With the recent reports of several healthcare organizations being hit with crypto-ransomware, we’ve received many inquiries about the recent trends we’ve seen with this threat. Ransomware is nothing new, having evolved from the old Fake-AV days. What is new is the current pervasive nature, and corresponding ease of use. Plus, the capability to encrypt files makes the crypto-ransomware a particular nasty transition.
Our researchers have seen this uptick looming. In fact, Raimund Genes, Trend Micro CTO, predicted that this threat would increase significantly in 2016 and thus far it appears to be coming true just two months in to the year.
This can be attributed to:
All of these factors have combined to support the heightened number of ransomware-related attacks seen in recent months. The success of crypto-ransomware has been documented through our global threat intelligence gathered through the Trend Micro™ Smart Protection Network™. Since 2013, the percentage of detections seen has shifted dramatically from a traditional ransomware to crypto-ransomware ratio of 80/20, to 20/80 ratio today.
Encrypting critical files within systems or shared drives allows the threat actors to hold organizations hostage and extort money. Since healthcare organizations hold extremely valuable data (Patient Personally Identifiable Information) and have critical systems, any downtime could lead to serious repercussions. As such, criminals are realizing they can command a much higher ransom from these types of organizations. This is seen in recent attacks against a Hollywood hospital and a UK healthcare organization. This needs to be a wakeup call for the healthcare industry as it doesn’t matter if an attack is targeted, or if they are caught up in the day-to-day crypto-ransomware campaigns that we see across the globe. If systems become inoperable due to the encryption process, it can cause major issues for their organization.
As part of this we recommend that a multi-faceted approach be taken by healthcare organizations to help them prevent and/or detect crypto-ransomware:
Unfortunately, payment to criminals to unlock hijacked files only encourages and emboldens them. Based on this, we can expect crypto-ransomware to continue to be used until the threat can be effectively detected and blocked, as well as more arrests and prosecution. Until then, Trend Micro will continue to do our part in identifying and developing new ways to support our customers with solutions built to quickly detect, respond and recover from these threats.