• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Healthcare   »   Crypto-ransomware, A Growing Threat to Healthcare

Crypto-ransomware, A Growing Threat to Healthcare

  • Posted on:February 18, 2016
  • Posted in:Healthcare, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

With the recent reports of several healthcare organizations being hit with crypto-ransomware, we’ve received many inquiries about the recent trends we’ve seen with this threat. Ransomware is nothing new, having evolved from the old Fake-AV days. What is new is the current pervasive nature, and corresponding ease of use. Plus, the capability to encrypt files makes the crypto-ransomware a particular nasty transition.

Our researchers have seen this uptick looming. In fact, Raimund Genes, Trend Micro CTO, predicted that this threat would increase significantly in 2016 and thus far it appears to be coming true just two months in to the year.

This can be attributed to:

  • Revenue potential for cybercriminals is extremely high
  • Infection rates have increased as social engineering tactics have improved
  • The threat actors executing these attacks are very good, well-funded and globally dispersed
  • Healthcare organizations have critical systems that cannot be offline

All of these factors have combined to support the heightened number of ransomware-related attacks seen in recent months. The success of crypto-ransomware has been documented through our global threat intelligence gathered through the Trend Micro™ Smart Protection Network™. Since 2013, the percentage of detections seen has shifted dramatically from a traditional ransomware to crypto-ransomware ratio of 80/20, to 20/80 ratio today.

Doc3

Encrypting critical files within systems or shared drives allows the threat actors to hold organizations hostage and extort money. Since healthcare organizations hold extremely valuable data (Patient Personally Identifiable Information) and have critical systems, any downtime could lead to serious repercussions. As such, criminals are realizing they can command a much higher ransom from these types of organizations. This is seen in recent attacks against a Hollywood hospital and a UK healthcare organization. This needs to be a wakeup call for the healthcare industry as it doesn’t matter if an attack is targeted, or if they are caught up in the day-to-day crypto-ransomware campaigns that we see across the globe. If systems become inoperable due to the encryption process, it can cause major issues for their organization.

As part of this we recommend that a multi-faceted approach be taken by healthcare organizations to help them prevent and/or detect crypto-ransomware:

  • Educate employees on identifying suspicious emails (phishing). The majority of these attacks start with a socially engineered email to employees.  They will contain weaponized attachments or embedded links and entice the user to open or click based on compelling language within the email.
  • Advanced messaging solutions which can improve the detection of phishing emails through purpose-built technologies developed to identify them. Linking a sandbox technology to the messaging solution can help identify weaponized attachments.
  • Endpoint solutions that have specific anti crypto-ransomware technologies such as behavior analysis that can identify the encryption process and stop it from continuing.
  • Network-based security solutions like IDS/IPS, Firewall and Breach Detection Systems that can identify inbound/outbound Command & Control communications which are a key component of this threat lifecycle.
  • A robust backup solution. Organizations who perform regular backups and can rapidly restore systems will allow them to recover faster.
  • Review your shared drive policy and require authentication to access.

Unfortunately, payment to criminals to unlock hijacked files only encourages and emboldens them. Based on this, we can expect crypto-ransomware to continue to be used until the threat can be effectively detected and blocked, as well as more arrests and prosecution. Until then, Trend Micro will continue to do our part in identifying and developing new ways to support our customers with solutions built to quickly detect, respond and recover from these threats.

Related posts:

  1. Taking Healthcare Threat Protection to the Next Level with HITRUST
  2. Mobile Ransomware: The Fast Growing Yet Unknown Threat
  3. Defending against Crypto-Ransomware Threats
  4. Crypto-Ransomware Attacks: The New Form of Kidnapping

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.