Dealing with Ransomware

Over the past three months we have written about the newest threats to dental offices servers and patient data. During that brief window of time the most prevalent threat, ransomware, has continued to grow at an alarming rate.

The most recent research reports that the number of new pieces of ransomware detected has better than doubled between January 1, 2015, and September 30, 2015, bringing the total number to more than 5 million pieces of ransomware!

According to a “Good Morning America” segment run earlier this month, we need to plan on this type of growth to continue through 2016. During this segment Intel security experts reported that they are detecting 13,000 new pieces of ransomware a day.

See NBC “Good Morning America,” December 1, 2015: Security Experts Warn Ransomware Attacks Will Grow in 2016.

Given the present volume and growth rates coupled with the increasingly sophisticated methods that ransomware is utilizing, it is easy to say that a majority of us will eventually experience a ransomware attack.

So what can you do to prepare yourself? First, work on a good defense and second, develop a sound recovery plan for if and when a ransomware attack hits.


The first line of defense against this type of malware is your firewall. A basic firewall will no longer do; a true business class firewall with active anti-malware software is needed.

The second line of defense is an active, business grade anti-virus on your server. Yes, this may sound redundant, but it is not.

By keeping both active, you receive software updates developed by each manufacturer to help block new pieces of malware/ransomware.

Since a person has to launch ransomware into your network, the education of everyone in the office is paramount. Short of working closely with a knowledgeable company to assist in training, make it a rule that no matter who the email is supposedly from, if you are not expecting that email do not open an attachment or click on any link!

Important note: Due to both the sheer volume of new ransomware being developed as well as the human factor, the above steps will decrease but will not eliminate the chance of a ransomware attack hitting your server.

Understanding this, it becomes sound business sense that each office develops a plan on how to recover from a ransomware attack. A sound recovery plan will allow you to avoid paying the ransom and avoid damage to your files while also preventing days of downtime (see October 29 post “Is Your Office a Target for a Cyber Attack?” for details).


The first step is to evaluate the type of system your office utilizes to back up your server. If it is a traditional system with a hard drive attached to your server you may have a problem. Ransomware sees the removable device as an additional drive on your computer and renders it unusable.

If and when you do get hit with an attack, immediately take your server offline by powering it down. If done quickly enough this may help decrease the damage done by the ransomware. However, with viruses running through a network in as little as 45 seconds this action may be futile.

To ensure rapid and full recovery from a ransomware attack a business continuity system needs to be employed (see September 23 post “Backup Has Become A Bad Word”). A true business continuity system will step in for the infected server and get the network up and running in 30 minutes or less. Once your practice is up and running your server can then be scrubbed clean to ensure that the ransomware is removed. Your data is then transferred from the business continuity system back onto your now clean server.

A proper defense plan will help decrease the odds of a successful attack but a sound recovery plan will make a ransomware attack a virtual non-event.

For more information or to schedule a Data Security Assessment, please write to or phone 800.998.9048, ext. 102.

5 thoughts on “Dealing with Ransomware

  1. I’ve repeatedly asked our Patterson IT support team what anti-virus is recommended, and have consistently been told Microsoft Security Essentials is fine. Symantec has also been recommended. We have a firewall on the server, but across the network we’ve been told the firewall interferes with many of the functions in Eaglesoft. Do these things make us more vulnerable? What alternatives are there?

    1. Steven, thank you for your comment. There are a number of variables that could cause the interference you mention. There is a technical expert at Patterson Dental that would like to provide assistance in resolving your issue. If you are interested in the assistance please forward your contact information onto me and I will pass it on. My email address is

  2. My office has had similar issues to what you’re describing with firewall issues with Eaglesoft. The best way to prevent this is to not use your basic firewall, because it sounds like you’re using a true server, not a desktop computer. When using a true server, you need to get the proper recommended anti-virus programs, etc. Semantec is very highly recommended but if memory space is a problem for you, then you would want to look into other anti-virus programs. Semantec programs are very large and require a lot of memory space to run properly. A basic firewall like the Windows firewall, since it will not work properly with Eaglesoft, will leave security holes in your system that hackers/viruses can use.

  3. I am having an issue getting my PCI Compliance for my credit card terminal — one stand-alone device connected to the internet, not our phone line. I cannot get a Passed Scan. Trustwave is explaining that it is our SSL & TLS versions and whomever istalled our server needs to help us take care of this. Patterson, as far as I know, installed router and server, but I can’t seem to get support. They updated my router with new updates just last week and said that should fix things. Well, it hasn’t. And as I reread your article and the two comments above, I believe it also has to do with our firewalls because they mentioned that also. Who do I call for help? And do you understand my issue? I am not tech minded, but someone out there sure has to be! Right?

Comments are closed.