According to a Check Point Report, cyberattacks opposed to healthcare organizations have risen up to 45% since Nov 2020. During this period, other industries however saw a 22% rise in cyberattacks. In the month of November itself, Central Europe witnessed 145% increase in attacks and North America saw a 67% increase.
The cyberattacks included ransomware, botnets, DDoS and remote code execution. While most of the ransomware were targeted on a broad sector, the report found that Ryuk attack is tailored towards targeting the healthcare industry. Due to the pressure posed by the Covid-19 on the healthcare industry, offenders are making the maximal financial success in interrupting operations that have no room for free time.
CISA had proposed security recommendations for healthcare defense last year however Drew Daniels CIO and CISO of Druva said that, “there are also known control channels which can be blocked past in order to prevent the troublemakers.” These agitators will develop newer channels of infection and if any organization identifies Ryuk, then constraint and recovery will become the dominant business. He further said, “Security is not certain, nothing involving the internet can ever be. It isn’t just designed in that way.”
Ryuk was paused before re-surfacing in the fall. An infection can begin with a trojan such as Trickbot, Emotet, Dridex, or Cobalt Strike. Research by Deep Instinct finds that, “the earlier generations of Ryuk were rarely found without followed by Trickbot in its environment.” This allowed organizations to detect and dismantle Trickbot to therefore avoid a Ryuk infection. This Ryuk redundancy heavily relied on human-driven exploration.
The ransomware strain even though developed now, still relies on Trickbot and spear-phishing and document containing a VBA (visual basic for applications). macro. Targeted organizations can balance between blocking or allowing, in case the ransomware is able to use Powershell alongside. “This can catch back to the admins doing anything they can in order to not impact their user base, which can even mean lowering the security posture of the environment”, says Deep Instinct. This is one reason why Ryuk thrived in the healthcare sector during the pandemic.
Security propositions for ransomware can often drill down to traditional hygiene methods. Daniels, on a recent healthcare ransomware attacks, said, “I was shocked by the lack of the basic security hygiene and I I would be negligent not to miss the importance of patching and patching and patching”. Along with the routine antivirus updates, IT can restrict the users on their ability to run specific applications, but with also running the risk of interfering with employees’ output.
Daniels further said, “This may fundamentally dull down some of the risks, malware can be delivered via macros in an Excel spreadsheet or a Word document or anything similar that’s part of our daily working”. In continuance, he said that “it is unlikely that this level of functionality can be turned off as it would severely limit the users’ capacity to work. Years old system have been designed to enable connectivity, productivity and openness.” If a system was completely read-only, it would largely curtail users’ expediency.