The FBI recently released an article discussing the spate of ransomware attacks on a variety of different entities, including hospitals. In the article, the FBI warned that ransomware attacks and the cybercriminals carrying them out are growing increasingly sophisticated. The FBI opposes paying a ransom when hit by a ransomware attack, saying that doing do incentivizes more ransomware attacks, can inadvertently fund other illegal activity, and does not always result in the restoration of access. The FBI recommends that entities focus on prevention efforts like employee training, patching operating systems and software, and restricting access to files, directories, and/or networks. The FBI also recommends that entities focus on “business continuity efforts” in case of a ransomware attack, like backing up files securely, so systems can be restored. The full listing of the FBI’s recommendations is provided below:
– Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
– Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
– Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
– Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
– Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
– Disable macro scripts from office files transmitted over e-mail.
– Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Business Continuity Efforts
– Back up data regularly and verify the integrity of those backups regularly.
– Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.