The Healthcare Cloud for Data Breach Prevention and HIPAA Compliance

Note: This is blog 4 of 4 in our HIPAA series.

A wave of breaches in 2016 exposed vulnerabilities at the heart of the health care system. This resulted in a new sense of urgency for data security in the industry. Breaches can happen when devices connected to healthcare data aren’t protected, when employees aren’t properly trained, or when data isn’t encrypted or segregated to make it less accessible.

HIPAA compliance is the fundamental building block of better data security for the healthcare industry. This legislation, signed into law during the 1990s and later updated in 2009, provides requirements regarding the confidentiality and privacy of protected health information, or PHI. Of course, it only works if healthcare institutions follow the law and regulations, and implement a compliance program designed to protect the safety of PHI.

The nature and sophistication of cloud computing has the power to revolutionize healthcare and HIPAA compliance. By its very nature, it offers ease of access to patients and healthcare providers, slashes costs for IT departments and improves data security.

Always-on access

HIPAA entitles everyone to access their complete medical record. A cloud environment for a healthcare provider can offer 24/7 access to records, something that’s expected in today’s tech-connected environment.

Many providers offer some form of a patient portal where patients can securely sign on from anywhere. These portals vary in capabilities; some are limited to medical records, while others allow for patient-physician communication and appointment scheduling. The portal should maintain all the security features needed to remain HIPAA compliant.

Slashing costs

Costs can drop dramatically with cloud adoption because cloud computing providers can tailor to health care institutions’ needs and scale up and down with the ebb and flow of their business. This reduces capital expenditure in IT and cuts the salary costs of an IT department. The system changes from being capital-intensive to a pay-as-you-go model that prioritizes agility and scalability over large-scale infrastructure.

If a physician or hospital had their own in-house servers, they’d not only have to pay the initial costs to purchase, but also for maintenance and security. Even then, it is unlikely that their security would be as robust as a cloud solution.

Security

Data security is a critical factor for all cloud service providers, and is a major concern for the healthcare industry. A private cloud with segmented data and limit access is ideal for this purpose. It can handle processes like registration, billing, scheduling and customer feedback, and is a good way to begin a migration to the cloud while the healthcare provider and the cloud company build trust together.

There are many benefits of migrating to the cloud—first-class hardware, sophisticated software resources, and IT professionals. Using a cloud service provider like Mozy by Dell will help healthcare providers in their efforts to safeguard against data breaches, comply with HIPAA, and keep costs under control so that they can focus on delivering health services.

Put a Stop to the Key Data Breach Culprits

Note: This is blog 3 of 4 in our HIPAA series.

During 2016, there were 377 health care data breaches in the U.S., according to ITRC. Between 2012 and 2016, there was an increase in frequency (50 percent), severity (50 percent) and number of records exposed (69 percent). In a single breach of Quest Diagnostics in November 2016, 34,000 people were affected. The threat is escalating all the time and what these statistics point to is the vital role the Omnibus Rule must play around the issues of privacy, security and enforcement under the Health Information Technology Act.

The Omnibus Rule seeks to recognize and deal with the increased threats posed to health care data. Hackers are no longer only nefarious individuals looking to make a quick buck. They’re sophisticated criminal operations with vast resources, capable of doing tremendous damage.

Medical records are valuable to hackers and can be sold for up to 50 times more than stolen credit card numbers because they can be used for insurance fraud, to obtain false prescriptions, as well as extortion and simple identity theft.

Steps to implement

Historically, the health care industry has lagged behind in terms of safeguarding sensitive information. Here are steps that should be implemented immediately:

Employee education

In almost every case, a breach begins with a person who has legitimate access to a system sharing that information, knowingly or unknowingly with a hacker. Through neglect or carelessness, employees often share vital information unwittingly. Educate staff about the ways credentials can be stolen and limit how much data any one staff member can access.

Basic training for new hires goes a long way—annual updates on phishing techniques and other Internet scams make employees more security conscious.

