.st0{fill:#FFFFFF;}

Podcast

6 Ransomware Planning Tips – Ep 305 

 May 21, 2021

By  Donna Grindle

Share0
Tweet0
Share0

“ransomware

Ransomware is just not going away. Falling victim to a ransomware attack will have a BIG impact on you, your business, your clients and your patients. So, today we share some ransomware planning tips. It’s important to know what things you should be doing and should at least consider so that you don’t get caught with your proverbial “pants down.”

A 5 star review is all we ask from our listeners.
1x
Apple PodcastsGoogle PodcastPlayer EmbedShare Review Us on Apple PodcastsListen in a New WindowDownloadSoundCloudStitcherSubscribe on AndroidSubscribe via RSSSpotify
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

6 Ransomware Planning Tips – Ep 305

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The HIPAA Boot Camp

Virtual Edition Aug 17-19, 2021

Great idea! Share Help Me With HIPAA with one person this week!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

[06:33] Today, we are following up on the Scripps Health Cyberattack that we discussed in our last podcast, Privacy Questions Everywhere – Ep 304:

Scripps Health – We want to remind you that although we…

We want to remind you that although we are experiencing a network outage, all our locations, including our hospitals, urgent cares, emergency departments, Scripps HealthExpress, Scripps Clinic and Scripps Coastal, are open and continuing to provide care. Patients or families with questions should contact 1-800-SCRIPPS. We apologize for any inconvenience and are working diligently to restore our systems as quickly and as safely as possible.

The good news is that it seems that Scripps Health has been able to restore patient care, performing surgeries and doing the things they need to do to care for patients. There are a lot of positive patient comments about being able to get care now on their Facebook feed. That is by far the most important news. However, they are still very upset that they haven’t heard any news from the company about the severity of the attack and what it means to the privacy and security of their medical records.

6 Ransomware Planning Tips

[11:14] So we had planned to do this episode a week ago. Our original title was “Ransomware: How Bad Is It Really?”. Little did we know a major attack on Colonial Pipeline was already happening (yes, here in Georgia… again). We have been paying attention to all the indicators and see that this is only getting worse, not better. Just one week later, we have headlines like these:

John Katko: Colonial Pipeline hack most significant attack on critical infrastructure ever – CNBC

And then there are these headlines from the Information Security Media Group which publishes several cybersecurity only publications:

Colonial Pipeline: ‘A Global Day of Reckoning’

Rise of DarkSide: Ransomware Victims Have Been Surging

Colonial Pipeline Attack: ‘All Monsters Are Human’

Teardown: Inside the Colonial Pipeline Ransomware Attack

A Few Things We Know Right Now

[22:09] According to the information that has come out so far about the ransomware attack, Colonial paid $5 million and got the decryption key to the data. But, as we have mentioned many times, that isn’t as easy a solution as you think. These gangs don’t worry about efficient methods of decrypting data. The programs encrypt data very fast but the decryption process is very slow.

DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack – April 1, 2021 blog post

DarkSide operates on a RaaS (ransomware-as-a-service) model, offering its malware up for lease. CyberReason said last month that the DarkSide team recently announced on Hack Forums that it had upgraded its offering, releasing DarkSide 2.0, with the fastest encryption speed on this underground market, DarkSide claimed. The service includes Windows and Linux versions.

A Closer Look at the DarkSide Ransomware Gang – Krebs on Security

First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims. DarkSide says it targets only big companies, and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector and non-profits.

Don’t let that healthcare part put you on your heels. This is what their statement actually said:

Based on our principles, we will not attack the following targets:

  • Medicine (only: hospitals, any palliative care organizations, nursing homes, companies that develop and participate (to a large extent) in the distribution of the COVID-19 vaccine.)
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom

Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

What we had planned to cover but won’t even be able to get to today:

The State of Ransomware 2021 by Sophos

Ransomware Reality Shock: 92% Who Pay Don’t Get Their Data Back

FiveHands Ransomware | CISA

Ransomware Response Plan Tips

[33:44] There is a reason we focus our attention on a Ransomware playbook when we help our clients build their incident response plans. Many of them don’t understand what is really included in a plan much less what you should do to prepare for a ransomware attack. Ransomware planning today would help you navigate an attack tomorrow.

First, if you think you are too small or IT has it covered and you shouldn’t worry, you are already fighting an uphill battle. Check out Gary’s article Small and Medium Businesses: DarkSide Has You in Their Sights.

One of the biggest issues we see in the technology space is that businesses rely on generalists, your IT company, to protect their business. Instead, they should be working with specialists, a cybersecurity company who provides advanced security solutions to protect your livelihood. Do you honestly believe your IT vendor has the knowledge and resources to protect you from a threat group that has the capacity to take down our national infrastructure? The answer is NO.
[35:09] Here are our 6 tips:

  1. Have a real plan, not just an assumption that you will know what to do.
    1. Remember the quote from the hospital president that was hit last year saying he had no idea it would be as bad as it was.
    2. Identify every risk possible, the likelihood, and the impact. Then plan accordingly.
  2. Understand what your insurance covers and how to quickly open a cyber attack claim.
    1. This is where you need to be sure your application for that coverage didn’t embellish your security program activity.
    2. “I’m sure my insurance will cover it” is not a response plan.
  3. Know who to call.
    1. IT provider or MSP
    2. Forensics
    3. Lawyers
    4. Law enforcement
    5. Public Relations company
    6. Leadership of company – the ones that know about the plan and know what to do
  4. Know how you will communicate with employees AND your customers, clients, and/or patients.
    1. Listen to our discussion last week, Privacy Questions Everywhere – Ep 304, about Scripps Health to understand more.
    2. Know how to maintain privacy in communications.
  5. Prepare to be completely down for at least 10 days.
    1. Average recovery time is still around 10 days, but going up.
    2. Having a plan can help you be on the low end of that number.
  6. How are you going to handle notifications to your entire client/patient base?
    1. Not social media
    2. Not a postcard
    3. People expect notifications almost immediately. Set expectations.
Go to top

So now… everyone… Go review your plan! If you think you have a plan, make sure those six tips are in it. If you don’t have a plan, go build one and use the six tips as your starting point. Don’t put it off! Don’t forget that cyber attacks are notorious for happening on Friday afternoons or right before holidays when everyone is scrambling to finish up and start their time off.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Listener Survey

Special thanks to our sponsors Security First IT and Kardon.

Share 0
Tweet 0
Share 0

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: