It will likely come as no surprise to those familiar with the nature of ransomware attacks and their favorite target of choice that nearly 9 out of 10 ransomware attacks are aimed at the healthcare industry. It might, however, be a shock to those working within the beleaguered healthcare sector to learn that the figure is so high. The report comes from Solutionary, and gives some rather hard-to-swallow details regarding just how unprepared and besieged healthcare organizations are when it comes to fighting off ransomware attacks.
Here are some more key findings of the Solutionary SERT Q2 2016 report on ransomware infections and how they break-down:
- Other affected industries also included education (6 percent) and finance (4 percent), with eight other industries combining for less than 2 percent of detections.
- The top 3 of 11 categories, Web application, malware and application-specific attacks, accounted for roughly 62 percent of all ransomware attacks. Threat actors focused primarily on web applications, which were the target of nearly 24 percent of all attacks.
- Attacks focusing on ActiveX or Adobe products accounted for nearly 48 percent of all attacks against the top five industries (retail, healthcare, education, finance and technology).
- The retail sector was the focus of 18 percent of all attacks during Q2 2016.
- Germany was the number-one source of all non-U.S. based attacks, responsible for nearly 15 percent of attacks overall.
Ransomware Experts Speak
Solutionary also reports that a big reason for the continued rise in attacks is due to the fact that hospitals and other healthcare institutions so readily pay out to ransomware-wielding cybercriminals.
“Healthcare has been a target for ransomware campaigns because the industry has often paid ransom to retrieve vital customer data quickly. Furthermore, healthcare organizations use an abundance of systems and devices that are crucial pivot-points for an attacker, and they can even be victims of ransomware themselves,” said Rob Kraus, Research Director, Security Engineering Research Team, Solutionary. “The most important steps in protecting your company’s and your customers’ data from the growing malicious ransomware onslaught are ensuring that you have a robust backup and recovery process, and that your security software is up-to-date and able to detect the most recent ransomware variants. As the threat continues to evolve, it will be crucial for organizations to have defined incident-response procedures and proper detective and preventive controls in place to reduce ransomware’s impact.”
Elizabeth Snell, writing in Health IT Security, says, commenting on the Solutionary report, “Cryptowall ransomware attacks accounted for 94 percent of detected cases, also stemming from outbound connections, C2 server check-ins and beacons, depending on the version of CryptoWall.“ Cryptowall infections fell off dramatically after the Solutionary report, it should be noted.
Snell adds, “Backups should be stored off-site and locally, to help ensure a minimal recovery time objective. Healthcare ransomware prevention and detection methods are essential for covered entities of all sizes. The Department of Health and Human Services (HHS) has also taken note [of] the increase in reported attacks, and recently published ransomware guidance and how it aligns with HIPAA compliance measures.”
Top Ransomware Delivery Methods
Ransomware distribution via email is a top delivery method, the Solutionary report’s authors disclosed, along with compromised websites and exploit kits. With such highly successful infection rates, there is likely no reason for cyber-attackers to change their delivery method. Visiting websites infected with malware is the second-most common method of ransomware delivery. One can think of these methods as bait being cast by opportunistic, black-hat hackers. They simply throw the line and wait for the fish to bite.
Maximize Your Cyber Safety and Security Level
Learn how not to fall for the ransomware bait! If you need further advice about ransomware prevention and cyber safety awareness and security, Alltek Services is a proven leader in providing IT consulting and cybersecurity in Lakeland. Contact one of our expert IT staff at (863) 709-0709 or send us an email at info@AlltekServices.com today, and we can help you with all of your cyber safety, defense, and security questions or needs.