In an all-too-common scenario, employees make mistakes and lose data, or they file things in the wrong place. This sets them up as easy targets for hackers who know where to look. It’s vital that you know where your data is stored and that it is where it’s supposed to be. Isolate your most sensitive data and have additional controls and limited access to it.

Software controls

In a medical environment, any device that goes online is vulnerable and a potential gateway. Laptops, desktops, mobiles and iPads all need antivirus, antimalware and encryption software installed. And just as important, such software must be updated regularly to ensure that your data is being safeguarded with the latest security measures.

Access

If possible, medical institutions should separate guest wireless networks from primary networks, and web filters can be added to restrict widespread Internet roaming on the primary network. Businesses should think about isolating and segmenting data access, ensuring that only those with proper credentials and a need to know can access sensitive and/or electronic personal healthcare data.

The value of the cloud

Companies are using the cloud for both efficiency and security purposes. The National Kidney Registry (NKR) took the decision to outsource their data management and security to a cloud provider with the experience and the resources to safeguard their data. NKR director of Education and Development Joe Sinacore explained to HealthITSecurity: “I want the people who have a vested interest in not just protecting my business, but everybody’s business and their own reputation. Seeing all of the resources that they put in on this, I don’t know how you can do it any better than that.”

No system is impenetrable and breaches can and do happen. But knowing where your data resides and who has access to it can help you respond effectively should a breach occur. Be sure to choose a cloud service provider that understands your business. As required by HIPAA, Mozy by Dell offers appropriate safeguards—including those for encryption, password restrictions, and data storage—to help you protect and secure the electronic health information you work with and store.

Next up: The Healthcare Cloud for Data Breach Prevention and HIPAA Compliance

Cloud Computing and Healthcare: Understanding the HIPAA Omnibus Rule

Note: This is blog 2 of 4 in our HIPAA series.

Now that you’re equipped with a basic understanding of HIPAA provisions, and how they apply to Covered Entities (CEs) and Business Associates (BAs), it’s time to dig deeper and look at some of the most important changes to this legislation during the last few years. The Omnibus Rule is the most relevant to health care because it governs, at least in part, the way health agencies leverage and interact with cloud computing services.

HIPAA highlights

Before diving into HIPAA changes and cloud compliance highlights, here’s a refresh: The Health Insurance Portability and Accountability Act (HIPAA) was adopted in 1996 and lays out specific regulations for companies that handle electronic protected health information (ePHI). Critically, these companies are responsible for keeping records of all disclosures of PHI, encrypting all PHI, and meeting other HIPAA security standards. Failure to comply—even through ignorance—can result in a $50,000 fine for the first offense and $1.5 million for the same offense in a calendar year.

Changing conditions

Think of HIPAA like a living piece of legislation that is constantly being assessed and modified to fit current needs. As a result, changes have emerged in recent years which impact both first-party health agencies and third-party providers.

According to HIPAA Journal, the Security Rule as revised in 2013 lays out specific administrative, physical, and technical safeguards that must be in place to ensure data security. These include Business Associate Agreements (BAAs) with third parties who access PHI, controls for devices and media used to store ePHI, and limits on who can remotely access ePHI. In addition, the impermissible use or disclosure of protected health information (that is, a violation of the HIPAA Privacy Rule) is presumed to be a breach unless the CE or BA, as applicable, demonstrates that there is a low probability that the protected health information has been compromised, such as through the use of strong encryption.

The new rules that became effective in 2013 also included changes such as:

   •     Expanded patient rights to request copies of their ePHI in electronic form.
   •     Prohibited the sale of health information for marketing or fundraising without patient permission.
   •     Introduced risk assessment methodology to determine the probability of ePHI compromise.

More recently, The U.S. Department of Health and Human Services released guidance on the applicability of HIPAA to cloud service providers (CSP). As noted by Becker Hospital Review, any CSP engaged by a CE to host ePHI becomes a BA by default, meaning they need to sign a BAA to comply with HIPAA’s requirements for BAs. CSPs must comply with certain breach notification requirements if their network is breached and results in unauthorized access to unencrypted ePHI, which includes prompt warning to the CE that their information may have been compromised.

