My friends who were lucky enough to still be employed throughout the COVID-19 pandemic appeared to be split into two camps. Half seemed to be spending much of the day staring out of the window, largely unproductive, the bosses’ gaze concentrating on other areas like the distracted Eye of Sauron. The other half working three times as hard to make up for the colleagues who were furloughed or were unlucky enough to have been cut.
One set of people (neither friends nor acquaintances, I hasten to add) who were on the more productive end of the spectrum, were the ransomware operators.
In the first quarter of 2020, ransomware attacks increased by 25%, according to specialist insurer Beazley. In that period, attacks on manufacturing rose by a whopping 156%.
Honda was forced to completely shut down all production in early June after being infected by EKANS ransomware. Threat intelligence firm Dragos analyzed this variant in depth. It targets industrial control systems, which may suggest that Honda was specifically targeted. But EKANS is a blunt tool, as Dragos point out, and let’s not forget most worldwide car production halted because of the pandemic. The timing could have been much worse for Honda, while perhaps being much better for the attackers.
What is much more worrying, however, is just how often hospitals and healthcare providers fell victim to ransomware attacks. Just shy of a quarter of all attacks in January through March 2020 were against the healthcare sector; as much as the financial sector.
This happened despite a pledge by ransomware groups that they wouldn’t deliberately target hospitals during the pandemic, and would provide decryption keys if they were ‘accidentally’ infected. Hmmmm.
Healthcare is a prime target for hackers of all kinds. Modern hospitals which suddenly have no access to data will have a hard time managing admissions and discharges. They keep financial data, credit card details, and social security numbers. And what is more sensitive and important data than patients’ health records? There is potential for a huge return on the hackers’ investment from a hospital where down time is a life-or-death issue.
Rangely District Hospital in Rio Blanco County, Colorado, issued a ’Notice of Privacy Incident’ following a ransomware attack that occurred in April 2020. Names, dates of birth, social security numbers, diagnoses, and conditions were among the types of data encrypted in the attack. Apparently the data was not stolen by the attacker, but this is becoming increasingly common in so-called “double extortion” events, as described by Check Point research.
With an excellent and well-tested backup strategy, hospital administrators will still be tempted to pay a ransom to recover encrypted data. Even then, and even if one of those well-meaning ransomware groups offered the decryption software, there’s no guarantee of timely recovery. As reported in Health IT Security, research suggests that paying the ransom can double the recovery cost.
Ransomware prevention, response, and recovery need a strategic plan all to themselves. Consider just the insurance aspect:
An expert risk assessment will tell you whether your existing security policies and posture offer adequate protection. Additionally, a CISO on-demand can provide expertise to create and realize the IT security strategy that will effectively deal with ransomware and other cyber threats.
We would like to thank Kevin Gorsline for providing insight and expertise that greatly assisted this research.
Kevin Gorsline is a Managing Director in J.S. Held's Global Investigations Practice who joined following J.S. Held's acquisition of TBG Security. For several years, Kevin served as the Chief Operating Officer and head of the Risk and Compliance practice at TBG Security, where he was responsible for providing the leadership, management, and vision necessary to ensure that the company had the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency. His experience and leadership throughout his career have been focused on developing and delivering information security services and solutions, providing outstanding client service, and driving profitable revenue growth. Kevin brings established proficiency as an IT leader with extensive experience in risk and compliance services, applications development, and implementation projects both in the United States and abroad.
Kevin can be reached at [email protected] or +1 843 890 8596.
Expert Chantelle Jalland speaks with legal analyst Ari Kaplan to examine how high-tech evolution is making the practice of law more cost-effective and efficient....
This article covers basic aspects of a fidelity investigation, from inception to recovery of stolen funds....
We provide a detailed analysis examining the growth trends of Global Capability Centres (GCCs) and explore the opportunities and challenges that lie ahead....