Dear Editor,
Thanks for the write-up on Hollywood Presbyterian. I agree that it is difficult or even impossible for users to recognize when an email is infected. The samples you provided will help.
However, there is another important lesson for agencies. Why did it take Hollywood Presbyterian 10 days to recover from the attack? Of course, we may never know the details but a few best practices can drastically reduce the impact and down time.
First, frequent backups of their file system would have enabled them to quickly recover everything since the last good backup. The ransomers would have had no power over them. Backup frequency for mission critical systems should be at least daily. Better yet, hourly, 15-minute, or even continuous backups are possible.
Second, limiting execution privileges on workstations where malware tries to run could entirely prevent damage. System administrators can easily make this change.
Finally, there is documentation available on the internet with additional measures IT managers can consider. Here is just one example.
I am speaking from experience. We were hit with the same ransom malware last year. So we know it can happen to anyone. But while the malware was attempting to encrypt our files, we were able to discover it and get it stopped within 26 minutes, not 10 days as in the hospital's case. We diagnosed the problem and recovered every file from backups with just a few hours of downtime. Without that backup, we would have been much worse off.
Jami Albro-Fisher, CIO
Fazzi Associates
©2016 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Tim Rowan's Home Care Technology Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. editor@homecaretechreport.com