The month of August has seen a surge in cyberattacks on healthcare IT networks in the US using the Locky ransomware, a more highly evolved and effective version of the CryptXXX family of ransomware.
Locky is so named because it locks down files and demands payment to free them and is distributed through social engineering methods. Infected files within emails encrypt files on a PC, as well as infecting attached storage devices. It can also steal cryptocurrency wallet funds on the system as well as send sensitive data to cyberattackers.
In August security researchers at FireEye observed a spike in attempts to deliver Locky, with hospitals receiving over half the infected traffic. It’s thought that hospitals are appealing to cybercriminals because healthcare IT networks are crucial to operations. And it’s a proven moneymaker. In February a hospital in Los Angeles paid nearly $17,000 in Bitcoins to restore their network. The hospital acknowledged that paying the ransom was the quickest and most efficient way to restore their systems.
For many industries, including healthcare IT, cyberattacks aren’t a matter of if, but when. Locky ransomeware attacks might be avoided through better user education and vigilance, but other attacks on the network might require quick restoration or diversion around infected parts of the network.
Uplogix in healthcare IT networks
With Uplogix, all management of networking devices can be moved out-of-route. Devices can be configured to only accept management traffic from an Uplogix Local Manager over the console port. This “locks down” the device to potentially malicious outside traffic aimed at changing configurations, powering down or other unauthorized changes.
Second, Uplogix gives you the tools you need to rebuild quickly after a hack. Since a Local Manager is a state-aware console server, recovery from an unauthorized change can take place nearly immediately. Last-known or golden configurations can be pushed to devices and secure out-of-band access ensures you’ll be able to get to remote devices even when the primary network is down or degraded.
Another option is for Uplogix to put network devices into a “safe mode” during an incident. Maybe you don’t know the extent of the damage or if it is contained and want to limit network functionality. Before you go into disaster recovery mode, Uplogix can be used to push an appropriate configuration to one device, or to thousands deployed across your network.
Not all console servers are created the same. In addition to all of its security functionality, Uplogix is a closed appliance. Other console servers are open implementations of Linux which could mean trouble.
Download the Security Solution Brief