Hospitals Should Brace For Surge In Ransomware Attacks
Comments Off on Hospitals Should Brace For Surge In Ransomware Attacks
U.S. hospitals should brace for a surge in “ransomware” attacks by cyber criminals who take computer networks hostage, then demand payment in return for unlocking them, a non-profit healthcare group warned on Friday.
The Health Information Trust Alliance conducted a study of some 30 mid-sized U.S. hospitals late last year and found that 52 percent of them were infected with malicious software, HITRUST Chief Executive Daniel Nutkis told Reuters.
The most common type of malware was ransomware, Nutkis said, which was present in 35 percent of the hospitals included in the study of network traffic conducted by security software maker Trend Micro Inc.
Ransomware is malicious software that locks up data in computers and leaves messages demanding payment to recover the data. Last month, Hollywood Presbyterian Hospital in Los Angeles paid a ransom of $17,000 to regain access to its systems.
This week, an attack on MedStar Health forced the largest healthcare provider in Washington, D.C., to shut down much of its computer network. The Baltimore Sun reported a ransom of $18,500 was sought. MedStar declined to comment.
HITRUST said it expects such attacks to become more frequent because ransomware has turned into a profitable business for cyber criminals.
The results of the study, which HITRUST has yet to share with the public, demonstrate that hackers have moved away from focusing on stealing patient data, Nutkis said.
“If stuff isn’t working, they move on. If stuff is working, they keep doing it,” said Nutkis. “Organizations that are paying have considered their options, and unfortunately they don’t have a lot of options.”
Extortion has become more popular with cyber criminals because it is seen as a way to generate fast money, said Larry Whiteside, a healthcare expert with cyber security firm Optiv.
Stealing healthcare data is far more labor intensive, requiring attackers to keep their presence in a victim’s network undetected for months as they steal data, then they need to find buyers, he added.
“With ransomware I’m going to get paid immediately,” Whiteside said.
Courtesy- http://www.thegurureview.net/aroundnet-category/hospitals-should-brace-for-surge-in-ransomware-attacks.html
Cryptolocker Infects 250K Systems
DELL’s security research team has revealed that a new form of ransomware, dubbed “Cryptolocker” has managed to infect up to 250,000 devices, stealing almost a million dollars in Bitcoins.
“Based on the presented evidence, researchers estimate that 200,000 to 250,000 systems were infected globally in the first 100 days of the CryptoLocker threat,” Dell announced in a Secureworks post.
The firm worked out that if the Cryptolocker ransomware threat actors had sold its 1,216 total Bitcoins (BTC) that they collected from September this year, immediately upon receiving them, they would have earned nearly $380,000.
“If they elected to hold these ransoms, they would be worth nearly $980,000 as of this publication based on the current weighted price of $804/BTC,” Dell said.
Cryptolocker is unique when compared against your average ransomware. Instead of using a custom cryptographic implementation like many other malware families, Cryptolocker uses third-party certified cryptography offered by Microsoft’s CryptoAPI.
“By using a sound implementation and following best practices, the malware authors have created a robust program that is difficult to circumvent,” Dell said.
Conventionally, ransomware prevents victims from using their computers normally and uses social engineering to convince them that failing to follow the malware authors’ instructions will lead to real-world consequences. These consequences, such as owing a fine or facing arrest and prosecution, are presented as being the result of a fabricated indiscretion such as pirating music or downloading illegal pornography.
“Victims of traditional forms of ransomware could ignore the demands and use security software to unlock the system and remove the offending malware,” Dell explained. “Cryptolocker changes this dynamic by aggressively encrypting files on the victim’s system and returning control of the files to the victim only after the ransom is paid.”
Dell said that the earliest samples of Cryptolocker appear to have been released on 5 September this year. However, details about its initial distribution phase are unclear.
“It appears the samples were downloaded from a compromised website located in the United States, either by a version of Cryptolocker that has not been analysed as of this publication, or by a custom downloader created by the same authors,” Dell added.
Dell seems to think that early versions of Cryptolocker were distributed through spam emails targeting business professionals as opposed to home internet users, with the lure often being a ‘consumer complaint’ against the email recipient or their organisation.
Attached to these emails would be a ZIP archive with a random alphabetical filename containing 13 to 17 characters, containing a single executable with the same filename as the ZIP archive but with an EXE extension, so keep your eye out for emails that fit this description.