 

Safe haven?

It’s important to note that cloud computing is not a “safe haven” from HIPAA compliance. If CEs permit CSPs to host or back up ePHI data without the proper agreements and precautions in place, both the CE and CSP could face Office for Civil Rights audits and fines for failing to comply with HIPAA regulations.

HIPAA continues to evolve as technology advances and new cybersecurity threats emerge. Although cloud computing is now a viable way to store and transmit ePHI, CEs and CSPs must take precautions to ensure HIPAA compliance. As required by HIPAA, Mozy by Dell offers appropriate safeguards—including those for encryption, password restrictions, and data storage—to help you protect and secure the electronic health information you work with and store.

Up next: Key causes of a health data breach. Find out how your CE can both detect new threats and safeguard patient information.

What is HIPAA compliance?

Note: This is blog 1 of 4 in our HIPAA series.

With identity theft on the rise, HIPAA compliance is becoming more vital than ever for businesses in the healthcare industry. The costs of violating HIPAA continue to increase; HIPAA non-compliance penalties went from $6.1 million in 2015 to $23.5 million in 2016. Experts predict they will continue to increase in 2017.

To assist with HIPAA compliance and to help protect against potential liabilities, the healthcare industry has been turning to the cloud for better security. In this first part of a four-part series, we’ll explore how the cloud is helping healthcare companies better address compliance with the HIPAA Security Rule.

How cloud computing plays a role in healthcare

The backstory to the healthcare industry’s HIPAA compliance strategy is healthcare’s migration to the cloud. The global cloud computing healthcare market stood at $4.5 billion at the end of 2016, and is on track to rise to nearly $6.8 billion by the end of 2018, according to projections by Transparency Market Research. Disaster recovery, data storage, and mobile health are the three biggest application needs driving healthcare’s cloud migration, according to TechTarget research.

The cloud’s ability to provide automated remote virtual backups makes it ideal for disaster recovery, enabling healthcare companies to have a secure backup offsite in the event of an on-site emergency. Meanwhile, the cloud’s scalability makes it suitable for storing the huge amounts of data that healthcare providers must manage. And the cloud’s connectivity to mobile devices makes it a perfect tool for delivering healthcare solutions to mobile device users.

What HIPAA compliance is all about

In conjunction with these applications, the healthcare industry is also using the cloud as a tool for HIPAA security compliance. The Health Insurance and Portability Accountability Act of 1996 established national privacy and security standards to protect healthcare patients. HIPAA’s Privacy Rule regulates standards for maintaining the confidentiality of certain healthcare information.

HIPAA’s Security Rule puts these privacy standards into effect by regulating standards for protecting health information stored in electronic form, known as electronic protected health information (e-PHI). HIPAA requires healthcare providers to maintain the confidentiality, integrity, and availability of all e-PHI they handle; to take reasonable steps to safeguard against anticipated security threats; to protect against impermissible uses or disclosures of information; and to ensure compliance by their workforce.

How HIPAA fits into the healthcare cloud

For companies seeking to comply with HIPAA’s security provision, the healthcare cloud serves as an improvement upon the security afforded by traditional on-premises data storage. Traditional on-premises storage is restricted by the space limitations of in-house IT equipment, which becomes impractical when terabytes of data are involved. On-site servers are also vulnerable to data loss if they become compromised or damaged in a disaster. On-premise servers further depend on in-house IT security teams, who typically handle security as part of a host of other IT duties.

Cloud servers address these disadvantages. Cloud usage can be scaled up to accommodate any amount of data, even if it overflows the capacity of in-house servers. Cloud servers are stored off-site where data is automatically backed up in multiple locations, so that a data hack or on-site disaster will not result in data loss. And cloud providers have full-time dedicated security specialists, alleviating healthcare providers of the need to rely solely on in-house IT teams for security.

