Beating Ransomware: A Race Against Time

Ransomware has proved itself to be a lucrative attack against organizations in many industries. Attacks against healthcare, in particular, have more than doubled in recent years, as both information theft and targeted attacks for monetary gain. There are already warning stories in the news about criminals using exploits created from unpatched systems and newer vulnerabilities to demand payment (usually in Bitcoin for anonymity) to decrypt files and databases.

On Thursday, April 21, 2016, the FBI contacted a number of healthcare providers, alerting that some of their public-facing web applications were deemed vulnerable to a JBOSS vulnerability that led to an attack called Samas.A, an exploit using the Python tool Jexboss (normally used in vulnerability testing) to introduce ransomware into a system. Threat actors had already created exploits found in the wild and were actively engaged in targeting various organizations by holding their information hostage. One of these healthcare organizations was a customer of WhiteHat Security.

This healthcare provider recognized the severity and potential damage of the situation if they did not remediate, as they had multiple web pages and applications. While the cost to pay the cyber criminals their ransom would have been high, our Healthcare customer was more concerned with the immeasurable damage to the brand, as well as the impact on the customers and government regulations for any possible disclosure of data.

With these concerns in mind, they were keen to resolve the vulnerability straightaway. Our customer reached out to WhiteHat Security for assistance that same day. As a trusted security advisor, WhiteHat was able to provide two primary support services through the crisis:

• A team of subject matter experts that could provide information, instructions, and constant support
• Continuous testing, retesting and verification as fixes were being made to identify all instances of JBOSS vulnerabilities over the next 24-48 hours

Without hesitation, WhiteHat Security constructed a response team to provide support particular to our customer. Comprised of subject matter experts with knowledge of the customer’s environment as well as a deep understanding of the code exploit and service vulnerability, they were able to provide specific guidance on how to contain and remediate large outbreaks. The team remained on call and available for meetings, provided vulnerability-specific expertise, and tested against the customer’s production environments.

By close of business the next day, all analysis and defects were completed, allowing the healthcare provider to implement all fixes over the weekend. Additionally, the team made themselves available during the fixes just in case any strange instances needed to be on-boarded, tested, retested, or validated. By Monday, the WhiteHat Security customer support team was officially released to stand down, emergency over.

The WhiteHat Security 2016 Web Applications Security Statistics Report shows that 50% of the web applications in the Healthcare industry are currently operating with unpatched vulnerabilities. Join us in the fight to improve these odds, help keep patient records safe, and keep your organization out of the news.