In the spring of last year a number of criminal hacker crews pledged to leave hospitals, nursing homes and other healthcare entities alone until the Covid-19 pandemic passed. At least one ransomware gang saw that as an opportunity.

A recent report from Checkpoint Security notes that ransomware attacks against healthcare organizations have jumped about 45% since early November. This follows an alarming peak of 71% in October. Checkpoint notes that healthcare entities were in fact the primary target of ransomware attacks this month.

The figures from Checkpoint’s analysis are deeply concerning. On average, they report, these businesses and organizations faced an average of 440 attacks per week in October. By November that had climbed to 626 — nearly 90 attacks every single day.

The U.S Cybersecurity and Infrastructure Security Agency (CISA) warned the healthcare sector on October 28th to be on high alert, saying a new round of attacks was imminent. Checkpoint’s numbers seem to indicate that CISA’s intelligence was right on the money.

Why the increased focus on the healthcare sector? The combination of healthy bank accounts and a preponderance of incredibly sensitive information is a potent lure.

Threat actors are keenly aware that particular mix tends to make these organizations more willing to pay — and pay quickly — to recover from a ransomware incident.

It’s proven lucrative for one of the most active hacking crews: the criminals behind the Ryuk ransomware. Ryuk first surfaced in 2018 and it’s been far and away the most profitable ransomware operation ever since.

Checkpoint estimates that Ryuk is currently responsible for roughly 75% of all attacks on the healthcare sector.

The gang’s aggressive negotiating tactics and highly-targeted attacks have generated around $150 million in cryptocurrency payouts from its victims. Average Ryuk ransom payments are estimated to ring in somewhere around $110,000.

Fending off these attacks can be incredibly difficult, but it’s not impossible. CISA’s warning reiterates several best practices, including maintaining a secure set of current backups, keeping software up to date and regularly changing passwords.

Post a Comment

Previous Post Next Post

BOOKS