SBN

Lessons learned from the Fresenius ransomware cyberattack

Introduction to the Snake ransomware

Fresenius is a German company that provides various health care services, including services for dialysis of people with chronic kidney failure. In the United States, it has about 40% of the market share for dialysis. The company has about 300,000 employees in more than 100 countries. Forbes Global 2000 ranks Fresenius at the 258th position.

In 2020, Fresenius reportedly was subject to a cyberattack utilizing the Snake ransomware (often simply called the “Snake”). The company confirmed that it experienced a malware infection. More specifically, Matt Kuhn, a spokesperson for Fresenius noted: “I can confirm that Fresenius’ IT security detected a computer virus on company computers.”

The attack on Fresenius needs to be accepted as a serious warning about the negative effect malware applications can have on the public health. Since the services offered by Fresenius and other major health care providers are in high demand due to the COVID-19 crisis, cyberattacks on such organizations may lead to the suspension of vitally important equipment, causing the deaths of thousands of vulnerable individuals.

This article will examine the Snake which was used for the attack on Fresenius. Afterwards, we will provide recommendations on how health care organizations can avoid being compromised with similar malware. 

An overview of the Snake

The Snake is often used in high-profile cyberattacks. In addition to the attack on Fresenius, it was also reportedly used in the attacks against the Japanese car producer Honda and the South American energy company Enel Argentina.

The Snake was discovered in the beginning of 2020. It is written in Golang, a programming language designed at Google. Once the Snake infects a computer, it stops various processes related to network management software, virtual machines, supervisory control and data acquisition (SCADA) systems, remote management tools and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Dimov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/r4liTBlplGc/