<img height="1" width="1" src="https://www.facebook.com/tr?id=1217917531596620&amp;ev=PageView &amp;noscript=1">

Cyber Security Series: Ransomware and Unpatched/Unmanaged Equipment

Posted by The HCI Group on January 31, 2017 at 11:03 AM


There are several threats to an organization’s information and network, and these threats only increase in complexity and number as technology advances. In order for healthcare organizations to ensure that their information is secure, it is necessary for them to have a comprehensive understanding of the dangers that are out there, as well as how to prevent them.

In the first part of our Cyber Security Series, we went over Business Email Compromise, as well as how malicious actors were using it to access sensitive patient data. In today’s addition to our Cyber Security Series, we go into depth on two additional types of vulnerabilities: ransomware and unpatched, unmanaged equipment.

1) What is Ransomware?

Ransomware is probably the most common mechanism used by hackers. They will spearphish and utilize drive-by hacking – a method in which hackers use email, shady executable files, and Internet web pages to install malicious software on your computer – and watering hole types of attacks, which utilize guessing strategies to infect frequently used webpages with malware. These types of attacks are not very sophisticated, but the hackers who use attacks like these are getting very good at them.

To understand how ransomware such as this works, let’s use The HCI Group website as an example. If HCIs page has been compromised, these hackers can put a piece of malware on the site, and then send emails to individuals as they visiting the site. When users open these emails, the ransomware will go into effect. There is lock screen ransomware, which locks your system and demands a ransom for letting you access it once again, and there is encryption ransomware, which changes the files in your system and demands money to decrypt them again.

2) How Can You Stop Ransomware?

Our number one recommendation when it comes to simple security against ransomware is application whitelisting. Application whitelisting is the process of adopting a vetted index of approved software applications that are permitted to be present and active on a computer system, and only allowing the applications that are supposed to run on your environment to run. This may frustrate some of your employees, but it will be important to remind them that it is the simplest way to keep your environment secure.

Another method of stopping ransomware that utilizes some application whitelisting is Group Policy. Group Policy is an application within Microsoft Windows where you can control what your users can and cannot do. Because Windows has application whitelisting and Group Policy mechanisms directly built into it, you don’t have to spend a lot of money on them, you simply have to turn them on.

Finally, a more high-level type of ransomware mitigation involves Next-Gen AV (Anti-Virus) software. Next-Gen AV examines all the processes on every endpoint to create algorithms that can detect and block malicious actors, along with their tools, tactics, and procedures. While Next-Gen AV can be effective, more traditional types of ransomware attacks can be protected against easily through application of whitelisting.

3) Unpatched and Unmanaged Equipment

Unpatched and unmanaged equipment is a big issue in most companies. Most organizations you will see today will go out and implement dozens of the top security tools available. However, the use of unpatched and unmanaged equipment gives hackers another form of entry for causing serious security risks to organizations. This becomes especially dangerous when it happens to hospitals whose life-saving equipment is capable of being compromised. One of the main reasons this happens is the lack of accountability – most organizations just want to deploy and use equipment. However, they don’t patch it or update it, even though it is connected to the Internet or the network. MRI machines are a very good example of this. Many MRI systems run on Windows 2000 OS, which has not been patched for a very long time, and therefore has many vulnerabilities – all while being connected to your entire healthcare environment.

4) What Can Be Done About Unpatched and Unmanaged Equipment?

The two best strategies to avoid the vulnerabilities that go along with unpatched and unmanaged equipment include developing a good patching policy in addition to ensuring that you manage what you buy. Keeping up with the updates that come out for software can greatly reduce many of the issues that can be seen with out-of-date software and equipment, and buying up-to-date equipment from the start can also be of great benefit.

A more sophisticated approach would be to use a vulnerability scanning platform. Vulnerability scanners work by automating security auditing, which can play a crucial role in regards to the security of your IT system. They will scan your network and websites for various different security risks, create a list of what needs to be patched, go into detail on the vulnerabilities, and even give instruction on how to remedy the issues. The only issue with vulnerability scanning platforms, however, is that more sophisticated ones can be quite pricy.

While there are many vulnerabilities that hackers can use to gain access to an organizations information or network, there are also many methods to mitigate them. For example, the utilization of application whitelisting, Group Policy and Next-Gen AV, allows organizations to greatly reduce the effects of ransomware, and through good patching policies and vulnerability scanning platforms, they can better protect from the damage that using unpatched and unmanaged equipment can bring.

For more information on Cyber Security, or to be informed when the next addition to our Cyber Security Series will be published, make sure to subscribe to our blog.

Download the Cyber Security Webinar

Topics: Cyber Security

Subscribe to our newsletter

Posts by Topic

see all