A New Approach to Ransomware

By Shutter2U / stock.adobe.com

As I have discussed numerous times in past articles, I believe that ransomware is the biggest threat to dental practices right now. For those unfamiliar with ransomware, it is a class of malware, like viruses, that attacks your computers and network. What makes ransomware unique is that it locks your files and requires that you pay a fee, or “ransom,” to get the files unlocked.

If you live on the East Coast you are familiar with ransomware; the Colonial Pipeline was recently attacked, causing days of havoc at the gas pumps. Ultimately, the company paid $5 million to decrypt its files. Although Colonial should have had better cybersecurity, many dental offices do not have the resources or manpower to achieve such a level of protection.

We take a 3-pronged approach to ransomware. First, we keep the bad guys out through installation of a business-class firewall and ensure we patch all vulnerable software on our computers. Secondly, if the virus does get in, we have antivirus and antiransomware software to neutralize it. Finally, if all else fails, we have an encrypted backup we can restore from, and cyberliability insurance to deal with the Health Insurance Portability and Accountability Act (HIPAA) ramifications of the breach (yes, a ransomware infection is a HIPAA breach).

Recently, a new tool has been added to our arsenal that I am very excited about: application whitelisting. Although the term may be unfamiliar, the concept is easy to understand.

All viruses, including ransomware, are just small programs. They are a series of instructions executed in a specific order. In ransomware, that’s usually something along the lines of hiding itself at first, then turning off your antivirus programs, encrypting and/or deleting files, then placing a “ransom” note on each PC, and so on. With application whitelisting, we run the software on your presumably uninfected computers for a week or 2. During that time, the software takes inventory of every program that is running, including your practice management software, image software, and third-party programs. All these are added to the list of programs allowed to run.

After a week or 2, we flip the switch on the software from learning mode to “deny all” mode. If any program not on that approved list tries to run, it gets stopped immediately. Basically, the ransomware cannot execute its program because it isn’t allowed to run.

The beauty of the modern systems is that, as an IT provider, we can accumulate the data from all our clients and build up a list of approved programs that can be applied to all dental offices. For example, if an office is switching from Dentrix to Open Dental, it won’t trigger the deny mode because Open Dental is already in our approved global list of accepted software.

I am very excited about this technology. We have beta-tested it with numerous offices. It takes less than 5 minutes per PC to install and everything is done behind the scenes. Most of the better systems I’ve evaluated run around $100 per location per month, which is not cheap. However, given the consequences of being hit with ransomware, many will consider it a small price to pay for the peace of mind in knowing your business is as protected as any other.