Ransomware in Healthcare 2020
Certain ransomware gangs made promises to not attack the healthcare industry in the mist of the COVID-19 pandemic. So far that promise has not been upheld and hospitals have been a primary source of attack. The only difference from typical ransomware attacks is that the cyber criminals are offering discounts.
Current known Ransomware infecting small and mid-sized businesses:
Maze is unlike typical data-encrypting ransomware. Maze not only spreads across a network, infecting and encrypting every computer in its path, it also exfiltrates the data to the attackers’ servers where it is held for ransom. If a ransom isn’t paid, the attackers publish the files online.
Nefilim manages payments via email communication rather than through a Tor payment site. This is spread through RDP, like other ransomware such as Nemty, Crysis, and SAMSAM.
Paradise is a file-encrypting ransomware, which encrypts the personal documents found on the victim’s computer, then displays a message which offers to decrypt the data if payment in Bitcoin is made.
Nemty distributed via RDP is nothing new. It is notably a more dangerous distribution method as opposed to phishing techniques. Once a cybercriminal gains access to high privileged systems, they will have unfettered entry to the system to launch attacks without user intervention.
CryptoMix is a variant that has been discovered that appends the .CLOP or .CIOP extension to encrypted files. This variant is now indicating that the attackers are targeting entire networks rather than individual computers.
The ability to access Intranet, email, and other healthcare applications remotely has increased in this pandemic. Even the disruption of telemedicine is also being expanded, yet it’s becoming more vulnerable as well with this increase of cyber-attacks. During this time, we need to leverage technology in a positive and effective way, so we do not reduce the ability for individuals to do their jobs, but improve security at the same time.
Some healthcare organizations recommend a few ways to not only ensure security but also allow communication to be effective:
- Build and maintain trust in the remote employee-employer relationship
- Good goal setting
- Conduct routine remote check-ins
- Ensure workstations, internet connections and other equipment needed to work remotely are secure, of high quality and function properly
- Appropriate security practices and tools: VPN [virtual private network], managed devices, encryption, anti-virus management, access controls in place, etc.
- Solid time-tracking processes and tools
- Having good technology that allows for collaborative working (tele, video, online file-sharing, integrated collaboration platforms)
If you want to know how you can continue to ensure cybersecurity integrity with your remote team, we recommend that you contact us for a complementary consultation so we can discuss how to improve your Security posture.
Galaxia Martin – VP of Operations