Sunday, December 22, 2013
I Suspect None Of Us Are Taking This Seriously Enough. Get Caught And It Could Be Very Bad.
About a year ago we had this appear.
9 January, 2013 Kate Newton
A Gold Coast medical practice whose patient records were hacked and encrypted by foreign cyber criminals will not pay a $4000 ransom, instead choosing to recreate the records bit by bit.
GPS at Miami Family Medical Centre discovered last December that their server had been hacked and all 15,000 patient files encrypted, making them unusable.
The hackers, believed by Queensland police to be operating from eastern Europe, did not steal any patient details but demanded a ransom of $4000 to decrypt the files.
The practice was able to recover some patient details through referrals, pathology reports and other outside health services, but had to rely on handwritten notes and appointment books for several days to ensure patient care was not disrupted.
Before Christmas, the practice was seriously considering paying the ransom. However, practice co-owner David Wood, whose wife is a GP at the clinic, said they had now decided against it.
"It's not that simple to pay anyway. You have to give photo ID and all sorts of things to a faceless website, so you just add another problem to the mix of potentially having your identity stolen," he said.
Instead, the practice was piecing together a new set of patient records.
This then appeared last week:
· Chris Griffith
· December 16, 2013
NETWORK security engineers have had limited success disabling devastating malicious software that encrypts all files on a user's computer.
The malware, CryptoLocker, uses sophisticated 256-bit encryption which makes it virtually impossible for the encryption code to be cracked by accident. Affected users are forced to pay hundreds, sometimes more than $1000 to obtain a "private key" -- a special string of digits and letters needed to decrypt their files.
The only hope for defeating CryptoLocker is when users have offline backups of their data before their computer is infected. The Trojan horse malware will also try to encrypt files on USB external hard drives and even network attached storage -- so as to make it hard for users to recover data without paying up.
Once the encryption process finishes, it tells users to pay a ransom, which so far has been $100, $300 or two bitcoins, currently worth about $1950.
CryptoLocker was first detected in September. Since then, it has infected mainly Windows-based computers in Britain and USA with devastating results. As The Australian recently revealed, there are now confirmed cases of CryptoLocker infecting computers locally.
A number of antivirus suites will detect and disable CryptoLocker malware, which enters computers disguised as attachments on fake emails purportedly from companies such as courier companies FedEx and UPS, and antivirus firm Symantec.
However antivirus suites that disable and remove CryptoLocker can render it impossible for users to get their files back. Victims wanting to decrypt their files have been forced to reinstall the malware and apply the criminal-supplied private key.
Network security firms however have been investigating ways to render CryptoLocker harmless on networks before the malware gets the chance to encrypt any files on a user's computer.
Lots more here:
Given none of the security firms (Symantec etc.) seem to have the problem beaten it is clear that prevention is way better than cure.
See here for very recent Symantec article:
Short summary - once encrypted - files that are not backup up safely are gone for all practical purposes.
There is a useful Computerworld article here:
So what to do:
1. Take the threat seriously - pretty obvious.
2. Make sure your anti-virus and anti-malware scanners are current and active.
3. Make sure you and all who access your network are aware of the risks associated with opening attachments that are not from trusted sources and expected. If at all unsure just delete!
4. Make sure you have current data backups that are not network accessible (switched off drives, detachable drives that are detached, non-mapped drives to your NAS, backups that are encrypted etc.)
5. You may want to check out CryptoPrevent.
Seems like a useful way of adding some protection. Near 100,000 downloads seems to mean others think so. This is the only blocker I have found so far.
Hope this helps…If just one person is saved it will be a very good thing!
Posted by Dr David More MB PhD FACHI at Sunday, December 22, 2013