How do you deal with a ransomware attack and what are the possible outcomes? Consider these three very different cases:
- Hollywood Presbyterian Medical Center: Hollywood Presbyterian is a large hospital in Southern California with almost 500 beds.
Earlier this year it was hit by a massive ransomware attack. Specifically, the hospital’s computer systems were infected by a malware program called Locky. Locky is typically sent to an unsuspecting user via email, and recipient opens an infected Word document in order to infect their system.
In the case of Hollywood Presbyterian, it’s not clear who downloaded the malware, but it doesn’t matter. Soon after, staff members were soon locked out of their computers and cybercrooks were demanding an unusually large ransom for a ransomware attack: $17,000 (40 Bitcoin.)
How did the hospital react? According to their statement,
On the evening of February 5th, our staff noticed issues accessing the hospital’s computer network. Our IT department began an immediate investigation and determined we had been subject to a malware attack. The malware locked access to certain computer systems . . . Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online.
And then what? Within three days, the hospital paid the ransom:
The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.
The hospital then received the decryption key, unlocked its computers, and went about its normal operations. For them, paying the ransom made sense. But industry watchers and bloggers speculated this meant the hospital did not have a backup plan
- The Ottawa Hospital: The Ottawa Hospital in Canada is a large teaching hospital with over 1,000 beds and almost 10,000 computers.
In March, 2016, four staff members complained that they could not access their computers, and ransomware turned out to be the culprit. And again, the virus was spread employees clicking on infected email attachments. Here, the malware was a variation on the infamous CryptoLocker software, something called the WinPlock virus.
In this case, the malware was unable to infect the rest of the system and Ottawa Hospital IT specialists were able to contain it by wiping the hard drives of the infected computers.
No ransom was paid. In this case, the hospital had reliable backup, according to Healthcare Informatics.
- Gigabit Geek: To show you just how truly vulnerable we all are to the potential destructive power of ransomware, consider the ironic case of Gigabit Geek. Gigabit Geek is an IT consultancy in Illinois.
The attack started out innocently enough, with one user reporting a missing file. Before long. several users across multiple offices were reporting absent files. The company soon discovered that it had been attacked by the CryptoWall virus and 90% of its files were locked down.
Like the Ottawa Hospital, Gigabit was soon able to locate the culprit computer and was able to wipe the infected hard drive clean, but the damage had been done. The ransom was not paid, and files were lost. Gigabit then went about the time-consuming process of manually restoring all of its files; a process that took several weeks.
The lesson from these three very different experiences? You must have a tested data back up and disaster recovery plan in order to avoid paying either ransom, or taking your staff and IT resources down a long and costly road of restoring data manually.
About Steve Strauss
Steve Strauss is often called the “most popular small business columnist in America.” The senior USA TODAY small business columnist, Steve is a regular contributor to The Huffington Post, ABC News, Yahoo, and many other outlets. He is a best-selling author of 17 books, including The Small Business Bible and is a recovering attorney who regularly speaks around the country and around the world about entrepreneurship and global trends in business. Steve is also often asked to be the small business spokesperson for companies like Microsoft, Bank of America, Dun & Bradstreet, Staples, and so on. He is the Editor-in-Chief of Small Business Connection, and sits on the board of the World Entrepreneurship Forum and the national advisory boards of SCORE and P&G Pro. Whether it be blogs, video, live streaming, e-books or what have you, his company, The Strauss Group, creates cutting-edge business content for everyone from Fortune 50 companies to small chambers of commerce. His latest venture is the tech startup, TheSelfEmployed.