Surprisingly, hospitals have found themselves as a preferred victim of ransomware attacks
Tel Aviv-based Votiro security firm announced on Tuesday that the ALYN Woldenberg Family Hospital in Jerusalem would be integrating their email protection solutions to guard against ransomware attacks.
While many individual users and companies have been the target of this annoying and harmful hack, surprisingly, hospitals have found themselves as one of the preferred victims of these kinds of attacks.
Ransomware differs from many other kinds of hacks in that the attacker is not looking to steal information but instead lock it down and keep the owner from being able to access it. Normally when a hacker breaks into a system, they are looking for valuable information that can be later sold or used to their benefit. Hospitals represent an interesting kind of target in that the information in their network is not of much value to outsiders, but it is very important for them, and as has been seen in case after case, they are willing to pay for it.
If a hospital cannot access their patient records on the network, then they are unable to operate, which in turn risks lives. Because they were not thought to have been valuable victims for hackers, hospitals have been ripe targets for well known attacks like the CryptoLocker and CryptoWall. These institutions often do not have the proper security protections in place to pick up on these threats. Moreover, their personnel are even less prepared for the phishing emails used to break into their network.
When a hacker wants to attack a network, in most cases they are like vampires: They have to be invited in. They send their emails to the intended victims containing either a compromised link to a dangerous website, or more often send the malicious code through an attachment that attacks the system when opened.
For a hospital, like many other kinds of large operations, by necessity they have to open thousands of incoming documents from unknown people, and are often unable to verify a message on their own before opening it.
This is where services like Votiro are able to bring value, taking the guess work out email by denying entry through one of hackers’ favorite vehicles of entry.
Theirs is a cloud-based solution that reconstructs incoming documents found in email, whether they be images, Microsoft Office, PDFs, or files. Speaking with Co-founder and CEO Itay Glick, he tells Geektime that they have a process for taking the attachments, breaking them down to the essential and verified elements, and putting them back together with only the “clean” parts remain.
Instead of working with a signature analysis model like many other cyber security solutions, Votiro simply takes out all kinds of active code from the files that pass through its filters. As a cloud solution, they do not work directly on endpoints like competitor Re-Sec, another Israeli company working in this space. There is also the continued challenge of malicious links in emails that require clients to work with additional providers. However Glick says that they are working with other companies to develop solutions for their clients on these issues.
Glick co-founded the company with his CTO Aviv Grafi in 2010. Originally a penetration testing consultancy, they evolved early on to work on their current product, running their startup as a bootstrapped solution for protecting email. Finally in April, they opted to go for their Series A, pulling in $4 million from Aussie VC Redfield.
With their HQ and R&D based in Tel Aviv, they now boast offices in Singapore and Sunnyvale, with a client list that Glick claims reaches over 100. Glick tells us that they are looking to expand their team here and Israel, and are working with sectors like critical infrastructure, defense contractors, and finance. “Three of the seven biggest banks in Israel are working with us,” he says, adding that they are, “Seeing a lot of traction from that sector.”
Asked why he views the threat of ransomware as particularly dangerous, Glick tells Geektime that, “It has an immediate impact that hits harder than traditional espionage attacks. It can take down a hospital in a matter of minutes.”
“If they are hit, they can look for tools online that will help decrypt their files,” he advises for those unfortunate enough to be hit with a ransomware attack. “If they are backed up, then they are lucky. If not, then they will have to pay. What we prefer is to put a secure email gateway and prevent the attacks.”
Votiro’s solution, like Re-Sec’s and many others who have been working in this sphere of security, appears to offer a solid response to the threat of phishing emails and could help reduce the number of attacks that go through. I remain skeptical that anyone has devised a total solution to the threat of zero days, so even if the threat is minimized, users should refrain from acting too careless.
The classic critique of this type of solution is that it is able to block legitimate items from coming through to the receiver, which can be a concern. Even though when push comes to shove, an attachment is always able to be resent, knowing that you clicked on the email that shut down your office is a pain worth taking steps to avoid. In general, it is better to take precautions with protections like Votiro’s solution.