Death Linked to Ransomware Attack Brings New Urgency to Preparation and Response
Sadly, it was bound to happen. A woman in Düsseldorf, Germany, has died as a result of a ransomware attack. The 78-year-old victim was to receive critical care at Düsseldorf University Hospital, but the attack had disabled the hospital’s systems. The hospital was forced to reroute her to another facility 19 miles away, delaying her health care by an hour. It is the first known fatality linked to cybercrime.
German police contacted the ransomware attackers and told them they had shut down a hospital. The cybercriminals withdrew the ransom demand and provided the hospital with the decryption key so that it could restore its systems. The investigation is ongoing, and the attackers could be charged with negligent homicide.
Few organizations outside the healthcare industry have to worry about a ransomware attack resulting in death. Nevertheless, the extended downtime and data loss caused by ransomware can be devastating to any business. Here are some key takeaways from the Düsseldorf attack that can help you reduce your risk and answer the question: how to prevent ransomware?
Patch Systems Promptly
German cybersecurity officials say that hackers launched the ransomware attack by exploiting a known vulnerability in Citrix software. Insufficient access controls allow attackers to execute code on certain Citrix appliances. The vulnerability was first reported in December 2019, and a patch was made available in January 2020. The hospital had not yet applied the patch.
It can be difficult to patch systems in an “always-on” IT environment. However, the downtime and risk associated with patching are small compared to the threat of ransomware and other malicious activity.
Monitor Systems Continuously
Even if the hospital had applied the patch prior to the ransomware attack, hackers could already have installed malicious software for later execution or opened a backdoor into the Citrix systems. Cybersecurity researchers had observed this kind of activity related to the Citrix vulnerability. Patching the system would simply lock the bad guys inside.
In other words, patching alone isn’t enough to not be a victim. Organizations should continuously scan systems for indicators of compromise (IoCs) such as suspicious files or activity. IT staff should be alerted if IoCs are found so they can take immediate steps to isolate the systems and mitigate the threat.
The downtime and risk associated with patching are small compared to the threat of ransomware and other malicious activity.
Implement an Incident Response & Ransomware Recovery Plan
The Sept. 10 ransomware attack affected more than 30 of the hospital’s internal systems. As of Sept. 18, the hospital was still working to recover from the attack and issued a statement indicating that it expected to resume providing emergency services within a week.
Given that a successful cyberattack is virtually inevitable, organizations should develop and implement an incident response plan. The plan should outline the procedures for rapidly identifying, containing and eradicating the attack and bringing systems back online. Research shows that effective incident response can minimize downtime and damage and save millions of dollars in costs.
The Best Ransomware Protection is Contacting GDS
Düsseldorf University Hospital is hardly unique. Ransomware is a billion-dollar industry and organizations of all sizes in every industry have been targeted by attacks. According to cyber insurance provider Coalition, ransomware attacks became 260 percent more frequent in the first half of 2020 as organizations retooled their operations to support remote work models. The average ransom demand increased 47 percent during the same period.
The tragedy of a patient’s death as a result of ransomware should be a wakeup call for every business. GDS has the tools and resources to help you secure your IT environment and detect and mitigate threats. Contact us for a confidential consultation and assessment.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.