Hackers are targeting hospitals with increasingly sophisticated ransomware attacks putting patients at risk. Keeping up with what occurs in information security is a daily task for most practitioners. We have seen how ransomware has gone from an opportunistic, unsophisticated attack against end users to more sophisticated, targeted attacks against organizations. Ransomware threat actors are no longer compromising a single system to drop malware on it, they are gaining access, moving laterally, and then executing their ransomware on as many systems as possible. Additionally, apart from encrypting systems for ransom, some are exfiltrating the data for extortion. At the end of the day, ransomware is impacting businesses everywhere. This post focuses on one industry being hit with ransomware and having kinetic effects on human health, including the first documented death of a person due to a cyber attack.
Here are three articles from the past couple weeks to illustrate the effects of ransomware:
- Universal Health Services (UHS) was shut down this week when systems at 250 U.S. hospitals forced them to cancel surgeries & reroute ambulances. Statement from UHS: https://www.uhsinc.com/statement-from-universal-health-services/
- In Germany, a woman with a life-threatening condition was sent to a hospital 20 miles away, where she died from treatment delays: https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/
- Department of Treasury announced potential sanctions for facilitating ransomware payments: https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
These malicious actors have no ethics. “We’d assumed [hackers] would be smart enough not to attack [hospitals during the pandemic], but I think [hackers’] assumption was that [victims] would definitely pay,” asserted IANS Faculty & DHS adviser Josh Corman. Furthermore, we have to be careful if we decide to pay or not due to the recent advisory from the Department of Treasury.
SCYTHE wants to help and this is why we are offering for free our adversary emulation platform to all organizations in the healthcare industry for the remainder of 2020. We have created multiple threats that emulate adversaries targeting the healthcare industry and specifically some ransomware itself:
- MAZE: https://www.scythe.io/library/threatthursday-maze
- Evil Corp: https://www.scythe.io/library/threatthursday-evil-corp
- Generic Ransomware: https://www.scythe.io/library/threatthursday-ransomware
- Orange Worm: https://www.scythe.io/library/threatthursday-orangeworm
- Deep Panda: https://www.scythe.io/library/threatthursday-deep-panda
Whether you are in healthcare or not, ransomware is most likely one of the biggest threats to your organization. Spending money on technology is not enough. You have to test and tune that technology to allow your business processes to function but malware to be detected, alerted, or prevented. Our friends over at SRA (makers of VECTR which SCYTHE integrates with) published this helpful blog on what those controls look like. SCYTHE can help you test them. Sign up today!
SCYTHE provides an advanced attack emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. Customers are in turn enabled to validate the risk posture and exposure of their business and employees and the performance of enterprise security teams and existing security solutions. Based in Arlington, VA, the company is privately held and is funded by Gula Tech Adventures, Paladin Capital, Evolution Equity, and private industry investors. For more information email firstname.lastname@example.org, visit https://scythe.io, or follow on Twitter @scythe_io.