Administrators from Australia’s Miami Family Medical Center recently received an unwelcome introduction to one of the world’s fastest spreading cybercriminal scare tactics: ransomware. After infiltrating one of the clinic’s computer servers and encrypting thousands of medical records, hackers are now demanding a $4,000 ransom in exchange for the keys.
According to the Australian Broadcasting Corporation (ABC), the server in question has been taken offline and an IT contractor has been called in to initiate system restore and recovery operations. But considering the sensitive private information that has been caught in the crossfire, officials may have little choice but to meet the criminals’ demands.
In the meantime, the healthcare provider is trying to identify exactly which vulnerability allowed such an attack to occur.
“We’ve got all the antivirus stuff in place – there’s no sign of a virus. They literally got in, hijacked the server and then ran their encryption software,” clinic co-owner David Wood told ABC. “It’s people who know how to break in past firewalls and hack passwords to get onto the server.”
While the incident in question most directly impacted a small, family-run operation on the Australian Gold Coast, the factors at play cover several continents.
“Cybercriminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort,” Center for Internet Safety director Nigel Phair told the news source. “In a lot of those places law enforcement isn’t that strong and so it’s difficult to get cooperation with [local authorities].”
While such threats were formerly reserved for large companies with a wealth of data, hackers have recently become more interested in exploiting small and medium-sized businesses (SMBs) which typically retain fewer security resources.
According to InformationWeek, ransomware will be one of the leading concerns for the SMB sector in 2013. Instead of waiting for targets to click on malicious links that siphon sensitive data, more hackers are electing to go straight to the source and make aggressive extortion attempts.
Regardless of an intruder’s motive, SMBs will need to employ intelligent, layered security policies that keep criminals on the outside looking in. In addition to robust perimeter defenses and networking monitoring tools, IT teams must make a point to educate employees on the threats they can expect to face.
The news source also suggested that cybercrime will take on a decidedly social theme in 2013, as consumerization drives Facebook, Twitter and LinkedIn closer to the heart of business operations. If workers act on impulse without vetting the authenticity of communications, a clear path could be paved for hackers near and far hoping to get at sensitive assets.
Does your organization have a protocol for responding to ransomware? What strategies are you using to keep intruders at bay? Let us know what you think in the comments section below!