At the end of October 2020, we reported that hospitals and healthcare organizations had been targeted by a rising wave of ransomware attacks, with the majority of attacks using the infamous Ryuk ransomware. This followed a Joint Cybersecurity Advisory issued by the CISA, FBI and HHS, which warned of an increased and imminent cybercrime threat to US hospitals and healthcare providers.
Unfortunately, that cybercrime threat has worsened over the past two months. Since the start of November, there has been a further 45% increase in attacks targeting healthcare organizations globally. This is more than double the overall increase in cyber-attacks across all industry sectors worldwide seen during the same time.
The raise in attacks involves a range of vectors, including ransomware, botnets, remote code execution and DDoS attacks. However, ransomware shows the largest increase and is the biggest malware threat to healthcare organizations when compared to other industry sectors. Ransomware attacks against hospitals and related organizations are particularly damaging, because any disruption to their systems could affect their ability to deliver care, and endanger life – all this aggravated with the pressures these systems are facing trying to cope with the global increase in COVID-19 cases. This is precisely why criminals are specifically and callously targeting the healthcare sector: because they believe hospitals are more likely to meet their ransom demands.
Central Europe tops the list of regions impacted by the spike in attacks against healthcare organizations, with a 145% increase in November, followed by East Asia, which suffered a 137% increase, and Latin America with a 112% increase. Europe and North America saw 67% & 37% increases respectively.
Increase of attacks, per healthcare organization, per region
As for specific countries, Canada experienced the most dramatic increase with over a 250% uptick in attacks, followed by Germany with a 220% increase. Spain saw a doubling in attacks.
The major motivation for threat actors with these attacks is financial. They are looking for large amounts of money, and fast. It seems that these attacks have paid off very well for the criminals behind them over the past year, and this success has made them hungry for more.
As we touched on earlier, hospitals are under tremendous pressure due to the ongoing rise in coronavirus cases and are willing to pay ransom so they can continue to provide care during this critical time. In September it was reported by German authorities that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Dusseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment. No hospital or healthcare organization would want to experience a similar scenario, increasing the likelihood of the organization meeting the attacker’s demands in the hope of minimizing disruption.
It is also important to note that unlike common ransomware attacks, which are widely distributed via massive spam campaigns and exploit kits, the attacks against hospitals and healthcare organizations using the Ryuk variant are specifically tailored and targeted. Ryuk was first discovered in mid-2018, and soon after, Check Point Research published the first thorough analysis of this new Ransomware, which was targeting the United States. In 2020, Check Point researchers at CPR monitored Ryuk activity globally and observed the increase in Ryuk’s use in attacks aimed at the healthcare sector.
The pandemic has affected every aspect of our lives, and the cyber-security landscape has not been spared. From an upsurge in the registration of coronavirus-related malicious domains, to the use of related topics in phishing and ransomware attacks, and even fraud advertisements offering Covid vaccines for sale, we have seen an unprecedented increase in cyber-exploits seeking to compromise personal data, spread malware and steal money.
Medical services and research organizations became targets for attacks seeking to steal valuable commercial and professional information, or to disrupt vital research operations. The use of test and trace apps for tracking individuals, which previously would have caused strong privacy-related opposition, has widely been adopted around the world, and is expected to outlive the pandemic. As the world’s attention continues to focus on dealing with the pandemic, cyber-criminals will also continue to use and try to exploit that focus for their own illegal purposes – so it is essential that both organizations and individuals maintain good cyber-hygiene to protect themselves against Covid-related online crime.