The United States and Canada have issued a joint alert on ransomware and the threat it poses to both individuals and businesses. In their bulletin, the Canadian Cyber Incident Response Centre (CCIRC) and the United States Computer Emergency Readiness Team (US-CERT), which operates under the Department of Homeland Security (DHS), provide an overview of ransomware, including how it works and what types of samples may currently be circulating around the web.
The alert names two new variants in particular: Samas and Locky. The former is known to have targeted vulnerable web servers at healthcare facilities earlier this year, whereas the latter is known to have recently locked hospitals and other medical centers out of their computer systems. Not all Locky infections have been the same. Back in February, the ransomware targeted the computer systems of Hollywood Presbyterian Medical Center, a hospital based in southern California. Hospital staff were locked out of the computer system for close to 10 days until administrators ultimately decided to pay the ransom fee of approximately US$17,000. More recently, the Ottawa Hospital fell victim to Locky, but it restored its systems without paying a dime via the use of data backups. The FBI has recommended in the past that paying the ransom is sometimes the only way to retrieve your encrypted data. But that's not necessarily the case.
"Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information," the alert warns. "In addition, decrypting files does not mean the malware infection itself has been removed."
With that in mind, US-CERT and CCIRC recommend that individuals and organizations alike focus on ransomware prevention, which should include creating a data backup plan and maintaining an up-to-date antivirus solution on all computers/devices. For more ransomware prevention tips, please click here.