Tag Archive for: Ransomware’s

Ransomware’s Impact May Include Heart Attacks, Strokes & PTSD


Ransomware incidents cause significant harm at many levels, including to physical and mental health; new research from U.K. security think tank Royal United Services Institute has classified this impact into three categories (Figure A):

  1. First-order harms: The harms to organizations and their staff. Examples include data loss, reputational harm and heart attacks.
  2. Second-order harms: The indirect harms to organizations and individuals. Examples include clients and customers in supply chains might be targeted, and patients’ cancer treatments are disrupted.
  3. Third-order harms: The harms to the wider society, economy and national security. An example includes citizens losing trust in a state’s ability to provide basic services.

Figure A

Three categories of ransomware harms, as determined by RUSI.
Three categories of ransomware harms, as determined by RUSI. Image: RUSI

The RUSI’s research is based on interviews with victims and incident responders of ransomware attacks and reflects “new and existing types of harm to the U.K. and other countries.”

First-order harms: Direct targets of ransomware attacks

The direct targets are organizations and staff directly exposed to ransomware.

Infrastructure harm

Organizations hit by a ransomware attack may suffer physical or digital harm to data and systems. Data loss from the encryption of data by ransomware can be devastating, especially if the threat actor manages to also access the backup systems and render them useless. Thousands of computers can also become unusable for their users, forcing organizations to suddenly return to operating “by pen and paper.”

Operational Technology might also be impacted. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or Industrial Control Systems; one example is when ransomware’s impact on IT prevents other systems (e.g., fire controls, doors, gates or closed circuit television) from working properly.

An organization’s incident response to ransomware might impact business because incident handlers often need to isolate parts of the IT infrastructure to conduct their remediation and recovery operations –…

Source…

Illinois Hospital Closure Showcases Ransomware’s Existential Threat


An Illinois hospital’s decision to cease operations later this week at least partly because of a 2021 ransomware attack that crippled operations for months is a stark reminder of the sometimes-existential threat that online extortion campaigns can pose.

That’s especially true for resource-strapped small and rural hospitals.

St. Margaret’s Health (SMH) will permanently close its hospitals, clinics, and other facilities at Spring Valley and Peru, Ill. this Friday, June 16, after serving the community for 120 years. Multiple factors led to the decision, including unprecedented expenses tied to the COVID-19 pandemic, low patient volumes tied to social-distancing mandates, and staff shortages that forced the health system to have to rely on temporary staffing agencies.

But the February 2021 ransomware attack on its systems at Spring Valley had a big part to play; they  catastrophically impacted the hospital’s ability to collect payments from insurers for services rendered, and the attack forced a shutdown of the hospital’s IT network, email systems, its electronic medical records (EMR) portal, and other Web operations.

A Contributing Factor

SMH vice president of quality and community services Linda Burt says the attack lasted four months, during which employees had no access to the IT system, including email and the EMR system. 

“We had to resort to paper for medical records. It took many months, and in some service lines, almost a year to get back online and able to enter any charges or send out claims,” Burt says. “Many of the insurance plans have timely filing clauses which, if not done, they will not pay. So, no claims were being sent out and no payment was coming in.”

SMH is the latest to make the list that security analyst and researcher Adrian Sanabria maintains of organizations that were forced out of business because of a cyberattack over the past two decades. The list currently comprises 24 organizations — many of them small — across multiple sectors. Among the names in the list is payment processing firm CardSystems, which closed in 2005 following a data breach that exposed sensitive data associated with some 40 million credit cards; security firm HBGary which went…

Source…

Extortion Economics: Ransomware’s New Business Model


Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.

And yet, many threat actors are working within a limited pool of ransomware groups. Although ransomware is a headline-grabbing topic, it’s ultimately being driven forward by a relatively small and interconnected ecosystem of players. The specialization and consolidation of the cybercrime economy has fueled ransomware as a service (RaaS) to become a dominant business model — enabling a wider range of criminals to deploy ransomware regardless of their technical expertise. This, in turn, has forced all of us to become cybersecurity defenders.

When Microsoft is developing threat intelligence, we don’t just rely on open forum monitoring and ransomware claims to identify emerging cybercrime trends. We also observe end-to-end events as they occur. This has allowed us to identify patterns in cybercriminal activity and turn cybercrime into a preventable disruption to business. Once businesses can address the problems and network gaps that industrialized tools rely on to succeed, they can better strengthen their cybersecurity position. Here are some of our top tips.

Understanding how RaaS works

Before you can defend against ransomware, you must first know how it operates. Ransomware is not targeted. Instead, ransomware takes advantage of existing security compromises in order to gain access to internal networks. Cybercriminals have adopted a maximum-efficiency approach when it comes to ransomware. In the same way that businesses hire gig workers to cut down on costs, cybercriminals have turned to renting or selling their ransomware tools for a portion of the profits rather than performing the attacks themselves.

This flourishing RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage as well as payment infrastructure. What we think of as ransomware “gangs” are in reality RaaS programs like Conti or REvil, used by the many different actors who switch between RaaS programs and…

Source…

Ransomware’s a bigger threat — to business and beyond — than many understand


One of the most under-reported — and harmful — phenomena in Canada is ransomware attacks.

Recent high-profile ransomware attempts, the most common form of cyberattack, have obscured how pervasive the problem is, and how urgent the need to better guard against it.

It is estimated that in Canada this year there will be such an attack every 11 seconds. Most of them go unreported to law enforcement, and the problem will get worse if that continues.

A ransomware attack occurs when cybercriminals install malware in your computer network that encrypts your data so that you no longer have access to it. They then demand a ransom, usually payable in Bitcoin or another cryptocurrency, to “unlock” it.

Until recently, almost all ransomware victims in Canada were small and medium-sized businesses (SME). In fact, a 2019 survey of Canadian SMEs found that every one of them had faced a cyber threat, and 58 per cent reported that their data systems had been breached. (Some leading SME protections against ransomware appear near the end of this article.)

Three major shifts in ransomware activity are now underway.

First, cyber-thieves are raising their sights. They’re targeting bigger enterprises — in the public, private and non-profit sectors — and average ransom demands have skyrocketed, from an average of $5,000 in 2019 to the $82-million ransom paid in 2020 by attack victim United Health Services Inc., one of America’s largest hospital chains.

Second, ransomware attackers are no longer merely encrypting data, but stealing it as well. That way, if the victim refuses to pay the ransom, the attacker can threaten to sell your data on the black market or post it all over the internet.

That, in turn, opens the door to regulatory censure and class-action lawsuits against the victim over its failure to protect sensitive data on customers, suppliers, financial institutions and others with whom it does business. The victim’s data in the wrong hands is not only a problem for the victim, but for countless third parties whose own data, in the victim’s care, has also been compromised.

And third, information technology (IT) systems and operational technology (OT), once segregated, have…

Source…