-Attack.pdf