What Does the TV Show, The Good Wife Have in Common with Ransomware?
In last season’s television series of The Good Wife, Attorney Diane Lockhart fell victim to “ransomware”. All of her client files were held for” ransom”, until she wired the hackers a ransom of $50,000.
Just another made for television story? Not so fast, the very next week, one of my clients experienced a frozen computer screen with a message that said “Your computer files are being held ransom until you wire $50,000”. Yes, in fact, they had taken over the client’s data. The data on the system was not retrievable nor were they able to use any of the system. Work came to a complete halt and all efforts were put into eliminating this takeover of ransomware.
What steps could this client had put in place to prevent this? Identified below are 10 simple steps to which an organization can employ in assisting the prevention of a possible ransomware takeover:
Diversifying backup activity. A failure of any single point won’t lead to the irreversible loss of data. Store copies in multiple mediums, using the cloud, possibility a service like Dropbox, and an offline physical media, such as a portable HDD. (Data Backup is required as part of HIPAA)
Personalize your anti-spam settings the right way. Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It’s a great idea to configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or.scr.
Refrain from opening attachments that look suspicious. Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
Educate your workforce. Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date.
In the event that a suspicious process is spotted on your computer, instantly turn off the Internet connection. This will assist in preventing the establishment of a connection with its Command and Control server and thus cannot complete the encryption routine.
Keep the Windows Firewall turned on and properly configured at all times.
Enhance your protection more by setting up additional Firewall protection. Several Firewalls suites accommodate this in their feature set.
If available adjust your security software to scan compressed or archived files.
Disabling Windows Script Host could be an efficient preventive measure, as well.
Judith Lindsay, CHP and CEO of JAL Consult tackles all the elements of HIPAA compliance puzzle. Successfully assisting organizations to make sense of it all by implementing the correct policies and procedures that are reasonable and appropriate for their entity. Judith provides consulting, training and is available for speaking engagements. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com OR follow JAL on Twitter @ judithconsult.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.