Monday, May 6, 2019

New Ransomware Variant Infects by "Self Installation"


Security continues to be more and more complicated to implement… and even more complicated to provide protection.  The latest security concern that has hit the news is a new form of Ransomeware.

In its previous designs, Ransomware was like a virus.  It required user interaction of some kind to install it.  Sometimes this was a phishing attack while other times it was an email attachment.  Either way, the end installer had to click on something which basically gave the script permission to run and that caused the infection.  

Now comes word of a new type of Ransomware that infects Cloud servers.  Basically the attackers can break into a Cloud server and install the Ransomware which then encrypts the server.  The next time the end user attempts to log into the Cloud server, they are greeted with the image at the top of this post.  Many of us are now incredibly reliant on Cloud based systems and this could very well have created havoc.  The other devastating part of this new attack is that the malware also tried to search for backups of the server and destroy them.  This is one reason that I am still using redundant backup drives that I store offsite.  It’s not the easiest solution, but those drives are just one more link in my backup chain.  For those of you relying *only on Cloud backups* I’d advise you to consider the possibilities of how you would handle being unable to retrieve your data.

While I haven’t heard of any impact from this attack, it does beg the question of dental cloud based systems and the potential effect this type of thing could have on them.  One of the best things about Cloud based dental or medical practice management systems is the stability and backup that those systems provide.  Obviously if you open your browser to your management system website and are greeted with a Ransomware graphic it’s going to be a bad day.  This is a situation that will keep Cloud service providers up at night.

It’s also worrisome to those who depend on those Cloud software services since something you depend on could potentially become infected and encrypted through no fault of your own.  This is (at least for now) a problem that is affecting servers in the Cloud and nowhere else.

Fortunately Oracle released an emergency patch quickly which closed the vulnerable part of the system.  Good for them for locking the door pretty quickly after the problem was discovered.

This is an interesting change of attack when it comes to  Ransomeware.  Whether this type of malware can ever cause problems on local servers and workstations is only a guess right now.  However, if you prepare for the emergency it ceases to be an emergency…  To that end, I’m encouraging all Cloud based systems to allow for a local backup to be kept in the office.  Since it now appears that the future may hold a scenario where not only the Cloud server is encrypted, but the Cloud backups are either encrypted as well OR deleted.  If ALL Cloud providers gave users an option to store a backup of their data in their office, losing the cloud server and backup is not catastrophic.  To the best of my knowledge, no Cloud dental company is offering that as an option, but it SHOULD be and it SHOULD be available quickly.  The time to close the corral is NOT after the horses are gone.

This entire scenario, even though it has not impacted dentistry, should be a wakeup call to the healthcare industry as a whole.  There is a storm brewing on the horizon and the time to prepare for it is NOW and not after disaster has struck.  Doctors in private practice need to realize this could happen to them and that when it does, the financial consequences will be dire.

This is one more reason to have a good local AND cloud backup utilizing a system such as DDS Rescue.  Being prepare is the best defense!  The good folks at DDS Rescue are providing a *FREE*  risk assessment analysis that will show your vulnerabilities.

No comments:

Post a Comment