Ransomware. It's the bane of the IT world, so much so that it's ended up on the FBI's radar. Also called encryption malware, ransomware extorts its victims by encrypting files and then demanding a ransom before freeing the data. In recent months, no sector has been hit harder than health care. If there was one iota of comfort about ransomware, it was that hackers seemed to be playing by their own rules.
On May 23, that single iota of comfort met a swift end.
Kansas Heart Hospital: The game changer
Upon being infected with ransomware, Kansas Heart Hospital in Wichita was backed into a corner. It could either pay an as-of-yet undisclosed sum of money, or it could accept that it would never see certain files again. Under the assumption that the hackers would acquiesce – as they did a few months ago when a Hollywood hospital met cyberattackers demands – they paid the requested ransom. It's always risky giving in to hackers' demands, and this time, that risk quite literally did not pay off.
Brazenly, the cyberattackers did not decrypt all the files, and they came back at the hospital with yet a second ransom demand. This isn't the fist time hackers have stiffed a victim. Last year, an email encryption service called ProtonMail was hit by a distributed denial-of-service attack, paid the requested $6,000, only to continue to be barraged by the DDoS attackers. However, it is the first high-profile case of ransomware in recent memory, if ever, in which hackers hiked up their demands.
In 2015, the FBI actually recommended that in the event of ransomware, it's in a company's best interest to pay up, according to Business Insider. As far as honesty among thieves goes, hackers making good on their word sort of makes sense from a business perspective. Organizations are more likely to pay a ransom if they believe that they will in fact get their files back – which Kansas Heart obviously did not.
In this way, the event sets a precedent: There's no guarantee that hackers won't ask for more money. This is terrifying because it raises the stakes of ransomware. At the same time, it may be the grain of rice that tips the scales. If organizations feel that paying hackers is no longer a viable option, they might actually invest in measures that can prevent and mitigate the damage of ransomware. The million dollar question is, is there a solution that can do that?
Managed detection and response services stop ransomware
"MDR services help fight ransomware by detecting early signs of it."
The answer is yes, and the name of the solution is managed detection and response services (MDR). Its purpose, like SIEM, is to monitor corporate networks for signs of known and unknown threats, and like a security operation center, a team of security engineers mans the helm.
MDR services help fight ransomware by detecting early signs of it, like flagging email messages with attachments that are received in multiple employees' inboxes at 2:30 a.m., and are sent from a foreign country. Or maybe, an unknown program has just been executed on a specific machine. In either scenario, MDR would detect and prevent the incident from doing damage so that no ransom would have to be paid.
There's hope yet for hospital networks.