The outbreak of COVID-19 and the anxiety and the uncertainty brought with it has proven to be an opportunity for ransomware actors to go on the offensive.
Along with leveraging concern over the virus itself, threat actors have thrived on the rapid dispersal of workforces and business operations and the resulting widened protection gaps and decreased visibility security teams have into their organizations' attack surfaces. Attackers now have far more access points to probe or exploit, with little-to-no security oversight. Meanwhile, IT is standing up new systems, new access, and new channels at a breakneck pace. In many cases, they're succumbing to human error, such as critical misconfigurations.
Attackers are searching for these entry points—unknown, unprotected, misconfigured, and unmonitored digital assets. Microsoft, for example, has seen one operation known as REvil, which targets vulnerabilities in VPN devices and gateway appliances to breach networks, and many other groups are operating the same way.
Given the recent successes of deploying ransomware via malware attacks, especially during pandemics, RiskIQ assessed in March that it was only a matter of time before cybercriminals returned to it. Now, ransomware attacks are rampant and will increasingly impact healthcare facilities and COVID-19 responders.
BleepingComptuer found that on March 24, cybercriminals targeted hospitals with Ryuk ransomware. Likewise, Forbes reported on March 23 that Hammersmith Medicines Research, a British medical facility on standby to test COVID-19 vaccines, was attacked by a ransomware group called Maze. Fortune also reported a rise in ransomware attacks against medical facilities.
In addition to having more targets, cybercriminals have, over the past few years, increased their capabilities. Today, ransomware is produced by hackers who have had years of virus development. These hackers can take advantage of industry-standard cryptography to attack their targets.
Against the backdrop of this ransomware "perfect storm," RiskIQ's Intelligence Investigation and Response (i3) Team studied 127 ransomware attacks between 2016 and 2019. Their latest Intelligence Brief is packed with insights into what is yet to come in the ransomware threat landscape, as well as strategies healthcare providers can use to protect their patients' data now.
Get the threat brief to learn:
- Which hospitals and health care centers are most often targeted
- What do these attacks look like?
- What are the consequences of these attacks?
- Solutions for ransomware defense
Download the brief here, and learn what your organization should be doing immediately to protect its growing attack surface here. Here, learn how RiskIQ is enabling the cybersecurity community during the COVID-19 crisis.