Businesses in many industries never thought they would be the focus of cyber attacks, until they experienced one. In particular, hospital executives never thought anyone would attack them on the premise that they’re just a hospital.

Now, many healthcare organizations know better, says Raul Kashyap, chief security architect at Bromium, which sells software to ward off malware. Larger organizations now are hiring chief information security officers and bulking up defenses, while smaller ones are still trying to figure out what they need to do to improve security. “Most understand the threat and are scrambling,” Kashyap says.

 

Ransomware is the newest big threat, and it’s attractive to those mounting cyber attacks because it’s quick money. Within a few days, the attacker will know if payment is coming or not. The cost for attackers to infect computer systems is low, and as a result, ransomware is lucrative because if only 10 percent of victims pay, they get fast and easy money.

Also See: Should ransom attacks be considered breaches?

If an individual or organization is attacked and decides to pay ransom, they typically go online to Bitcoin, which uses TOR privacy software to keep the transaction private. TOR is free open source software to keep sites you visit anonymous and stops sites from picking up your location. Now this privacy protection, Kashyap says, is being used to anonymize the payment of ransom, and that anonymity is granted to both the victim and the thief.

New ransomware now is overwriting the master boot record in computers, changing parameters and directions when a user turns on a computer. Once the boot is overwritten, “you have given up your computer, and the machine will reboot and you are given a ransom demand,” Kashyap explains.

New policies to protect consumers also are, unwittingly, aiding ransom thieves. Credit card numbers are no longer as valuable as they once were—it’s getting more difficult to sell cards in the open market because of newer anti-fraud measures by the banks.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access