An InfraGard Success Story

For this edition of Member News, the spotlight is on InfraGard Los Angeles, but it could just as well be about any and all chapters or members of InfraGard. This letter illustrates the importance of what we do as an organization, and the far-reaching effects that successful mitigation of threats to our critical infrastructure can have.

On June 7th, 2016 a Los Angeles-based hospital was the subject of an unsuccessful ransomware attack with the “UltraCrypter” ransomware virus, otherwise known as “.cryp1” for the file extension it uses to encrypt files.AerialLACUSChighres

The hospital was highly prepared and had practiced running “Cyberdisaster drills” (combination of hospital incident command system and a complete computer, server, and phone shutdown) in the past three months. As part of their forward-leaning stance in dealing with all hazards and cyberthreats, the hospital also utilizes the InfraGard daily blasts sent by the Los Angeles InfraGard Chapter Coordinator as a preventative tool in order to stay ahead of the threats. In this instance, the combination of information from the daily Cyber Shield and the FBI Flash Alerts on ransomware files to look out for contributed to the success of mitigating this virus from proliferating throughout the hospitals’ servers, and to other computer systems. Simply put, these alerts and the prepared staff at the hospital stopped the ransomware in its tracks when it was initially discovered. In the end, only one PC was affected and isolated. Its files were recovered from the 24-hour backup, and the entire hospital computer server and systems were up and running at full capacity within four hours of the discovery of the ransomware.

A huge thank-you to the InfraGard Los Angeles Chapter and Coordinators for continuing to deliver timely and relevant threat information for the protection of our critical infrastructure. The information you send out, once acted upon/implemented can save many lives especially in the healthcare sector. I say this often: “When you hack a business, they may lose dollars — when you hack a hospital, there is a high likelihood that lives could be lost.” If we can share this type of training and information to our colleagues in the healthcare sector by creating a healthcare-specific product and guidance through a hospital cyberworking group, we may prevent other hospitals from having to pay ransoms, and get them back to delivering great care to their patients immediately — better yet, we may save lives.