Home' Australian Pharmacist : Australian Pharmacist February 2014 Contents Australian Pharmacist February 2014 I ©Pharmaceutical Society of Australia Ltd. 73
Ware does it start?
The word ransomware has origins in a
similar word 'malware', which refers to
software that is malicious. It naturally
follows that ransomware is software that
demands a ransom. Ransomware is a
type of Trojan, and as the name suggests,
forces its way through a computer's
defences without the user being aware.
Ransomware had its origins in Eastern
Europe, then gradually spread to Western
Europe, and now is an international threat.
What started as a small and annoying
piece of software has now been copied
and made more professional, with online
gangs purchasing and further developing
their own version of the software.
The scheme is highly profitable, extorting
millions of dollars across the globe for
those that choose to pay the ransom. One
of the factors contributing to the recent
international spread is the ability for gangs
to abuse prepaid electronic payment
systems to receive payments.
The most common ways that
ransomware is installed is through web
exploits and 'drive-by' downloads. One
example of this is where a user browses
to a genuine website that has advertising
space purchased by the attackers.
Clicking on this advertisement is a sure
way to infect the computer, but if the
browser is not fully patched, a file can be
silently downloaded onto the computer,
and then automatically executed.
As you'd expect, another common source
is from spam email, where the Trojan is
hidden in an attachment or on a website
link in the email.
Once this malicious software is run,
functionality of a computer is disabled.
Generally a screen is displayed that
details what has supposedly happened,
and a ransom demanded to unlock the
computer. The screen displayed takes
different forms, but is usually labelled
as being from the American FBI, and
is very convincing for the unaware.
Some variants of the software are clever
enough to work out which country
the computer is in and customise
the message to appear to be from a
What to ware
The advice from most circles is to not
pay any ransom. There is no guarantee
that once payment is made that the
computer will be unlocked, and may
in fact lead to further requests
for payment. There are numerous
methods posted on the Internet to
remove ransomware, but attempts are
Along with common sense, having
the most up to date protection and
backups are the two key ways to protect
against ransomware. Ensure that your
operating system updates are done
regularly, and particularly ensure that
your browser is updated and patched
to the most up to date version. Having
a reputable and up to date anti-virus
program is another important piece
of the protection you need. Backups
are a critical key to data recovery, and
having backups that pre-date the
software infection are an absolute must.
It's easy to gloss over this one as a single
sentence, but without backups, recovery
is near impossible. Finally, common
sense is the most useful strategy when
it comes to spam email. Ensure that
you have a procedure in the workplace
around who can access email, and
ensure that these people are aware of
the dangers and the consequences of
one innocent click. Spam is becoming
more clever, with more and more
emails arriving every day that look like
genuine emails, but to the unsuspecting
can draw them in with disastrous
Ware to from here?
CryptoLocker is another more drastic
form of ransomware that encrypts every
file on an infected computer with an
electronic key, and that key is uploaded
to the attacker's server. They level of
encryption used is extremely high
(making recovery impossible) and
then the software attempts to encrypt
any files on other hard drives and
other computers in the same network.
Cryptolocker creation kits are available
cheaply on the Internet, and gangs
make modifications to the kits to
stay one step ahead of browser and
If this sounds daunting and scary, then
take heed, and ensure that everyone in
your workplace is aware of the dangers.
There have indeed been pharmacies and
surgeries that have lost their data as a
result of ransomware, so it is a real and
present threat. As pharmacists, we are
entrusted with personal data which we
keep on our computers so computer
security it is no longer an option,
but a must.
Jason Bratuskins is a practising community pharmacy
proprietor with an enthusiastic interest in the
application of IT to day-to-day pharmacy. He also
works in the pharmacy IT industry on a number of
cutting-edge eHealth projects for Fred IT Group.
He can be contacted via email at: cyberpharm@
How not to ware a Ransom
BY JASON BRATUSKINS MPS
The Pharmacy Board of Australia recently published a communique about
managing health records, but more particularly around reports of incidents
involving something called 'ransomware'. Once only a problem for those
visiting unsavoury sites, this menace is now an issue for every business,
and in particular those that rely heavily on their computers to operate.
Links Archive Australian Pharmacist January 2014 Australian Pharmacist March 2014 Navigation Previous Page Next Page