“I got ransomware and it came in through RDP”.
I wish this was the first time I’ve gotten this call, but sadly, it’s not and I doubt it will be the last time.
RDP, or Remote Desktop Protocol, is a way to access your computer network when you aren’t at your practice. Super convenient and cheap, right? No. The problem is that the bad guys are now scanning for open RDP ports and purposely infecting you with ransomware to get your money.
In an ideal world, you would have a hardware firewall at your perimeter that you would VPN into, then access your computers via RDP. Alternately, you could use a secure remote access program
Ransomware traditionally has come in when someone clicks on an infected link or attachment in an email. It then encrypts the data inside the network and holds it for ransom. If there is a properly configured firewall in place, you may be able to prove that data hadn’t been sent out of the practice. This means you have to make modifications above and beyond initial setup default settings.
This new variant is utilizing insecure RDP access to break into your network and server, setup an account with administrator credentials and then download the ransomware. It’s also likely that they will install key loggers to steal your passwords. This is considered a targeted hacking attack.
At this point you are looking at a big, costly mess. You’ll likely have to reinstall operating systems to definitively know that the bad guys don’t have access, put in a real hardware firewall, use secure remote access and probably report it as a data breach to patients and Office for Civil Rights.
So how do you protect yourself?
For starters, don’t setup RDP yourself. Engage a qualified IT Provider that is geared to proactively prevent incidents like this from happening in the first place. Many computer savvy people can setup a network and RDP, but securing it is an entirely different task. A good IT Provider will know how to do it right and support it long term. Don’t have one, or your guy can’t or won’t do it? The guys at ACS Technologies, LLC are pretty great, but you can always find a dental specific IT Provider at DIA.
Don’t ask your IT Provider to decrease security. This is a real problem that is targeting smaller practices. Asking your IT Provider to do something that is known to be risky behavior just puts you both in jeapordy.
Utilize Security Business Best Practices. This means having a multi-layered defense system that includes a firewall, anti-virus, patching and backups. While you’re at it, train your team.
This is a problem that can easily be thwarted. Don’t let yourself fall victim to this latest scam.
