Most healthcare organizations can expect to become a target of ransomware at some point in time. For this reason, it’s imperative for organizations to understand ransomware recovery and be prepared in case of an attack. With this in mind, let’s discuss what ransomware is and what healthcare personnel can expect throughout the recovery process. Let’s get started.
What is ransomware?
Ransomware is a type of malware that encrypts a victim’s information in order to hold this data for ransom. Once the ransomware has encrypted the victim’s data, that user or organization is unable to access files, applications, or databases. This restricted access will continue until the victim pays the requested ransom, and is given the decryption key.
In order to achieve it’s goal, ransomware uses asymmetric encryption. In other words it uses a pair of keys to encrypt and decrypt the data. These keys are uniquely generated by the attacker, with one of the keys being stored on the attacker’s server, only to be made available to the victim once the ransom has been paid, although the attacker does not always honor the promise of decrypting the data upon payment. Ransomware is most often distributed using spam email or a targeted attack, and once it has been able to infect the initial machine it’s designed to spread across the network, targeting databases and file servers in order to paralyze the entire organization.
What is ransomware recovery?
Ransomware recovery is the process by which an organization is able to get up and running again following a ransomware attack. Ideally, an organization will have a strong disaster recovery plan and good data backups so that they can recover as efficiently as possible, and with the prevalence of ransomware being what it is, all organizations should assume that they will eventually be targeted and should plan accordingly by implementing strong cybersecurity.
That being said, there are a number of best practices for ransomware recovery in the event of an attack, the first of which being to document the details of the ransom note that appears on your screen when ransomware has taken hold of your machine. This is important because the note details how you are to go about paying the ransom, should you decide to do so, but it also likely contains clues that can help a recovery team determine which specific ransomware was used in the attack. This could allow the recovery team to find an existing decryption key, saving you the need to pay out a large ransom and freeing up your data more quickly.
Next, disconnect the affected computer from your network. It’s possible the ransomware will have found your network drives already, but if you work quickly it may not have found any backups, particularly those located in the cloud. This can save you from having your organization completely locked up.
Once you’ve disconnected the initially affected computer, you’ll want to consider if you want to pay the ransom. This is a difficult decision to make. Obviously, nobody wants to support criminal activity, but often paying the ransom is actually the cheapest and easiest way to recover your data. If the ransom is more than you can afford, you have the option to negotiate with the attacker as they may settle for a smaller amount. If you decide not to pay the ransom, consider the possibility that while you may have won on principle, you could end up losing more money in the long run, as recovering your data will likely take a good amount time and money.
Finally, consider hiring a company that specializes in ransomware recovery to guide you as you work through this process, regardless of whether you plan to pay the ransom or not. It’s possible that they’ll be able to perform the decryption for you, aid in paying the ransom, and confirm that the data has in fact been recovered, giving you much needed peace of mind.
There are just a few more important things to take into consideration with ransomware recovery, the first of which being not to turn off the computer immediately. It’s jarring when you realize you’ve been hit with ransomware, and you can easily get scared and turn off the computer to try to stop it, but by this time your data has already been encrypted and as long as you disconnect this computer from the network the ransomware can’t spread. You may, however, need the data in the computer for forensic analysis, so go ahead and keep it turned on.
Next, don’t erase the encrypted files. Doing so won’t leave you with anything to recover. Also, a recovery service can potentially look at those files and figure out what specific strain of ransomware attacked you, helping with recovery.
Finally, don’t forget to correct the vulnerabilities that allowed you to be hit by ransomware in the first place. There are ways to prevent ransomware attacks, and while it would have been ideal to take those precautions before being attacked, now is as good a time as any to make sure it doesn’t happen again.
Ransomware is officially a threat to most organizations, medical practices included. With this being a fact of life, being prepared and protected is the best course of action, and this is why MicroMD has found two fantastic vendors to partner with to help keep your practice safe. Black Talon Security takes over where the IT company leaves off when it comes to healthcare cybersecurity. As healthcare cyber attack prevention specialists with advanced certifications, the necessary tools, and real-world experience in healthcare cybersecurity, Black Talon Security focuses on small to medium size healthcare organizations with services that are available 24/7. They provide a holistic approach to preventative healthcare cybersecurity, which encompasses HIPAA compliance, vulnerability management, healthcare cybersecurity awareness training and penetration testing services.
MicroMD has also partnered with Medical Guardian Pros, leaders in medical practice data protection. Data Guardian Pros, Inc. (DGP) provides the first comprehensive information security and regulatory compliance solution created for medical professionals, by medical and informational security professionals and privacy experts. Unique to the industries, DGP is comprised of seasoned information security veterans and national thought leaders to provide your practice with the security it needs.
If you’re ready for more information or to get started with either of these amazing partners, visit micromd.com or call 1-800-624-8832.
About the author,
Savanna is the Marketing Communication Specialist at Henry Schein MicroMD. She schedules emails to clients, prospects, and VARs, manages social media accounts, performs research, writes blogs and eBooks, and much more while helping to support the simple yet powerful MicroMD solutions.
Looking for PM or EMR Software?
MicroMD PM and EMR/EHR is flexible and can fit almost any specialty. Let us help you get back to the business of healing.