A regional medical center was the target of a ransomware attack. The customer is a regional medical center in a rural county, providing a wide range of health care services from routine medical to surgical and emergency care. It encompasses approximately 250 employees and multiple locations. The medical center acts as a small hospital, offering 150-200 beds to the local community so that patients in the area can receive treatment without traveling hours to a larger hospital. RDI Intuitive Technical was hired to help the medical center manage their virtual environment to a degree, but the customer maintained sole responsibility for their own technology stack. The customer had no contingency plan in place against a potential ransomware attack.
The Ransomware Challenge
The medical center was the target of a ransomware attack. The attack was initiated with a phishing email sent to the medical center’s employees that included a deceptive message urging the recipient to click on a malicious link. At least one recipient clicked the link, which downloaded the virus software to the recipient’s network-connected PC. Once downloaded, the software began an automated process of embedding itself into the network’s processes.
After waiting for a network administrator to log in, the virus stole the administrator password and built a list of everyone on the network, copying the ransomware to those users and machines. Once it had spread itself across the board, the ransomware simultaneously began encrypting the information stored in every destination where it had gained access.
The potential for significant damage, in this case, was enormous. If the coordinated attack was successful, it would force the medical center to revert to paper charts and eliminate their access to core systems, costing millions of dollars in lost productivity.
The RDI Intuitive Technical Contingency Plan
Once the attack was identified, RDI Intuitive Technical immediately put a hold on the medical center’s network and began scanning for suspicious file types. It conducted a thorough account review to locate any newly added administrator accounts and changed all usernames and passwords. RDI Intuitive Technical then collected network backup timestamps and analyzed server and firewall logs for inbound and outbound activities to understand when and how the attack occurred. With a better understanding of what was going on, RDI Intuitive Technical arranged a meeting with the medical center senior management. Very quickly, the decision was made to implement advanced endpoint protection.
While antivirus software is an essential component of network security, it can’t be the only measure in place. Hackers have found ways to build antivirus workarounds into the code of the malware they create. While antivirus programs are updated regularly, so is the malware they are programmed to stop. Endpoint protection provides an additional level of security by silently monitoring for processes that could be indicative of a virus, such as large batches of files being opened and renamed. Once detected, the endpoint protection stops the processes before they can proceed any further and cause additional damage.
Additionally, RDI Intuitive Technical created a file backup on a network separate from the medical center’s main network, accessible only via a secondary local administrator. This protected the new backup from future attacks to the main network, even if the attacker gained access as a domain administrator.
Success Results
By quickly implementing endpoint protection, RDI Intuitive Technical was able to limit the ransomware damage to only a few users on the medical center’s network, thereby preventing widespread damage. In the end, no databases were compromised, and the medical center was able to escape with very little repercussions. Additionally, by building in redundant backups outside of the main digital environment, as well as keeping the endpoint protection in place to monitor and stop suspicious activity, the client is well prepared to defend against future ransomware attacks.
#Security
To learn more about RDI Intuitive Technical, contact us!