An invaluable tool

As the healthcare industry migrates to the cloud, healthcare companies are finding the cloud an invaluable tool in their efforts to meet HIPAA compliance standards. The cloud makes it easier for healthcare companies to store large amounts of data, to back up stored data, and to keep stored data secure. We’ll explore how the cloud helps healthcare companies in their efforts to comply with a specific HIPAA provision in the next article in this series: Cloud Computing and Healthcare: Understanding the HIPAA Omnibus Rule.

Handle healthcare data? It’s hip to know HIPAA!

If your business handles personal health information—such as patient records—you know that such information needs to be protected; you have a responsibility to keep it confidential and protected from those not authorized to view it. That confidentiality applies not only to personal health information that’s saved on a desktop or server that’s on premises, it also extends to the cloud.

The cloud has become the de facto standard for storing healthcare records, in large part because it’s efficient and economical. In short, it makes good financial and IT sense to store healthcare records in the cloud.

As businesses migrate their healthcare records to the cloud, that data must comply with the Health Insurance Portability and Accountability Act (or HIPAA, as it is more commonly referred to) regulations. HIPAA established, among other requirements, a set of national standards for storing and handling electronic personal health information.

To be sure, HIPAA compliance is complicated; even so, it’s the law and must be followed. As a provider of HIPAA-compliant backup services that safeguard health information, Mozy ensures that health information is protected in a way that complies with HIPAA regulations. The Mozy software and services ensure that appropriate safeguards are in place so that the businesses that back up health information have the tools to keep it confidential and secure.

Mozy’s commitment to you and your data is simple and based on these principles:
   •     Your information is your information, not our information.
   •     We never sell your information to anyone, nor do we sell information about you.
   •     We never sift through your information in order to create a profile of you or target advertising.
   •     You can always get your information back while your account is active. We have no rights to your information if you leave           the Mozy service.

And your data is always safeguarded, whether in route to or from the cloud or at rest, with Mozy’s enterprise grade encryption.

Next week the Mozy blog will begin a four-part series about HIPAA—what it is, why it’s important, and what you need to do to be in compliance. Look for these blogs in the next couple of weeks:
   •     What is HIPAA compliance?
   •     Cloud Computing and Healthcare: Understanding the HIPAA Omnibus Rule
   •     Put a Stop to the Key Data Breach Culprits
   •     The Healthcare Cloud for Data Breach Prevention and HIPAA Compliance

Until then, check out how Mozy helps you comply with HIPAA security.

World Backup Day

Today is World Backup Day. Of course, that doesn’t mean it’s only important to back up your data today. World Backup Day is a reminder that you need to be backing up your important data (and since you took the time to create it, it’s all important data!) every day.

If you’re not already backing up, consider Mozy by Dell, the most trusted name in cloud data protection. Mozy enables “data completeness” for enterprises, small and medium-sized businesses, and consumers. What do we mean by data completeness? Cloud-based service plans that include award-winning backup, personal file sync, and mobile access. It also means peace of mind that your information is securely and privately protected from disaster, including lost or stolen laptops, hard drive failure, user error, or malware—including ransomware—and always available to you.

Thanks to our friends at Clutch for creating today’s infographic.

Take a Multi-layered Approach to Ransomware Protection

Note: This is blog 4 of 4 in our ransomware series.

You already know your business should take steps to minimize the risk of a ransomware attack. But do you know how to implement multi-layered protection effectively? In January 2017, cybersecurity experts discovered a new type of ransomware called Spora. Now more than ever, it’s imperative business owners know their protection options.

Ransomware protection options

Decreasing your vulnerability is your most reliable option for ransomware protection. Here are a few ways to do that:

   •     Educate employees
   •     Implement employee monitoring          software
   •     Protect with endpoint technology
   •     Back up with the cloud

How these tools work

Spora, the latest ransomware rendition, is distributed as an email attachment disguised as an invoice. Once it is opened it must be unzipped. It then attacks the computer and sends a fake “unreadable file” error message to the user. So, what can be done? Consider the following four areas of action:

Employee accountability plays a major role, because visiting unauthorized sites and suspicious emails is detrimental. Implement a training program where employees will learn how to identify phishing emails and links.

