UCI Health Security Flash – RansomWare on the Rise!
What is RansomWare?
As you may have recently read, Hollywood Presbyterian Hospital was crippled by a RansomWare attack that affected them for days, resulting in the hospital being forced to pay the criminals $17,000 in ransom. MedStar in Washington, DC had weeks of outages due to RansomWare, and the attacks are increasing every day from coast-to-coast.
RansomWare is a serious threat to UCI Health and our healthcare information security. It has “data kidnapping” (CryptoWare) or complete “system lockout” (RansomWare) capabilities. It limits or prohibits access to your files and/or system rendering it useless by encrypting the files. It then forces victims to pay a ransom to regain access to their files or systems usually in the form of untraceable forms of payment (Bitcoins) additionally, it costs countless hours of lost productivity and increased IT resources to remove the threat and return to normal business.
How do you get Infected?
UCI Health users can be unknowingly infected by simply downloading an attachment or visiting a website that has the RansomWare or CryptoWare embedded. Some examples of these include:
- Compromised Websites – websites that look genuine, but are in fact are fakes.
- Spammed or Phishing emails – both internal and external emails from familiar or unknown senders or containing suspicious content asking you to click a link. (Fake iTunes Store example) ->
- Attachments - Download or execution of any attachments from unconfirmed or unknown sources, i.e. .DOC, .PDF, .XLS, .EXE
- Malware - from other sources – unauthorized portable storage devices, such as USB, CD’s, DVD’s
How YOU can help prevent a RansomWare attack –
- Don’t visit unknown websites or click unknown links – use bookmarks for routinely visited websites instead of typing the address each time. Pay attention to the actual website name – i.e. be careful addresses ending in .om instead of .com – which could indicate fake, spoofed websites. You can “hover” over the website link to see the true address – just don’t click
- Don’t forward suspicious emails - contact Information Security immediately at x6462 if you believe you have a phishing email or have been infected by any type of malware. This priority hotline is for suspected infections of malware, RansomWare only – different from the standard help desk line.
- Don’t fall victim to spammed of phishing emails - asking you to enter information or click links that may infect your system. Know your senders!
If you believe you may have been infected – Power off your system immediately – and call the hotline at x6462.