In the fall of 2020, CISA, FBI, and HHS cybersecurity issued a joint alert to the healthcare and public health field subsequent to an increase in ransomware activity. The joint notice discussed that threat actors are actively targeting the healthcare sector to infect systems with ransomware. Many ransomware gangs had heightened attacks on the medical and public health segment. The Ryuk and Conti gangs are the most dynamic.
Check Point’s new report reveals that attacks kept on increasing in November and December 2020. Cyber-attacks on healthcare companies increased by 45% worldwide. The increase was greater than twice the percentage increase in attacks on all fields around the world over the same time interval. Worldwide, the average number of cyberattacks on healthcare companies is 626 per week in November and December. It was only 430 cyberattacks each week in October.
The vectors employed in the cyberattacks were different. Check Point researchers identified a growth in ransomware, remote code execution, botnet, and DDoS attacks in November and December; nevertheless, ransomware attacks got the biggest percentage increase and ransomware is still the greatest malware threat.
Conti ransomware still present a threat and was used in a lot of healthcare sector ransomware attacks. However, Ryuk continues to be the most frequently employed ransomware variant, the next is Sodinokibi. The highest increase in cyberattacks was in Central Europe having a 145% increase in attacks, after which East Asia with 137% more and Latin America with 112% increase. There was a 67% surge in attacks in Europe while a 37% surge in North America. The nation with the largest increase in cyberattacks was Canada with a 250% increase.
Ransomware attacks are generally financially stimulated. Ransomware allows threat actors to get a big payout in just days after doing an attack. Ransoms are usually paid to restore files or to avert the public exposure or sale of stolen sensitive records. The healthcare sector is targeted since there is a higher chance that victims will pay ransom in comparison with other industries. Healthcare companies should reestablish patient information access immediately to make certain to give health care to patients, primarily when there is huge pressure caused by the number of new patients demanding treatment for COVID-19.
Although ransomware is still typically spread by way of spam email messages and exploit kits, the healthcare industry attacks are extremely targeted, using the major ransomware variants employed in the attacks sent manually. Preliminary access to healthcare sites is obtained employing different methods. a lot of ransomware attacks start with phishing emails that deliver Trojans like Emotet, Dridex and TrickBot. Check Point suggests security specialists to look for these Trojans on the network, together with Cobalt Strike, which are all utilized to send Ryuk ransomware.
Numerous ransomware attacks begin with a phishing email, thus it is essential to make sure that anti-phishing cybersecurity measures are put in place, and personnel receive regular training in order that they could recognize phishing and social engineering attacks.
Whilst the majority of phishing attacks happen during the week’s company hours, ransomware attacks typically start on weekend and during holidays, when checking by security employees is likely to be lessened. Healthcare organizations are cautioned to boost their protection over the weekends and during holidays to recognize attacks in progress.
Vulnerabilities in software and operating systems are normally exploited to obtain access to healthcare networks, thus quick patching is important. In instances that patching is not possible, Check Point advises having an intrusion prevention system (IPS) having virtual patching capabilities to avoid the exploitation of vulnerabilities in networks and apps that can’t be patched. Anti-ransomware cybersecurity programs that have a remediation feature should also be employed to stop attacks in minutes of ransomware deployment.