Employee monitoring software connects all company devices on a single interface. Teramind, for instance, is software that lets employers monitor employee computer use and even implement rules and restrictions in real time. You can prevent employees from checking personal emails and visiting unsecured sites.

Endpoint cybersecurity is network protection for corporate-level businesses and servers. An endpoint program can block access between workstations across your network. New features, such as full-disc encryption and data leak prevention are added frequently. When many devices connect on one network, one infected device can put all the others at risk. Endpoint security decreases the chances of ransomware infecting other devices on the network.

Cloud backup is simple, affordable, and can be highly effective against ransomware; any files your company backs up on the cloud are copied over to a remote, independent server with a whole arsenal of cybersecurity protocols. 

If ransomware infects your device

If a computer is infected with ransomware, you have options. If you have a cloud backup, wipe and reinstall your OS on that computer. Afterward, you can recover all your files from your cloud service.

If you don’t have a cloud backup in place, a collection of companies exist to help you remove the ransomware for a fee. If you have an IT team or are tech savvy, you may attempt a recovery and removal yourself, though the process differs depending on your OS. Keep in mind, Windows machines are targeted more often than Mac or Linux operating systems.

Don’t ignore the very real, very risky dangers of ransomware. A multi-layered security approach trains employees, monitors them, scans files and emails using deep learning and endpoint network security and backs up data. Of course, the hope is you’ll never need to use your cloud backup, but it’s more crucial to have backups now than in any other time in history.

If you don’t have your backup set on a weekly schedule, now’s the time to change that.

Say no to ransomware disasters

Don’t fall victim to ransomware! Make sure your cybersecurity is truly multi-layered. Check out how Mozy by Dell can help your business confidently say no to ransomware disasters.

In addition, the following documents discuss how to protect your important data from ransomware:

   •     Ransomware: Frequently Asked Questions

   •     Preventing a Ransomware Disaster

Ransomware Prevention for Small Business Owners

Note: This is blog 3 of 4 in our ransomware series.

Cyberattacks pose a serious concern. Just as technology is in flux, so too is the way hackers gain access and scam unprotected businesses and private citizens. Ransom payouts make ransomware a popular alternative to hackers trying to drain a business account before it’s closed out. Small businesses can prevent a ransomware disaster.

Identify ransomware

To prevent ransomware, first know how to identify it. The three most common types of ransomware are scareware, screen lockers and encryption ransomware.

Scareware floods a computer or network system with pop-up windows that inform users the system has been infected with malware and the only way these malware programs can be removed is by paying a fee. This is a scare tactic—hence the name—and a simple scan from your antivirus should collect this scareware and quarantine it for deletion.

Screen lockers lock out users from the computer or network. When you boot up a computer with a screen lock on it, what seems like an official message from the FBI or Department of Justice will appear and demand payment for illegal activities detected on your network. Neither of the actual departments will ever ask for payment. The network and computers infected with this screen lock need to be completely reset, which means all data will be lost if it’s not backed up.

Encryption ransomware is when a hacker gains access to a network or computer and steals and encrypts these files. The hacker demands a ransom in exchange for the decryption key.

Educate employees to keep phishers out

Phishers typically gain access through email. Though it seems like this would be easily preventable, victims abound, including large companies. In 2016 hackers conned technology powerhouse Seagate and social media pillar Snapchat. A hacker posed as the CEO and asked for employee payroll data.

Humans are always the weakest link in phisher scams, so companies must teach employees what phisher emails look like, how they reproduce the look of official emails, and why no employee should ever click an email link when asked to update information on an official site.

While education can lower the risk, it doesn’t make companies immune to a hack. Mickler & Associates, Inc. uses Mozy’s backup services to restore and protect company data. Mickler used Mozy to recover a fully compromised system in a matter of hours. While preventive measures for ransomware decrease risk, they can never completely eliminate the threat.

