HealthManagement, Volume 16 - Issue 3, 2016

There are two simple yet effective preventive measures ‏that a public or private enterprise must put into place ‏to stop cybercriminals in their tracks says Europol; ‏practice pristine digital hygiene and keep anti-virus protection ‏up-to-date.

 

While these steps should be taken as the bare minimum ‏to protect an organisation, if the dramatic increase in cybercrimes ‏is anything to go by, they are being widely overlooked. ‏According to Kaspersky Lab, the number of users attacked ‏by crypto-ransomware rose by 5.5 times, from 131 000 in ‏2014-2015 to 718 000 in 2015-2016. Ransomware is a ‏top threat for EU law enforcement: almost two-thirds of EU ‏Member States are conducting investigations into this form ‏of malware attack.

 

Ransomware attacks on healthcare facilities are increasing ‏with reports of incidents hitting the headlines on a regular basis. ‏“The increase has been evident over the past three to five ‏years,” a Europol spokesperson told HealthManagement. ‏org. “There are two things you can do immediately to ‏protect your organisation from cyberhacking. Firstly, exercise ‏digital hygiene amongst staff. This means staff need to ‏be educated to not open emails from unknown sources for ‏example. The second is to keep your anti-virus up to date. ‏It’s amazing how organisations fail to implement these two ‏basic measures and how much disruption this can cause.”

 

With staff so central to the prevention of potentially devastating ‏cyberattacks, it may come as a relief to healthcare ‏facilities that Europol said, contrary to some media reports, ‏the law enforcement body is not aware of widespread cases ‏of personnel actually cooperating with cybercriminals.

 

HealthManagement.org was speaking to Europol after ‏its July launch of No More Ransom, a website initiative by ‏Europol’s European Cybercrime Centre, the National High ‏Tech Crime Unit of the Netherlands’ police and two cyber ‏security companies – Kaspersky Lab and Intel Security. The ‏goal is to help victims of ransomware retrieve their encrypted ‏data without having to pay the criminals. The initiative is ‏open to other public and private parties.

 

The site provides a guide to what ransomware is, how it ‏works and, most importantly, how to ensure protection of ‏data. The project provides users with tools that may help ‏them recover their data once it has been locked by criminals. ‏In its initial stage, the portal has four decryption tools for ‏different types of malware, the latest developed in June 2016.

 

“Cybercrime has changed a lot in the last few years. Hackers ‏are becoming more professional and aggressive.” ‏If a hospital or other healthcare facility is successfully ‏hacked Europol said that management of the body should ‏not hesitate to report the incident to police.

 

“It is critical that when an organisation is hacked, that they ‏report it to police right away,” the spokesperson said. “We ‏have fortunately noticed a trend toward this while before, ‏the instinct of many companies was to keep it under wraps ‏because they didn’t want a negative impact on their reputation. ‏But the role any hacked enterprise plays in fighting ‏cybercrime is very important and the first step is reporting ‏as soon as they detect a data breach. Europol can support ‏a hacked organisation and help them retrieve their data.” ‏Under no circumstances should an organisation pay the ‏cybercriminals, No More Ransom says.

 

“Paying the ransom is never recommended, mainly because ‏it does not guarantee a solution to the problem. There are ‏also a number of issues that can go wrong accidentally. For ‏example, there could be bugs in the malware that makes ‏the encrypted data unrecoverable even with the right key.”

 

In addition, if the ransom is paid, it proves to the cybercriminals ‏that ransomware is effective. As a result, cybercriminals ‏will continue their activity and look for new ways ‏to exploit systems that result in more infections and more ‏money on their accounts, the initiative says. ‏While No More Ransomware describes itself as ‘outreach’ ‏for the public, most details of Europol’s cybercriminal-fighting ‏activity is kept firmly under wraps for security reasons.

 

“I’d like to think that we will get ahead of cybercriminals – ‏our team is made up of the best in Europe,” said the spokesperson. ‏“We’re bringing hackers to justice every day but this ‏information is not publicly releasable as arrests and investigations ‏across pan-European cybercriminals networks ‏continue. Eventually we will bring down cybercriminals.”

 

For details on No More Ransom go to: nomoreransom.org ‏Europol produces an annual Internet Organised Crime ‏Threat Assessment (IO CTA ) document with information on ‏the state of cybercrime in Europe, key findings, operational ‏priorities and general observations. The next document will ‏be available online at the end of September at: europol.europa.eu/iocta