The Rise of Ransomware Attacks in the Health Sector

Colm Warner

What is a ransomware attack?

Before we jump into the details of this post, let’s make a basic definition clear. A ransomware attack happens when company or personal files  are encrypted by a 3rd party and held to ransom. Typically, the victim  receives a demand for payment (e.g. cryptocurrency ) in exchange for the encryption key to retrieve their information. Often, the ransom demand is accompanied by a sample of the stolen data, a “proof of the crime”,  if you will.

From WannaCry to REvil: the evolution of ransomware

One of the most infamous ransomware attacks was the WannaCry cryptoworm outbreak in 2017 which compromised the UK’s NHS. While this was not the first ransomware attack by any stretch, it demonstrated an evolution, as the worm spread peer-to-peer. Prior to that, ransomware had traditionally used phishing attacks to lure victims into installing code on their machines.

Ransomware has evolved in recent years, with tools such as REvil which now extracts  data before encrypting it. This means that the victim faces not just the loss of their data, but if they refuse to pay or restore their systems from backup, the stolen data will be offered at auction. This now presents victims with a twofold impetus to pay, and it seems that many organizations have handed over the money. This in turn incentivizes the attackers and funds development of more sophisticated tools and so the cycle goes on.

Ransomware kits are readily available online, for a modest fee (typically €900 or so). There are also ransomware tools available where the supplier asks for a share of the profits instead of a flat fee for use.

Hackers taking advantage of the COVID-19 pandemic

With the COVID-19 pandemic suddenly forcing millions of users to work remotely, malware authors have taken advantage of the situation, with a steep recent rise in phishing and ransomware attacks. Many use the pandemic and user uncertainty as a call to action. They create urgency in the mind of the user, getting them to click on links they might otherwise have treated with more scrutiny. It is more difficult to check the veracity of emails with colleagues dispersed, and scammers will exploit every weakness to gain a foothold on your network.

The health sector is under increased threat

A recent development in ransomware trends is the increased focus on healthcare organizations. The number of hospitals targeted jumped 60% from February to March this year, as opportunist hackers responded to the COVID-19 crisis. In the USA, healthcare is targeted more than any other industry. Boyce Technologies Inc. was reportedly attacked by the DoppelPaymer gang, with sample files appearing on the gang’s blog. One reason for targeting healthcare is the strain these organizations are under during the pandemic, and the hopes that urgent need to access data and the sensitive nature of that data will prompt quicker payment.

Webinar: Learn how Asavie and Microsoft have helped the NHS improve the security and control of their mobile devices

How to protect your organization?

In order to protect your organization, the following steps will greatly reduce your chances of becoming a victim of ransomware:

  • Keep all data ingress and egress points fully patched and up to date.
  • Maintain full view and control of all corporate assets.
  • Implement least privileged access controls and review regularly.
  • Train users in avoiding and reporting any suspected phishing activity.
  • Prevent users from accessing unknown websites on all devices, including mobile. Anything that can access business data should be considered an attack surface.
  • Limit the ability of users to install code on endpoints.
  • Use email scanning and web filtering.
  • Back up critical data frequently and keep offline copies.
  • Isolate any compromised devices immediately.

Never pay the ransom. While this can seem like a dangerous move in a time of crisis, remember that every cent paid to cybercriminals funds future cybercriminal activity. Furthermore, there is no guarantee that you will recover your data, or that stolen copies will not be leaked anyway. Paying could simply be the gateway to future extortion. It is estimated that over half of victims who pay do not recover their files.

Learn how Asavie SD Mobile helps Healthcare and Public Safety Organizations protect sensitive data against malware and ransomware hackers.