As the coronavirus pandemic continues to wreak havoc globally, ransomware criminals are seizing this as an opportunity to strike the already frayed healthcare systems.
This is according to Check Point Research.
“At the end of October 2020, we reported that hospitals and healthcare organisations had been targeted by a rising wave of ransomware attacks, with the majority of attacks using the infamous Ryuk ransomware,” Check Point research said.
It says this followed a joint cybersecurity advisory issued by the US security agencies, which warned of an increased and imminent cybercrime threat to US hospitals and healthcare providers.
“Unfortunately, the cybercrime threat has worsened over the past two months. Since the start of November, there has been a further 45% increase in attacks targeting healthcare organisations globally.”
Check Point cited that more than double the overall increase in cyberattacks across all industry sectors worldwide was seen during the same time.
It said the rise in attacks involved a range of vectors, including ransomware, botnets, remote code execution, and denial-of-service (DDoS) attacks, and that ransomware showed the largest increase and was the biggest malware threat to healthcare organisations when compared to other industry sectors.
“Ransomware attacks against hospitals and related organisations are particularly damaging because any disruption to their systems could affect their ability to deliver care, and endanger life – all this aggravated with the pressures these systems are facing trying to cope with the global increase in Covid-19 cases,” read the statement.
A global overview of attacks
Since 1 November 2020, there has been an increase of over 45% in the number of attacks seen against healthcare organisations globally, compared to an average 22% increase in attacks against other industry sectors.
- The average number of weekly attacks in the healthcare sector reached 626 per organisation in November, compared with 430 in October
- Attacks involving ransomware, botnets, remote code execution, and DDoS all increased in November, with ransomware attacks showing the biggest spike when compared to other industry sectors.
- The main ransomware variant used in attacks is Ryuk, followed by Sodinokibi.
Why are attacks spiking now? The major motivation for threat actors with these attacks is financial. They are looking for large amounts of money, and fast.
It seems that these attacks have paid off very well for the criminals behind them over the past year, and this success has made them hungry for more.
Cyber attacks on healthcare organisations have risen by 45% since November!
If you are within the healthcare sector and worried about your website security, talk to us about our monitoring and protection packages.
— Wirebox (@wirebox) January 6, 2021
With hospitals under tremendous pressure due to the ongoing rise in coronavirus cases, they are willing to pay the ransom so they can continue to provide care during this critical time.
In 2020, Check Point Research monitored Ryuk activity globally and observed the increase in Ryuk’s use in attacks aimed at the healthcare sector.
The Covid-19 cyber landscape
According to its findings, the pandemic has affected every aspect of our lives, and the cybersecurity landscape has not been spared.
“From an upsurge in the registration of coronavirus-related malicious domains to the use of related topics in phishing and ransomware attacks, and even fraud advertisements offering Covid-19 vaccines for sale, we have seen an unprecedented increase in cyber exploits seeking to compromise personal data, spread malware and steal money.”
Tips to prevent ransomware and phishing attacks
- Look for trojan infections: ransomware attacks do not start with ransomware. Ryuk and other types of ransomware exploits usually start with an initial infection with a trojan. Often this trojan infection occurs days or weeks before the ransomware attack starts, so security professionals should look out for Trickbot, Emotet, Dridex and Cobalt Strike infections within their networks and remove them using threat hunting solutions – as these can all open the door for Ryuk.
- Raise your guard towards the weekend and holidays: most ransomware attacks over the past year have taken place over the weekends and during holidays when IT and security staff are less likely to be working
- Use anti-ransomware solutions: although ransomware attacks are sophisticated, anti-ransomware solutions with a remediation feature are effective tools that enable organisations to revert back to normal operations in just a few minutes if an infection takes place.
- Educate employees about malicious emails: training users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyberattacks start with a targeted phishing email that does not even contain malware, just a socially-engineered message that encourages the user to click on a malicious link or to supply specific details. User education to help identify these types of malicious emails is often considered one of the most important defences an organisation can deploy.
- Virtual patching: patch old versions of software or systems, which could be impossible for hospitals as in many cases, systems cannot be patched. Therefore, we recommend using an intrusion prevention system (IPS) with virtual patching capability to prevent attempts to exploit weaknesses in vulnerable systems or applications. An updated IPS helps your organisation stay protected.