Waikato DHB is recovering from a ransomware attack – a type of cybercrime that’s becoming increasingly common on the global stage and in New Zealand. Ransomware is a type of malware (still generally referred to as a virus), that can enter a business in many ways – the most common being an email with a dangerous attachment or link to an attachment.
Ransomware is difficult to defend against because of how easily it enters the business, spreads throughout the network, and how quickly it can leave a path of destruction.
How ransomware enters a business:
The ransomware Waikato DHB is recovering from is called Zeppelin and criminals usually add it to various kinds of attachments, for example, PDF, Office documents, and executable files. The criminals can use large-scale spam or phishing campaigns to send deceptive emails containing the ransomware files to as many inboxes as possible. The phishing emails are often disguised and luring with subjects like “important”, “urgent” and “high-priority”.
How this ransomware works:
Once a victim opens the attachment or link to the attachment (PDF, Office documents and executable files), the malware is executed and it then proceeds to download the tools it needs to spread itself through the network, encrypt all the files on a victim’s workstations and, in some cases, send files to the criminals.
As the ransomware spreads through the network, it will attempt to install itself on as many workstations and servers as it can find and the encryption process repeats. The affected workstations and servers are then presented with a ransom message and amount payable in cryptocurrency that can increase as time progresses.
Key mitigations for ransomware in any environment:
- The Security Awareness Training enables everyone within the organisation to be aware of the risks associated with dangerous emails, how to identify them and where to report them to.
- Phishing Simulation Training periodically sends fake phishing emails to staff to augment the security awareness training with practical training tips on how phishing emails could be spotted.
- A good Anti-Virus is still an excellent defence against common strains of ransomware. Ask your support vendor or security team to test your Anti-Virus’ effectiveness to detect and block this type of ransomware strain.
- Ensure that your workstation and server backups are completed regularly and tested throughout the year.
- Ransomware can use old system vulnerabilities to spread through a network. Make sure you update your devices or apply a patching solution in your organisation that gives you visibility and control over this process.
- Only allow known software to be installed on your organisation’s workstations and servers – blocks anything you can’t readily identify
Even with all the mitigations above, an unknown/new strain of ransomware can still infiltrate the environment and spread through the network. Cyber criminals may also pressure your business to pay the ransom by threatening to destroy your data or to release it to the public according to a report by the FBI’s Internet Crime Complaint Center (IC3).
In the case of the Waikato DHB ransomware attack, Privacy Commissioner John Edwards advised people to do the right thing if they find personal information online which might have come from the Waikato DHB ransomware breach.