State and local health departments are on the frontlines of the COVID-19 pandemic fight providing essential services to citizens. But, at the same time as managing this crisis, these departments are also on the frontlines of the fight against ransomware. Cyber attackers, using the disruption caused by the pandemic, and also relying on the critical services offered by state and local health departments, are launching an unprecedented number of ransomware attacks designed to force health departments to pay the ransom to get their data restored and resume their essential operations.
However, health departments are seemingly becoming immune to these attacks and not paying the ransom. This was the case in a NetWalker ransomware attack earlier this month against the Champaign-Urbana Public Health District in Illinois where, despite the pressure the health district was under no ransom was paid. So what’s behind this change in response to ransomware attacks?
We had the opportunity to talk with Eric Nail, Systems Engineer for Pure Storage to find out more about why ransomware is such a persistent threat, why health departments don’t need to pay the ransom to restore their data, and other strategies they can use to mitigate the looming threat of ransomware attacks. Read on to find out why he thinks health departments shouldn’t pay the ransom and should invest that money in Flash backup and restoration solutions.
Future Healthcare Today (FHT): Why is ransomware such a significant problem for state and local health departments?
Eric Nail: Ransomware is a serious problem because it’s a low cost, low risk, high reward attack. Cyber attackers are rarely sent to jail for executing a ransomware attack, yet there’s a very high probability that they’ll receive a monetary payoff. While organizations are reluctant to discuss the issue of ransom payment, it’s widely accepted that more than half, close to two-thirds, of organizations will actually pay the ransom; that makes ransomware big business. Until this balance changes, ransomware is going to continue to be one of the most common and painful problems we face.
FHT: Is it their data that makes these organizations an appealing target, or is it the criticality of the services they deliver?
EN: What makes state and local health departments an attractive target is both the data they hold and the criticality of the services they deliver. Right now we’re seeing ransomware attacks evolve. The goal of most ransomware is to encrypt an organization’s data so it can’t be accessed until the ransom is paid, but attackers are now also threatening to reveal the data so that it can be used against the organization, along with anyone whose data is caught up on the attack. Recently, a criminal organization threatened to release sensitive information belonging to President Trump if a ransom wasn’t paid, proving that anyone with a digital footprint is a potential target. These days, no one is immune.
FHT: Are we seeing a rise in ransomware attacks during the pandemic?
EN: We are absolutely seeing a rise in ransomware attacks during the pandemic. The rapid roll-out of remote work for many employees and the criticality of the services provided by state and local health departments have created the ideal conditions for ransomware attacks to flourish. These attackers know that home computers and networks are far less secure than corporate networks and they’re taking advantage of that. They’re also taking advantage of the disruption in routines and the very human impact of this crisis to slip through our defenses.
Any time there’s a humanitarian crisis – be it wildfires, hurricanes, or a global pandemic – there’s an opportunity for criminal organizations to launch ransomware attacks via phishing emails. Combine that with disruptions, distractions, and weakened security and it creates the perfect opportunity for an attack to access and exploit valuable data.
FHT: Is paying the ransom the only option that these organizations have?
EN: It might seem like paying the ransom is the only option but, fortunately, it isn’t.
The first thing to know is that fewer than half of the organizations that pay the ransom actually get their data back. Think about that for a minute — the odds of getting your data back after paying a significant sum of money is less than 50-50. Those are not good odds.
And it gets worse. Even if you do pay the ransom and get your data back, there’s no guarantee that they won’t strike again. There are far too many organizations that have paid the ransom only to be hit again just days later. The bad guys know that the organization is still vulnerable, and they know that they’re willing to pay.
So, based on these odds and with the implementation of effective mitigation strategies, which should include both cybersecurity defenses and data management, paying the ransom really shouldn’t be considered a first, second, or third option.
FHT: What’s the alternative to defeating ransomware?
EN: Defeating ransomware is no longer just about preventing an attack from happening. State and local health departments should focus on being resilient and able to recover from an attack. Ransomware attacks are advancing so rapidly that it’s wiser to assume a breach is inevitable.
The smart strategy begins with identifying what’s going to happen when our organization is attacked and how we’re going to make the recovery process as fast and painless and possible. This recovery process is dependent partly on a solid IT security strategy, but a good data protection strategy is just as important.
Your data protection strategy is not only the last line of defense against catastrophic data loss, it also ensures business continuity and protects against reputation loss.
FHT: Data restoration isn’t on the top of anyone’s list because it’s a heavy lift, what can be
done about that?
EN: First of all, it’s important to understand that there’s a world of difference between having your data backed up and being able to get back up and running quickly. I’m mystified when I meet with IT teams that focus on backup times and retention periods, without understanding what their restore time is. It’s the restore time that matters the most during a crisis.
When the worst happens and your department’s data is unavailable, being fast is critical. Flash-based storage lets you restore incredibly quickly, usually within hours – when those hours matter the most. Not having a fast Flash-based backup and recovery solution these days leaves you dangerously vulnerable when you’re hit by ransomware, malware, or a laundry list of other threats. The good news is that Flash-based storage doesn’t cost what it used to and is now also available as a pay-as-you-go service.
FHT: Any final words of wisdom to share?
EN: Ransomware illustrates just how interconnected our organizations are. IT security isn’t just for the IT department, it’s a digital hygiene issue that everyone in the organization is a part of. From design to implementation to administration, we need to keep this important change in perspective front and center.
Good cyber defenses aren’t enough. Today’s IT department also needs a robust and fast data storage environment to restore critical data and systems quickly. In addition, an on-going education program for all employees is essential. Only when all three of these are in place can a department really be safe from ransomware. When the inevitable attack happens, they won’t have to pay the ransom and be at the mercy of attackers to continue to deliver on their mission.
Ready to learn more about defeating ransomware? Here’s a webinar that will help you navigate the complexities.