Hospitals and healthcare organizations targeted globally in new wave of ransomware attacks: Check Point research
October 2020 by Check Point
Following this week’s warning by the FBI about ransomware attacks on U.S. hospitals, new data from Check Point Research shows that ransomware attacks against hospitals and the healthcare industry have risen sharply worldwide during October. In October, there was a 71% increase in ransomware attacks against the healthcare sector in the US, compared to September. In EMEA, attacks increased by 36%, and by 33% in APAC.
This continues the rising wave of ransomware attacks that Check Point reported three weeks ago: in Q3 2020, Check Point Research saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year.
In its warning, the FBI stated that the infamous Ryuk Ransomware is responsible for most attacks: Check Point’s data shows that Ryuk was responsible for 75% of the ransomware attacks on the U.S. healthcare sector in October. Unlike common ransomware, which is systematically distributed via massive spam campaigns and exploit kits, Ryuk is used exclusively for tailored targeted attacks. Ryuk was first discovered in mid-2018, and soon after, Check Point Research published the first thorough analysis of this new Ransomware which was targeting the United States.
Why hospitals? Why now?
Ransomware is about extorting money, and causing disruption. Hackers are also looking for new ways to make organizations pay the ransom. In this case, hackers are utilizing the growing morbidity related to the pandemic in the U.S. to force hospitals to pay the ransom, as they cannot afford a shutdown of the digital infrastructure that directly or indirectly supports life.
Protecting against ransomware:
1. Raise your guard towards the weekend and holidays - most the Ransomware attacks over the past year took place over the weekends and holidays when IT resources may not be fully staffed
2. Virtual Patching – the federal recommendation is to patch old versions, and this is sometimes impossible for hospitals. Therefore we recommend using Intrusion Protection Systems with the latest packages to virtually patch the most recent available exploits.
3. Anti-Ransomware – although advanced hacking groups are involved in this business, the encryption process is very extensive, and Anti-Ransomware with a remediation feature is an effective tool to revert back to operation in few minutes if an infection takes place.
4. Ransomware attack doesn’t start with Ransomware – Ryuk and other ransomwares purchase infection base in targeted organizations. Security professionals should be aware of Trickbot, Emotet, Dridex and CobaltStrik infections within their networks and to remove them using threat hunting solutions – as they open the door for Ryuk.