Take preventive measures

Preventive measures for ransomware include employee education, antivirus programs and firewalls. Retroactive tools are available too, though are less effective than preventing in the first place.

Since email is the most common way ransomware infects a device, sender identification technology like Sender Policy Framework lets the recipient of emails easily approve and authorize specific domains and emails. An email will be flagged when an unauthorized email is delivered.

People are also scammed with ransomware via pop-up windows. Hackers ask for personal information in ways disguised as ads and error notices. Cut out this danger with a reliable pop-up blocker. Back up your files every day with a cloud backup service.

Develop a proactive plan for when you’re faced with having to take retroactive action in the case of a breach. Your plan should spell out how you’ll purge all the infected devices and restore your data from your cloud storage. While it’s a hassle, as long as you have a regular backup schedule, no important files will be lost.

Part 4 in our series, Take a Multi-layered Approach to Ransomware, will be published next Thursday.

For more information about protecting your data, read the white paper, Preventing a Ransomware Disaster.

Spora and the Future of Ransomware

Note: This is blog 2 of 4 in our ransomware series.

The first article in this series, “What Is Ransomware?” took a look at this latest form of cyberattack that the FBI is warning could cost victims more than $1 billion this year.

Ransomware, already a serious problem, worsened with Spora. A highly sophisticated form of Russian ransomware—Spora—released in January 2017 and within weeks spread from former Soviet republics to the rest of the world. Here’s a look at Spora, why it’s considered such a threat, and who’s at risk from this new form of cyberattack.

What is Spora?

Named from the Russian word for “spore,” Spora is a new family of ransomware that typically spreads through email spam. It arrives in the form of an email resembling an invoice. The email includes a ZIP file attachment with an executable file containing an HTA extension. The extension appears as a double extension such as PDF.HTA or DOC.HTA. For users with file extensions hidden, this makes the attachment look like a normal file.

Clicking on the file extracts a Javascript file named close.js to the user’s %Temp% folder. The folder then extracts an executable file to the same folder and runs it. The executable file uses a randomly generated name and begins to encrypt certain file types on the affected device. The file also extracts and runs a corrupted DOCX file, which displays an error message, tricking users into thinking the file has been damaged during the email process. Spora does this offline, so it doesn’t alert the user with any detectable network traffic.

After finishing encryption, Spora runs a CLI command to delete shadow volume copies, which are normally used to help restore files. It also disables Windows Startup Repair and changes the BootStatusPolicy settings, both normally used for the file recovery process.

When finished, Spora places a .KEY file on the user’s desktop and in other folders and displays a ransom note. To decrypt their files, the user must go to Spora’s online payment portal. On the payment portal site, the user must first enter their infection ID code to log in. They must then upload their .KEY file to synchronize their device with Spora’s site. Victims can choose from a number of ransom options with different price points, ranging from a freeware option to restore two files for free to a full restore, which is the most expensive option.

Fees are scaled based on the types of files the device contains, so that the attacker can charge more for computers containing business files or design files. Payments are accepted only in bitcoin. A chat box allows the visitor to send up to five messages requesting technical assistance. After paying, the victim receives a decrypter they can use to unlock their files.

The threat posed by Spora

Spora is more sophisticated than previous ransomware. Its use of a hidden file extension to infiltrate the user’s system, along with its online operation make it harder to detect. It uses a top-notch encryption program. Its payment portal is more advanced than any experts have seen so far, indicating the level of sophistication of today’s top cybercriminals. Finally, Spora is now being distributed through exploit kits and spam campaign tracking ID options, indicating that its creators are renting it out as ransomware-as-a-service to other criminals—a disturbing sign of an emerging trend.

Who is especially at risk?

The most at-risk users are those who are careless about opening emails and email attachments from suspicious senders. Users also expose themselves to greater risk if they don’t stay current on the latest versions of their operating systems, applications, security patches and antivirus updates. Users who don’t back up their files are also at risk.

Spora represents a new level of threat as far as its attack entry method, encryption strength and payment portal. The release of Spora raises the need for ransomware security to a new level of urgency.

