Dental Practices & Ransomware (Questions/Answers)

Ransomware Attacks Are Still On The Rise

What Is Ransomware?

The U.S. National Cybersecurity and Communications Integration Center’s (NCCIC) has observed an increase in ransomware attacks around the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by visiting an infected website.

Ransomware is the most frequently used form of malware today. It has infected and paralyzed hundreds of thousands of organizations around the world. Ransomware attacks have cost U.S. businesses millions of dollars in losses.

There’s more than one kind of ransomware. Viruses like CryptoLocker, CryptoWall, Locky, WannaCry, Petya, NotPetya, Crypto, Bad Rabbit, Eternal Blue and more are designed to deny access to your data or network until you pay a ransom. A malicious software will lock down your computers files unless you agree to pay at least $300 in bitcoin.

The FBI says that you shouldn’t pay the bitcoin ransom. There’s no guarantee that you’ll recover your files if you pay the ransom.

When your IT system is infected with ransomware, it can be devastating to your dental practice. If you have confidential patient information or other sensitive data stored on your computers or network, it’s at risk. You should take the NCCIC’s warning seriously.

How Does Ransomware Spread?

Ransomware spreads through phishing emails or when employees visit an infected website.

Phishing can trick your employees into clicking on a malicious link or attachment that sends the ransomware virus into their computer.

These emails are designed to appear as though they have been sent from a legitimate organization or known individual. They entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer is infected with malware.

The WannaCry and Petya ransomware viruses spread via a vulnerability in Microsoft’s Server Message Block (SMB) network file-sharing protocol that’s widely used in dentists’ LANs (Local Area Networks). It helps your computers connect so your employees can share files and resources like printers. This function is performed within the firewall; however, it can also work spread outside the firewall if specific ports are open.

If your network and computers are infected with ransomware, recovery can be difficult. It typically requires the services of a data recovery specialist.

How Can You Protect Your Dental Practice From Ransomware?

The best way to protect your dental practice from ransomware is to prevent it from landing on your computers in the first place. NCCIC recommends that you take these precautions to protect users against the threat of ransomware:

• Update software and operating systems with the latest patches. Outdated applications and operating systems are the target of most attacks.
• Never click on links or open attachments in unsolicited emails.
• Backup data on a regular basis. Keep it on a separate device and store it offline.
• Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
• Use application whitelisting to allow only approved programs to run on a network.
• Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
• Configure firewalls to block access to known malicious IP addresses.
• Follow safe practices when browsing the Internet. Read the Security Tips from the US-CERT (United States Computer Emergency Readiness Team).

How Does A Next-Generation Firewall & Intrusion Prevention System Work?

The right firewall and Intrusion Prevention System (IPS) helps to prevent viruses from getting into your computers. Today’s modern firewalls are built to defend against ransomware.

Your IT company should implement a next-generation firewall with an Intrusion Prevention Systems (IPS). These can keep ransomware threats from getting into your network and stop them from self-propagating and infecting other computers and systems.

An IPS collects the malicious traffic coming into your network and only lets the clean traffic through. It also performs what’s called deep packet inspection of your network traffic to detect exploits and stop them before they reach any of your computers. The IPS monitors for and identifies suspicious activity, logs the data, attempts to block it, and reports it to your IT services company.

This right IPS uses a tactic called sandboxing. It puts malicious programs in a separate place, so they can’t spread throughout your network. Ransomware like WannaCry and Petya spread like worms; they can lurk in files like Microsoft Office documents, a pdf, or updates for applications. Hackers can make these files appear valid and hide the malware. This is why sandboxing is essential for any IPS.

Ask your IT services company to:

• Use a modern, high-performing next-generation firewall, IPS and sandboxing solutions.
• Perform network assessments to detect all security gaps in your network.
• Set up a Virtual Private Network (VPN) to detect any IT assets that are vulnerable.
• Employ sandboxing to sequester any malicious files.
• Establish IPS policies to prevent malware from spreading to other LANs.
• Ensure that any infected network is automatically isolated until they can eradicate the infection.
• Segment LANs, using VLANs (Virtual Local Area Networks) and connect them all together to you next-generation firewall.

Using VLANs allows your computers to communicate through a virtual environment to protect them from any ransomware or other viruses that may be circulating in your network. Extending VLANs or zones into your firewall takes security to the next level.

Do Most Dental Practices Segment LANS & Connect Them To Next-Generation Firewalls?

A next-generation firewall with proper LAN segmentation is the best way to protect your organization from today’s sophisticated and increasing ransomware threats. Unfortunately, many dental practices in the DC Metro Area don’t do this because they aren’t aware that they should.

This is why we’re seeing an increase in ransomware infections. If you don’t connect the VLANs to a next-generation firewall, this leaves a vulnerability in your system because the firewall can’t detect or control the traffic going through it.

Contact NOVA Computer Solutions to learn more about next-generation firewalls, VLANS, and segmenting your network to prevent ransomware infections. In addition, we can train your employees to recognize and avoid phishing and other threats.

Note: If you are victimized by ransomware, report it immediately to NCCIC at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.

Did you find this information helpful? If so, check out the NOVA Blog.