The FBI warns Oklahoma organizations of ransomware attacks after a metro clinic fell victim to it this week.
Officials said those attackers will target any organization when the opportunity comes.
“Many times, unfortunately a lot of companies, the first indication there’s an issue is when their system is encrypted and they no longer have access,” explained Supervisory Special Agent, Eric Littlepage.
To be targeted, to get hacked and have sensitive information held for ransom should be a concern for organizations of all sizes per the FBI.
The Oklahoma City Indian Clinic is a recent victim of the cyber-crime, they were hacked earlier this month.
The use of ransomware is an illegal activity that’s becoming more streamlined.
“Now we’ve seen a lot more where there’s a ransomware as a service, which is more like a business model,” explained Special Agent Littlepage.
He continued, “Specific groups that are generating or creating the tools and the encryption methods and the vector of attack and they’re selling it to sub-contractors that are conducting the intrusion and then paying the overall ransom group a fee.”
The OKC Clinic released this statement after they were hacked:
“Earlier this month, Oklahoma City Indian Clinic (OKCIC) discovered that certain systems were inaccessible and immediately deployed all available resources to investigate, including third-party forensic specialists. As part of our investigation, we discovered that the OKCIC was the victim of a cyber attack. While our investigation remains ongoing at this time, we currently do not have evidence of unauthorized access to patient information. OKCIC is taking the necessary and appropriate steps to address this incident and comply with applicable regulations, and will continue to do so as our investigation proceeds.”
The ransomware group claims to have 350 gigabytes of data with health records and financial documents.
The attack also impacted some computer systems and the clinic’s auto-prescription refill system.
The easiest way for hackers to get in is through unknowing employees.
“A huge weak link in any organization is really just phishing attempts,” explained Special Agent Littlepage.