Introducing Wrecked

Wrecked is the latest strain of ransomware infecting networks worldwide across all industries. The nature of the exploit makes certain industries more vulnerable, including healthcare.

What does Wrecked do and what makes it different? Wrecked exploits vulnerabilities in what are called TCP/IP stack libraries. These libraries are used by manufacturers and software developers to enable internet and network connectivity for their devices. Wrecked has the ability to launch denial of service attacks and to install software for remote code execution, basically everything needed to lock you down and steal your data. The challenge we face is while patches are now available, most devices and applications may not automatically be updated, so this is a vulnerability we expect to be around for a long time. The specific stack libraries affected by Wrecked are Nucleus NET, FreeBSD, IPnet, and NetX.

While wrestling with the patching is going on, it’s a good idea to have a pre-planned process in the event of an attack. After all, ransomware attacks are hitting organizations of all sizes every day, and the impact can be devastating and causes many companies to close their doors. Here’s a starting point for your defenses.

1. Keep a replica of your Active Directory in the cloud;
2. Have a pre-planned communication method if email goes down, because it’s highly likely it will, especially if you’re using Exchange;
3. Get legal counsel involved as early as possible – CC’ing your legal team in correspondence regarding the incident can provide attorney-client privilege on the email contents;
4. Set up a “clean” email communication for the incident – protonmail, for example, and follow the steps above;
5. If you’re using onsite backup, put them on a separate domain or in a workgroup – in other words, if your onsite backup configuration doesn’t take copies offline or onto a separate network, those could get destroyed in the attack.

Obviously, this is not a comprehensive list, but these steps should be added to your existing incident response policy. You have one of those, right? If you don’t, we can create one with you.

Stay safe. Click smart.

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.