Thought ransomware was history? Think again!
Medical testing giant LabCorp remains in a state of disarray after a ransomware attack struck its offices over a week ago. The company is not saying how hackers got in, but one thing is certain—the impact is huge!
I’m sure many of you have already heard the devastating news of LabCorp, but if you haven’t the company reported “suspicious” traffic going over their network last Sunday. After evaluating what was going on, LabCorp’s IT department verified that patient records were impacted.
Several cybersecurity experts were able to verify the presence of SamSam virus on the network. SamSam is notorious for crawling networks quickly and infecting everything in its path (along with encrypting all files it comes across). With LacCorp, this SamSam attack is particularly bad. Experts estimate that over 1900 servers were impacted, amounting to likely millions of records.
How did SamSam likely get onto the LabCorp network?
In all odds, the virus is believed to have moved onto LabCorp’s network from an RDP (remote desktop protocol) attack. This attack uses brute force methods to breach a network and proliferate within it.
Some recent variants stealthily evaluate each and every computer—it will only encrypt after making sure that it is connected to a network that will allow it to proliferate more.
The LabCorp variant has also taken down large healthcare systems and government networks, including the entire city of Atlanta.
While LabCorp was able to identify the attack within a day of being infected, most folks don’t realize they’ve been infected with SamSam or other ransomware until weeks or months after a preliminary infection. This happens because many of the viruses work silently in the background until ground is fertile for the biggest attack possible.
In the case of LabCorp, that attack that took a day was able to encrypt 7 thousand systems, 1900 servers (350 of which were production servers storing active patient records). It took over a week for LabCorp’s IT Support to bring the network back online. In comparison, a rural hospital or mid-sized business tends to take at least 2 weeks, if not a month, to recover from a ransomware event (meaning that team members were able to completely access their digital files).
Why does Ransomware Continue To Pose Such a Serious Threat On Your Organization?
Ransomware variants like SamSam have been evolving since their inception. Some new highly virulent strains actively targeting businesses and hospitals alike have been seen 3 or 4 years ago, but now they’ve become more successful at targeting very specific vulnerabilities, change their attack targets as intel changes, and remain completely undetected by antivirus software through changes in virus behavior.
What are some steps you can take to protect your business?
Limit your RDP—limit or eliminate RDP access to your network. Plain and simple, bad guys see this entry point as an easy way to hack into otherwise well-protected network environments.
Prioritize your updates—more likely than not, every single piece of software you use has security vulnerabilities that ultimately could make you vulnerable to a cyberattack. Consider updates and patches to known vulnerabilities a priority in order to keep bad guys from easy attacks.
Monitor your network—understanding how your network normally hums (i.e., knowing what activity is normal for your team) will enable your IT Support team to be alerted to suspicious activity, like LabCorp.
Backup and segregate your data—backup your entire network at intervals that make sense (if your team is working tirelessly every day, daily backups might make the most sense). Keep your backups off your primary network to prevent their demise in the event of a cyberattack.
Implement an enterprise-wide response plan—having a disaster recovery protocol that everyone on your team understands is critical in response to cyberattacks or any other disaster. Being able to recover enables your office or hospital to completely recover quickly from major problems.
Are you sure you keeping your network safe from cyberattacks? Contact us for a free ransomware vulnerability assessment!