Analysis of ransomware used in recent cyberattacks on health care institutions


In recent years, there has been a steady increase in the number of ransomware attacks on healthcare institutions. The pressure such institutions experienced as a result of the COVID-19 crisis certainly exacerbated some of the reasons for the proliferation of such attacks. 

Fraudsters believe that the chaos created by the COVID-19 crisis will limit the information security capabilities of the targeted institutions, and those institutions will fall victim to ransomware attacks and pay the requested ransom. Many criminals started spreading ransomware by using phishing messages related to COVID-19. Such messages may purport to contain instructions on how to receive a vaccine against the virus for free or notify the health care institution that an order of COVID-19 ventilators was blocked.

The purpose of this article is to provide a brief overview of some of the recent ransomware attacks on healthcare institutions. Afterwards, we identify patterns common amongst all those attacks. At the end of this article, we provide concluding remarks.

An overview of recent ransomware attacks on health care institutions

In this section, we examine three recent attacks on health care institutions. These are the attacks on 10x Genomics Inc., Michael Garron Hospital and Fresenius.

1. 10x Genomics Inc.

10x Genomics Inc. is a biotechnology company that develops gene sequencing equipment used in scientific research. The company provides equipment to Vanderbilt University Medical Center, which creates profiles of immune systems with the aim to develop potential antibody treatments for COVID-19.

10x Genomics was subject to a cyberattack based on the ransomware REvil. This type of malware spreads through phishing or brute-force attacks (i.e., attacks aiming to guess the correct passwords by sending multiple password entries). REvil is Ransomware-as-a-Service (RaaS), which means that the operators of the malware usually differ from its creators. 

Once REvil (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: