in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Australia Encryption Problems: Russian Hackers Use Crypto For Data Ransom

Hackers of the Russian variety are holding the Miami Family Medical Centre hostage for $4,000.  That's Miami, Queensland (Australia) and not Miami, Florida.  That's right, there's a Miami in Australia.  As surprising might be the news that encryption software like AlertBoot can be used, not to protect data, but to corrupt it.

Server Hijacked, Encrypted

The Miami Family Medical Centre has announced that hackers are demanding $4,000 (Australian.  That's $4,200 American) to provide the encryption key that will unlock the center's own data.  According to spokespeople for the center, they had proper security in place – firewalls, antivirus software, etc. – and believe that in this case

the hackers had "literally got in, hijacked the server and then ran their encryption software".

"It's people who know how to break in past firewalls and hack passwords to get onto the server. We're trying to work out how to pay the hackers or find someone to decrypt the information." [pulseitmagazine.com.au]

Well, I'm sure Mr. Wood doesn't mean "literally got in."  But, the rest of the statement sounds par for the course: "ransomware" usually involves hackers infiltrating an organization's network, finding a server with essential data, and encrypting it.  Since only the hackers know what the key is, they'll offer it in exchange for money, in this case, $4,000.

When you consider that cracking crypto is nearly impossible if strong encryption is used, such as the AES-256 used in AlertBoot's full disk encryption, the $4,000 is almost worth it.  Even if the data can be regained via methods other than acquiring the hackers' encryption key, it would probably end up cheaper to pay off the aggressors.

On the other hand, if one has daily backups, it might be easier and cheaper to restore the data using these than paying off the extortionists.  After all, where's the guarantee that they'll send the key after being paid?

Encryption: One Facet of Data Protection

Many people hear the word "encryption" and assume "data protection."  It's not an incorrect reaction to have.  After all, one of the best ways to secure data is via the use of good, strong crypto.  However, it's not the only method.  And, like most tools, it can be used for good or evil.

In order to maximize the protection that comes from using encryption, you must also ensure that you have proper backups of the data (which should also be encrypted).  Proper backups are necessary not only as a contingency plan for instances where hackers hijack you data, but as an arrangement for all the other things that could happen: your computer gets stolen; your data gets corrupted; your office burns down; etc.

In other words, the same reasons why backups for data are a good idea in the first place, with or without encryption.  Except, with encryption in place, there's even more of a reason why you should be using it.


Related Articles and Sites:
http://www.pulseitmagazine.com.au/index.php?option=com_content&view=article&id=1250:hacked-medical-centre-not-the-first&catid=16:australian-ehealth&Itemid=327
http://www.bbc.co.uk/news/technology-20663685
http://www.net-security.org/secworld.php?id=14091

 
<Previous Next>

Android Security: Google's Application Verification Service "Nascent," Lacking

Medical BYOD: Use Of Smartphones Means HIPAA Breaches To Increase

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.