A guide to detecting an attack before its too late
In February 2016, the computer network at Hollywood Presbyterian Medical Center (HPMC) was down for more than a week as the Southern California hospital worked to recover from a ransomware attack. Hospital administrators declared an internal emergency as staff struggled to access patient records and computer systems critical for patient care. Some patients had to be transported to other hospitals to maintain their continuity of care. All the while, attackers held the hospital’s computer systems hostage until a ransom of 40 Bitcoins — approximately $17,000 — was paid. Only then could the hospital regain use of its files that had been surreptitiously encrypted by malware.
Since then, at least three more healthcare organisations have reported business disruptions due to ransomware attacks. And there will be others now that cybercrime syndicates have discovered how lucrative this type of attack can be. HPMC may have gotten off easy with a ransom of only 40 Bitcoins. Criminals know that many organisations would pay far more than that in order to restore their systems to working order. According to the Institute of Critical Infrastructure Technology (ICIT), “To pay or not to pay” will be the question fuelling heated debate in boardrooms across the U.S. and abroad.
Is your organisation prepared for a ransomware attack? Successfully defending your organisation against such an attack takes preparation and an understanding of what to look for if an attack begins. This guide shares the expert knowledge that researchers at LogRhythm have gathered about how ransomware attacks begin, how they progress through your endpoints and network, and what you can do to prevent them, or at least shut them down, to avoid serious repercussions.