Healthcare Industry Continues To Be the Favourite for Ransomware

According to latest data from specialist insurer Beazley, Healthcare remains the most targeted industry by ransomware attacks, which have spiked in the third quarter of 2018.

Ransom the most sophisticated type of breaches has increased, and Ransom demands jumped to as much as $2.8 million in cases where criminals either targeted an organization or upon obtaining access discovered that they have a better bargain and therefore increase the ransom demand.

Hackers have also been bullying the victims to pay the ransom, as they explore their network and even threaten to compromise their back-ups after deploying the encrypting malware.

Ransom demand has increased to such heights that it is touching seven figures in some cases. This is interesting and now the demand starts somewhere from $10k. This is way too high than average $1k to what was reported in Beazley’s Breach Insights.

There are likely several reason why the ransom took such a hike is maybe because, larger companies are well geared to take it head-on and they have the resources. They are able to put better controls in place to prevent ransomware from hitting their network.

On the other hand, smaller companies are not likely to have an organized infrastructure and have not properly segmented their backups, resulting in a higher likelihood of paying the ransom to get back up and running. Also, larger companies may have seen how WannaCry and Not Petya attacks took the world, so keeping those experience they have better equipped themselves and have implemented better system patching protocols, judged Beazley.

“The complexity of different forms of ransomware and its capacity to stop business in its tracks frustrates organizations’ abilities to tackle these issues,” said BBR Services head Katherine Keefe.

“Unfortunately, it is often smaller businesses that are most vulnerable to attack by cyber criminals as they frequently lack the resources and protocols of larger firms. However, businesses of all sizes need to ensure their IT employees are aware of the risks through up-to-date training and implementation of cyber security measures.”

Criminals are employing a range of ransomware variants, including Dharma, GandCrab, Ryuk, and BitPaymer, which spread in different ways, explained Beazley.

Dharma appears to be launched manually after the criminal exploits remote desktop protocols. GandCrab has been spread through malvertising that directs a user to a site infected with an exploit kit, which then targets vulnerabilities in Adobe Flash Player or the Windows VBScript engine to install malware.

Ryuk and BitPaymer have been associated with the highest ransom demands. BitPaymer ransomware is appearing on systems that have also been infected with banking Trojans.

In July, US-CERT issued a warning about Emotet, which is spread through phishing and possesses capabilities to download other malware. Researchers at Palo Alto Networks have described Trickbot working in concert with Emotet to spread malware.

In addition, Beazley found that accidental disclosure is the leading cause of data breaches in healthcare despite an 11 percent drop from same time in 2017. Hacking or malware increased from 20 percent to 30 percent of healthcare data breaches in the course of a year.

Across industries, the top causes of data breaches in 2018 were reversed from healthcare: hacking or malware attacks was the leading cause (47 percent of data breaches) followed by accidental disclosure (20 percent). Hacking or malware, which also includes ransomware, was up 11 percent compared to the same period in 2017.

Business email compromise incidents continued to rise, more than doubling in the first nine months of 2018 compared to the same period in 2017. The attacks were broadly distributed across industry sectors, including healthcare, financial services, professional services, and higher education.