US, Canada issue joint ransomware alert, discourage paying cyber attackers
The United States Department of Homeland Security and the Canadian Cyber Incident Response Center issued a joint cyber alert on March 31, in response to the recent surge in ransomware attacks.
The alert offered a breakdown and description of the ransomware variants for which healthcare and other organizations should be on the lookout. Perhaps surprisingly, both government agencies strongly recommended that organizations and individuals not pay the ransoms demanded by cyber attackers.
"Paying the ransom doesn't guarantee the encrypted files will be released; it only guarantees the malicious actors receive the victim’s money and in some cases, their banking information," officials said. "In addition, decrypting files doesn't mean the malware infection itself has been removed."
Along with descriptions of various ransomware types, the alert gives recommendations for preventing an attack. Among them, the need to backup data; create a recovery plan; update software and networks; restrict employee privileges, and create a whitelist of applications allowed to run on the network.
The alert said ransomware's consequences to an individual or institution could include a loss of sensitive data, a disruption of business operations and expenses to restore a system into working order.
The warning was prompted by recent attacks at Hollywood Presbyterian in Los Angeles, Methodist Hospital in Kentucky, and MedStar, the biggest Washington, D.C.-area healthcare provider, among others.
Private security experts have predicted these types of cyber attacks will intensify in the near near future, as hackers increase in experience and due to the outdated security measures in place at many organizations.
The FBI released a similar advisory on Friday, March 25, urging businesses and software security experts to help to organization fight cyber crime, saying, "We need your help!"
The letter’s primary concern was the ransomware MSIL/Samas, which encrypts data on entire networks. It's a big concern to experts, as early ransomware initially sought to lock down one computer at time.