Catch Of The Week: FBI Warns Of Ransomware Targeting Healthcare

Los Alamos

As of Wednesday of this week, the U.S. has been reporting 100,000+ new COVID-19 cases a day.

According to New Mexico health officials, we can expect more than a dozen deaths a day for weeks as infections continue. Hospitals are filling up, and healthcare staff is running thin. The state has been warning the public about this for weeks. New Mexico is expecting to run out of ICU beds within a week.

With the healthcare system already strained by the pandemic, cyber-criminals are targeting the healthcare sector. This week the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the FBI issued a joint advisory warning of “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The alert can be found here:

According to the alert, cybercriminals are increasingly targeting the U.S. Healthcare system with ransomware attacks. What is ransomware? It’s a type of malware that encrypts all data, and to regain access, users have to pay whatever ransom is requested or figure out how to decrypt. In most cases, if the victim doesn’t pay, the perpetrators have already accessed all data and will threaten to release it to the public if they do not pay. Any ransomware attack can usually be considered a potential data breach, though it depends on the attacker’s techniques. Lately the trend is to steal data as well as encrypt it.

The most common strains of ransomware being used in these attacks seem to be Ryuk and Conti.

According to the CISA advisory, it is likely the Trickbot gang is behind the attacks. Trickbot is a modular banking trojan, a type of malware that can also act as a “dropper” to get ransomware into systems. A “dropper” is a type of malware that is downloaded unknowingly by a user, evades anti-virus software, infects the computer, and then downloads additional malicious programs.

The most common vector of attack for ransomware is the end-user, via phishing emails. Generally, the malware is sent in a phishing email as an attachment or a link with a download, and the user unwittingly installs it. Ransomware attacks can also be launched via various vulnerabilities in software/hardware.

These attacks can be more technically complicated and time-consuming, and frankly, why bother when it’s so much easier to get a user to click and install the malware for you?

Multiple U.S. hospitals were hit by ransomware attacks this week, and we can expect that number to keep going up. According to USA Today, ransomware attacks have jumped 50% in the last three months, over the first half of 2020. Healthcare organizations have been among those hardest hit by these attacks. Attacks typically demand hundreds of thousands of dollars, if not millions, to decrypt the data. Over the last week, Sky Lakes, the University of Vermont Health Network, and St. Lawrence Health System in New York reported ransomware incidents. It can take weeks for a healthcare system to recover from attacks like these.

What can healthcare providers do? Be aware that cyber-criminals are actively targeting them. Make sure that all software is being updated regularly. Make employees aware of the threat, and provide them with phishing awareness training. Invest in an email filtering program to help keep out some of the phishing emails. The healthcare systems are already strained, and if a ransomware attack hits a healthcare provider or hospital near you, there could be very negative impacts. If you work in the healthcare industry, view all external emails as potential threats. Be cautious with what you click or download.

What can the rest of us do to help? In this reporter’s opinion, now is not the time to get “pandemic fatigue.” Yes, it’s hard staying home and not seeing friends and family, but right now, it’s a crucial step to prevent transmission of COVID-19. Mask up, and protect yourself, your family, and your community.

The best way to fight back against the pandemic is by being safe, staying home when you can, and wearing a mask when you can’t. It’s hard, it sucks sometimes, but we can do it.

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.