BotNet News

Ransomware is malware that steals or locks critical files, accesses credentials and disrupts system operations. It is a cyber attack that takes advantage of security weaknesses and often demands tens of millions of dollars in ransom payments from the victim.

Once a computer is infected with ransomware, victims are notified on an on-screen display that explains the attack and offers a monetary payment to unlock or regain access to files and systems. Attackers may also threaten to publish stolen data if payment is not made. One of the most damaging types of ransomware is Ryuk, which competes with SamSam and REvil for the title of “most expensive.” Ryuk targets large organizations using spear phishing emails or by compromising user credentials to gain remote access through RDP. Once inside the network, it encrypts certain types of files—avoiding those most vital to the business’ operation—and presents a ransom demand.

After gaining access to a targeted system, attackers will typically move laterally across the target domain to reach more systems and domains (a process called lateral movement). At this point, they can begin identifying valuable data and exfiltrating it to their servers for distribution. Attackers have grown increasingly creative in their tactics, such as requiring nearly untraceable Apple iTunes gift card payments to avoid detection by law enforcement and financial authorities.

Hospitals and healthcare systems can improve their cybersecurity posture by appreciating the new foes and risk levels they now face, updating cybersecurity and enterprise risk management practices to correlate to the elevated threat level, and communicating the nature and seriousness of these threats to staff, business partners, public policy organizations and legislators. In addition, they should ensure that they have a complete backup of all their most important data and systems and perform proactive ransomware threat hunting for indicators of compromise (IOCs).