Look for part 3 in our ransomware series, Ransomware Prevention for Small Business Owners, next Tuesday. Until then, check out how Mozy by Dell can help you prevent a ransomware disaster. In addition, the following documents discuss how to protect your important data from ransomware:

   •     Ransomware: Frequently Asked Questions

   •     Preventing a Ransomware Disaster

What is ransomware?

Note: This is blog 1 of 4 in our ransomware series.

As 2017 began, the St. Louis public library system found itself the latest victim of ransomware, which is shaping up to be the new dominant form of cybertheft. The attack froze the computer system for all 17 of the city’s library branches, shutting down patrons’ ability to borrow or return books unless the city paid $35,000 in bitcoin for the system to be restored. Fortunately, the library system’s IT staff was able to rebuild their system from backup files and avoid paying the ransom, but many ransomware victims aren’t so fortunate.

The FBI estimates that ransomware cost victims $1 billion last year, up from $24 million in 2015, and warns that attacks are expected to continue escalating. Here is what you need to know about ransomware, why it’s dangerous, and what can make you vulnerable to becoming a victim of this virulent form of cybercrime.

Trickery that leads to a malicious download

Ransomware is a form of cyberattack that holds the victim’s device “hostage” by blocking access to the device, operating system, applications or files unless the victim pays money to have it unblocked. Some attacks threaten to post the user’s files online unless money is paid.

Alternately, some forms of ransomware do not actually lock the user’s device, but only display a message purporting to be from an authority such as a government agency, claiming that device will be locked unless the user pays a fine.

Ransomware typically works by tricking the user into clicking on a link in an email or on an infected website. Clicking the link downloads a malicious code onto the user’s device.

In more sophisticated ransomware, the code contains encryption instructions that use a random key to encrypt the device’s data. The device owner then cannot access their data without obtaining the key from the attacker.

Most attackers require money to be paid through an electronic medium such as bitcoin. The average amount demanded in 2016 was $679, but some attacks on businesses demand thousands or tens of thousands of dollars. However, paying does not necessarily guarantee the attacker will unlock the device. In some cases, paying simply opens the victim up to additional extortion.

Why is ransomware dangerous?

While early types of ransomware could usually be reversed through simple means, such as a reboot or system restore, newer forms use encryption, making them much harder to counter. And where older forms of ransomware could be avoided by not clicking on suspicious emarils or websites, newer versions can hide themselves in infected code on legitimate websites.

Ransomware is also infecting targets that affect more people and cause more damage. Some attacks have been aimed at hospitals, banks, utility companies, government agencies and police departments.

Finally, the success of ransomware attacks has attracted more thieves and emboldened them. Seventy percent of businesses infected with ransomware have paid the ransom, making this is a lucrative racket. Thieves are now demanding more from victims, with the average amount extorted expected to pass $1,000 soon.

Who is especially susceptible to ransomware?

Anyone connected to the Internet is a potential victim of ransomware, but some users are more vulnerable. Users who don’t keep their software versions, security patches, and antivirus software updated are more susceptible to vulnerabilities that ransomware can exploit. Users who don’t take precautions before clicking on spam email links or attachments or suspicious websites expose themselves to a higher risk of ransomware.

Users who don’t back up their files are also more vulnerable to ransomware because they don’t have a way to recover without paying ransom. Finally, having macros enabled in programs such as Word and Excel can leave you vulnerable to ransomware, which is increasingly being delivered through macros.

Ransomware is a growing threat that can potentially infect anyone connected to the Internet. It can cost victims hundreds or thousands of dollars. Users who don’t follow sound security and file backup practices are especially vulnerable. Ransomware typically invades devices through links in spam emails and code on fake websites, but it can also hide on legitimate sites.

Recent forms of ransomware are increasingly sophisticated and dangerous, as we’ll see in the next article in this series: Spora and the Future of Ransomware. Look for it on Thursday.

Until then, learn how backing up your data with Mozy by Dell can help prevent a ransomware disaster in your future.