Malware News Ransomware’s biggest target is the healthcare sector

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Ransomware grew 50 percent in just a year, according to a new report by Verizon. The Verizon Data Breach Investigations Report (DBIR) is based on the analysis of 79,000 security incidents and 1,945 confirmed data breaches, across 79 countries.

According to the report, ransomware also grew in popularity, and by a large margin. In 2014, it was the 22nd most common malware variety. Fast-forward two years, and now it’s fifth most common.

The healthcare sector is under greater threat than all others, it was also added, as 72 percent of all malware incidents targeted this sector.

More consumers than ever are at risk, the report continues, adding that phishing and poor cyber-security hygiene are the biggest culprits.

Organized criminal groups were behind more than half (51 percent) of breaches, while state-affiliated groups were involved in 18 per cent. Financial services were the most prevalent victims (24 per cent).

“Insights provided in the DBIR are leveling the cybersecurity playing field,” said George Fischer, president of Verizon Enterprise Solutions. “Our data is giving governments and organizations the information they need to anticipate cyberattacks and more effectively mitigate cyber-risk. By analyzing data from our own security team and that of other leading security practitioners from around the world, we’re able to offer valuable intelligence that can be used to transform an organization’s risk profile”.

Verizon’s full report is available on this link.
 

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Cyber criminals are persistent. Once they find a working attack, they continue to use and refine it until it no longer works.
Unfortunately, in spite of infosec efforts, the ransomware works.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
The hospital where I work is in "financial special measures" currently and every decision made in the past 6 months has been about cost reduction. If they thought paying the ransom would cost less than trying to remove the infection and restore the files I've no doubt they'd do it.
 
Last edited:

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
They target whoever cares more for their data. Healthcare is particularly sensitive, as it involves a lot of personal data, medical and other type of history etc, so for them, data is vital. Same goes for financial services. So it's just natural they are like prey for the "top of the food chain" malware.

Also, they are easy targets. Both sectors are generally full of IT noobs and rely heavily on third party IT services without a "daily IT maintenance program". The nature of their jobs pushes them to ignore all warnings and signs of an early attack, up until the point they cannot work anymore with their PC. That's the point when they call for help, and it is often too late.
 

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
They target whoever cares more for their data. Healthcare is particularly sensitive, as it involves a lot of personal data, medical and other type of history etc, so for them, data is vital. Same goes for financial services. So it's just natural they are like prey for the "top of the food chain" malware.

Also, they are easy targets. Both sectors are generally full of IT noobs and rely heavily on third party IT services without a "daily IT maintenance program". The nature of their jobs pushes them to ignore all warnings and signs of an early attack, up until the point they cannot work anymore with their PC. That's the point when they call for help, and it is often too late.
Yeah as CG said, the ransomware does not have ethics. It does not distinguish between a personal computer and a computer network of a hospital that contains patient records, the scheduling of surgical operations and outpatient visits.
But from another point of view and, as you say, these hospitals have completely lost their credibility: what is the value of the person's life?
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Yeah as CG said, the ransomware does not have ethics. It does not distinguish between a personal computer and a computer network of a hospital that contains patient records, the scheduling of surgical operations and outpatient visits.
But from another point of view and, as you say, these hospitals have completely lost their credibility: what is the value of the person's life?

Oh believe me they're targeted unfortunately, and heavily. And it's not just that they are constantly targeted, it's the way they do it. It's quite similar to the Japanese Mafia actually. The Yakuza pay a particular attention to details and they attach precisely the most vulnerable point of your organisation with concentrated force.

When targeting an institution, most "pro grade" attacks are so organised, that in many cases they really succeed with their goal and get to be paid. Believe me, no medical or financial institution will risk exposing sensitive data to third parties, or prefer to pay ransom. But as said before, they do like to reduce costs of anything, so they are following laws as the laws are in many cases outdated and they know it (unfortunately they are forced to apply at least these outdated laws). This way, they are not forced by technology and threat to implement security solutions and personnel training, but rather to oblige to some outdated laws which are cheaper to implement. In many (if not most) cases, they truly believe it's enough and it's very difficult to fight the mentality of a medical institution's management. The malware developer knows this and they exploit this weakness.

This whole target-victim scenario has to be seen as a complex circle of decisions and consequences, it's not limited to one or two factors, like costs reduction. For them, their worst case scenario is not data loss, but malpractice and public lawsuits. Data loss comes close, but not a top priority because they have workarounds and other people to blame, even politics. Never forget the weak link of the chain, which is "humans".

They are seriously affected if they get hit by ransomware, they would like to avoid these attacks because of the downtimes it involves, in some rare cases life threatening downtimes, but they'll move past it.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
I forgot to mention that these coordinated, organized and targeted attacks in many cases aim for network infrastructure, servers, DBs etc, they're not like the typical ransomware behavior we see in our testing environments.

Workstations, in these kinds of attacks, have little value for them and in order to raise their low rate of success (despite the high infection rate), they very well know what will have a chance of producing ransom money: servers and DBs. We can't see all these in simple test VMs, but many attacks are custom tailored for targeted institutions and are very sophisticated. It's sometimes pretty amazing.
 

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
I forgot to mention that these coordinated, organized and targeted attacks in many cases aim for network infrastructure, servers, DBs etc, they're not like the typical ransomware behavior we see in our testing environments.

Workstations, in these kinds of attacks, have little value for them and in order to raise their low rate of success (despite the high infection rate), they very well know what will have a chance of producing ransom money: servers and DBs. We can't see all these in simple test VMs, but many attacks are custom tailored for targeted institutions and are very sophisticated. It's sometimes pretty amazing.
Couldn't agree more and the important aim is to highlight how advanced are these cyberattacks that may be related to a different entity, precious to the attackers.

Methods for the deception and the initial impairment can be very similar or sometimes identical, but the attacks are differentiated on the basis of the execution model and the persistence of the involved objects.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Couldn't agree more and the important aim is to highlight how advanced are these cyberattacks that may be related to a different entity, precious to the attackers.

Methods for the deception and the initial impairment can be very similar or sometimes identical, but the attacks are differentiated on the basis of the execution model and the persistence of the involved objects.

Exactly, very well said my friend.

The infecting methods are similar in most cases and pretty much of the same few types because they easily exploit the weak link in the chain of attack, humans, user behaviour or in other words, they attack the human psychic.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top