The ransomware threat grows

A May 12 presidential executive order from the White House stated, “The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” This executive order came days after the Colonial Pipeline ransomware attack that underscored the vulnerabilities of the government and energy industry participants.

The health care industry is likewise plagued by myriad cybersecurity-related attacks, including use of ransomware. For example, the hackers in a recent ransomware attack went so far as to voice their displeasure with the hospital for denying it had been hacked, stating, “Does (the hospital) have control of this system? The answer is no. The last time we checked, we own their Ascom system and their data,” according to the indictment. This arrogance is similar to that of many cybercriminals, including those who prompted the Cybersecurity and Infrastructure Security Agency, Department of Justice, FBI, and Department of Health and Human Services to publish Joint Cybersecurity Advisory — Ransomware Activity Targeting the Healthcare and Public Health Sector (updated Oct. 29, 2020), in light of six ransomware attacks against hospitals across the United States. The primary tactics utilized to infect systems with ransomware for financial gain were Ryuk and Conti. The primary activities “include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware,” according to the federal advisory.

In light of the heightened awareness and the increased proclivity of attacks, the National Institute for Standards and Technology published Tips & Tactics: Ransomware, an infographic that includes quick steps individuals can immediately take to reduce the threat of a ransomware attack:

• Use antivirus software consistently.
• Keep computer patches up-to-date.
• Block access to ransomware sites by installing the appropriate software and services.
• Allow only authorized apps on computers, tablets and smartphones.
• Restrict personally owned devices.
• Use standard user accounts versus accounts with administrative privileges whenever possible.
• Avoid the use of personal apps and websites on company or work computers.
• Train the workforce to be aware of unknown sources and social engineering.
• Be sure to run antivirus software and/or look at links carefully.