Since ransomware is running rampant, network security providers and IT teams are getting better at detecting it. However, not all providers move at the same pace to improve their detection, and not all technology is created equally. Keck Medicine in Los Angeles, part of University of Southern California, has reported that its servers were compromised by ransomware in August of last year. The malware went to work encrypting files and making them inaccessible to employees.
Ransomware usually starts off with a Trojan, or in the context of malware, it is a common noun, so a trojan. Each trojan gets downloaded onto the client’s machine in a unique way. In the case of Keck Medicine, it was via email. The hardworking, unsuspecting employee, who thoroughly trusted the source of their email, either clicked an embedded hyperlink in the body of the message or downloaded an infected attachment to their desktop and then clicked on it. The rest is history…
USC Keck and Norris Hospitals detected the ransomware after staff reported that they were unable to access their shared files. Once their IT team isolated the threat, the statement from Rod Hanners, COO of Keck Medicine of USC and CEO of Keck Hospitals, indicates the organization notified the FBI and launched an internal investigation.
“We apologize for any inconvenience or concern that this notification may cause,” wrote Hanners. “As a member of the Trojan family, we want to ensure that we do all that we can to maintain your trust and confidence.”
Keck Medicine is enhancing its security detection and response processes, according to the statement. We hope they consider Effortless Defense!
Effortless Defense is ready, and many of our clients have already been protected against the same kinds of malware. Our product layers on top of what is already in place with an agile architecture. It does a great job working with the network’s current safeguards, such as firewalls, spam filters, and virus detection.
We know many of our clients already have the “best of the best” in place, but there is still the risk that many healthcare companies, large and small, are exposed. That is, they don’t recognize the harmful potential of ransomware and other malware that can still get around today’s traditional infrastructure. Sending a trojan to an unsuspecting user is one of many ways the network could be compromised. Once a hacker locks up the system data, it is rendered useless to the organization, including any and all “protected health information” (PHI) under HIPAA.
This threat has become so prevalent that in June of last year, the HHS Office for Civil Rights released new HIPAA guidance on ransomware. It reinforced activities required by organizations that have access to PHI – to help organizations prevent, detect, contain, and respond to threats. It also confirmed that paying the associated “ransom” will not protect these institutions from HIPAA enforcement. Then come the fines. These can be upward of $50,000 per compromised medical record. Yup, you read that right, $50,000 per record. That’s something worth considering when planning your budget for this new year!
It is for this reason that the responsibility for cybersecurity is now falling squarely in the courts of the executives. We hope that happens BEFORE the trojan gets downloaded in their network, launching the newest ransomware.
For many years, HIPAA compliance has been relegated to an administrative status somewhere below obligatory continuing education requirements, and is often little more than a budget line-item. However, this is an increasingly outdated way of looking at this critical practice element. Major liability insurance carriers are beginning to offer cybersecurity insurance but also require a minimum level of security to even qualify at any premium.
Glenn Truitt Esq.
So What Does Effortless Defense Do?
Well, we can tell you this: It’s really cool. Sometimes people’s eyes glaze over and they start to drool when I start going into a monologue about just how cool it is, so to keep it light, let’s just start with this fun sci-fi fact regarding AI. Yes, Artificial Intelligence. There are armies of malware researchers out there in the world of virus detection. With AI, our machine learning kicks in and we don’t need humans to run calculations. Humans are great and all, but they just can’t quite compute the mathematical and behavioral calculations that a machine can with such speed. Our AI is fast, and we only take 15 or 30 seconds at most to declare a piece of malware as malicious. Then we can create rules so that malware is contained on the fly and instantaneously push these rules out to the firewall. This is all included with our service and backed up by our US-based team 24 hours a day, 7 days a week.
If someone takes last week’s ransomware and mutates it with a simple compression tool widely available on the Internet, Effortless Defense will have a very good chance of uncovering the evil that lurks behind the innocent file identifiers. That’s because we offer Zero Day protection. Zero Day is a fancy way of referring to a brand new or mutated piece of malware – and these are the tricky ones to protect against. Zero Day threats are new and out there right now, searching for their next host. Let’s just imagine a new threat comes into your network. We will call it WildWillie.exe
So Wild Willie isn’t just going to have a date with our Artificial Intelligence. He will be scrutinized with multi-method detection, which means we also leverage the knowledge available from a multitude of sources to look for “easy to recognize” malware by static analysis. Static analysis is a clever term for the signature of the malware – or you could just call it the naming convention of the malware’s file – in this case, WildWillie.exe. But it does not stop there.
Effortless Defense also takes the reputation of the website where Wild Willie came from and puts some serious consideration into the legitimacy and potential harm of the website. Then Effortless Defense’s machine learning looks to see if Wild Willie calls back home. Our technology records the behavior and records the call to home to determine what type of instructions are given: good instructions or possibly harmful?
Finally, Effortless Defense looks at the raw behavior of Wild Willie. As we continue to monitor our clients around the world, we are getting better at recognizing the characteristics of harmful files so that we can even more quickly determine if it is ransomware or something else you really don’t want on your network. But wait! Effortless Defense is not perfect. In the case of brand new malware like Wild Willie, for example, where some super-smart person misplaced his or her talent to develop the next “killer” ransomware file – security providers worldwide may not be effective at recognizing the potential danger of this file. With Effortless Defense, however, you have a better chance of recognizing it and thus protecting your network against it. This is because we key in on so many factors for each file. Factors like where Wild Willie came from and what he’s doing inside your network.
How do we know what he’s doing?
Well, I thought you’d never ask. For every threat that comes in, we spin up a virtual desktop that mirrors the user’s desktop on your network. This virtual desktop allows our machine learning capabilities to watch and wait for Wild Willie to go to work doing… well, whatever it wants to do. When it detonates in this controlled environment, our behavioral analysis engine gets a chance to securitize it once more, and if it’s doing naughty things, then, you guessed it, we can work within your network’s security to get rid of it. Bye bye, Wild Willie!
There is another method for delivering ransomware: Drive-by downloading. The user directs their browser to a legitimate website, yet unbeknownst to them, the website has been compromised and performs an illegal browser redirection to another website hosting the ransomware trojan. Once the unsuspecting user’s browser hits the hacker’s intended website, the ransomware file downloads onto the user’s device. Depending on just how evil the little bugger is, the ransomware may even have the capability to install itself. Effortless Defense pays careful attention to what the website is asking the browser to do. This type of detection is called “chained heuristics”. That may sound like a bad horror movie, but this is a valuable piece of intelligence we include to sentence and convict a piece of malware to its demise. Those chained heuristics are signs or indicators. Or you can think of it like poker, this is the “tell” of the malware.