As Cookeville Regional Medical Center works through a ransomware attack, a Tech cybersecurity expert said recovery from such events can be challenging.
Eric Brown of Tech’s Cybersecurity Education, Outreach and Research Center said the malware can be used to steal and restrict access to data. Attackers hold it in exchange for a large financial reward. Brown said ransomware attacks are challenging to navigate.
“There’s a lot of very meticulous efforts that have to be made to you know, limit damage,” Brown said. “And you know, also, you’re still wanting to make sure you’re maintaining the service of whatever the effected organization is. You’re trying to make sure you’re still doing business while you’re trying to mitigate the interruption.”
Brown said ransomware attacks can be delivered through complex scans of a website, which may be used to exploit an entry point. Brown said more simple tactics, like phishing emails, are also common ways to deliver ransomware.
Brown said ransomware scams can come from large scale criminal organizations. These organizations have sound infrastructure available, and some groups may even work for hire on the dark web.
Cookeville Regional’s ransomware attack is believed to have come from somewhere overseas. Brown said it is common for ransomware attackers to operate outside the United States.
“They’ll be in another country somewhere because, you know, if I’m going to operate in this kind of area, I’m definitely going to make sure I do it from locations where in the event that I’m caught, they can’t extradite me to the United States,” Brown said. “So it’s better to work out of countries where there are no extradition agreements or things like that.”
Brown said it is always a challenge to track these criminals down, but the FBI and other law enforcement agencies have brought some to justice. Brown said law enforcement is always working to reduce cyber crime.
Brown said cyber issues are bound to happen eventually, so people who work in cybersecurity need to be trained in incident management to be better prepared for attacks. Brown said response to a ransomware attack impacts the likelihood of another one.
“If you go about the process of doing the detailed clean up that is involved in that, you can lessen the opportunity of that same attack taking place again,” Brown said. “If you ignore it, it can happen again.”
Brown said organizations that do nothing risk leaving the same door open that let in a prior attack. Brown said reinforcement of a certain tool or more training can help in the aftermath.
