If the global outbreak of the novel coronavirus wasn’t enough, cybercriminals/hackers upped the ante in targeting different businesses and entities across the globe. Sounds scary, isn’t it? What is scarier is the fact that hackers, scammers, and spammers are targeting the critical healthcare facilities with ransomware during these testing times. This hasn’t helped a single bit in the war against the COVID-19. Hospitals are functioning at their full capacity across the globe to keep the fight alive against the pandemic. However, the rise of cyberattacks on hospitals has pegged many of them back.
Since modern-day hospitals are operated on an online system, it makes them a top target of cyberbullies/hackers. They target the websites of these critical healthcare facilities with ransomware and malicious information stealers. If you run a website performance report, it will present a detailed view of what exactly is happening with your website in real-time. Managed WordPress website by secure hosting and you can also run a website security scan to identify different malware and viruses that may have found a place in your system or network.
How It All Began?
The truth of the matter is that cybercriminals or hackers are going to any extent to target government entities, healthcare facilities, and other such organizations. According to recent research, the threat actors are targeting critical healthcare units on a daily basis. The report didn’t reveal the names of the victim but gave an indication that a Canadian government healthcare organization and another Canadian medical research university reported ransomware attacks. Hackers are increasing the attacks to exploit the pandemic for financial gain. These attacks were reported from March 24 to 26. It all began as part of coronavirus-themed phishing campaigns which are quite ripe these days.
The Victim Organizations
The report mentioned that apart from the Canadian facilities, The U.S. Department of Health and Human Services (HHS), biotechnology firm 10x Genomics, Brno University Hospital in the Czech Republic, and Hammersmith Medicines Research have also been targeted by cyberattacks in the past few weeks. As mentioned above, it all started with phishing emails relating to coronavirus, these emails were dispatched from a spoofed address that mimicked the World Health Organization. These emails were sent to the healthcare workers actively engaged in the war against COVID-19.
Content of the Phishing Emails
These emails were in a rich text format document labeled as “20200323-sitrep-63-covid-19.doc”. Once the healthcare workers clicked on this file, it attempted to deliver EDA2 ransomware by exploiting a known buffer overflow vulnerability (CVE-2012-0158) in Microsoft’s ListView/TreeView ActiveX controls in MSCOMCTL.OCX library.
The Massive Rise in Ransomware Attacks
Ever since the novel coronavirus emerged as a pandemic earlier this year, the whole world adopted a new lifestyle, i.e. stay inside and work-from-home. This new lifestyle made almost everyone to rely heavily on the internet to go about their jobs and tasks. Not all the home-based computers were secure enough, which provided cybercriminals the opportunity of a lifetime to explore the vulnerabilities. This is why we have already witnessed a huge spike in cyberattacks, including ransomware attacks, malware attacks, DDoS attacks to name a few. Always use DDoS protection while searching for any material which makes you open some unsecured websites. The attackers send phishing emails to their targets to lure them into clicking on the malicious links. These links are designed to download malware or ransomware onto the computers of the victims.
A report by Check Point Research for the first quarter of this year reported that people spent more time on their cell phones during the pandemic in a bid to gain more information about the outbreak as well as their work. Cybercriminals followed international cyber trends and used popular services like Netflix, Chase Bank, Airbnb to send phishing emails from imitating addresses with the aim to rob people’s login credentials.
Soon, hospitals became on top of their radar as healthcare service providers dedicated their time to help the world get rid of the pandemic. Hospitals working at full capacity due to the pandemic relied on their web systems to better collaborate with each other. Hackers found it the right opportunity to compromise the systems of these hospitals and healthcare centers to force them into paying ransoms for recovering their access to critical systems thereby preventing disruption to patient care.
The Cost of Ransomware Attacks
RiskIQ released a report recently which revealed that ransomware attacks on medical facilities shot up by 35% from 2016 to 2019. It further reported that the average ransom demand was calculated at $59,000 across 127 incidents. Keeping in mind the financial constraints of small hospitals and healthcare facilities, attackers exploited their vulnerabilities to seek ransom for recovering their compromised systems, use malware removal for secure searching.
Interpol in Action
Amid a sharp rise in ransomware attacks, Interpol has issued a warning about the threat to its member countries. The agency warned, “Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage, preventing them from accessing vital files and systems until a ransom is paid.”
Interpol also asked organizations to ward off phishing emails and encrypt sensitive data. It recommended organizations to take periodic data backups to make sure they have the latest data available in case of a cyberattack. The agency reported that attackers used different ransomware variants to attack hospitals in various countries. Interpol subsequently reported six more alerts about ransomware attacks using at least four different variants.
The Modus Operandi
Ransomware attackers used encrypted files that prevent victims to access their data. Eventually, they have to pay the demanded ransom to regain their access. It has the potential to damage these hospitals and healthcare facilities big time, especially during the pandemic which is quite hard to tackle even seven months since its outbreak. Due to the compromised systems, hospitals and healthcare facilities were unable to test patients for COVID-19 and suggest treatment.
The Bottom Line
Experts believe the risk of a successful ransomware attack is higher than ever. The cybersecurity staff at hospitals and healthcare facilities can easily get distracted by this increased number of attack alerts. Apart from running a website security scan and creating the website performance report, hospitals can also check the website for malware and use tools like Virtual Patching Virtual Private Networks but VPNs have failed to clear the vulnerability test against ransomware attacks. The website security scan allows cybersecurity officials to identify emerging threats and prepare a contingency plan accordingly. Hospitals and healthcare facilities need to have a stringent set of strategies to deal with the pandemic-centric ransomware attacks as the trend signals a consistent rise in such attempts in the coming months.
Post comments (0)