Ransomware in Healthcare:
- Avaddon and Conti were the most frequently observed ransomware-as-a-service (RaaS) groups impacting the global healthcare sector
- 82 global ransomware incidents in the healthcare sector
- California experienced 12% of the ransomware healthcare incidents followed by Texas, Georgia, Illinois, and Louisiana
With 34% of attacks in the healthcare industry deciding to pay the ransom, it isn't much of a surprise to see ransomware morph into an orchestrated cash cow for dark web organizations.
It's not only systems administrators that should be aware of these ransomware variants. Every employee should be familiar with the ways that these attacks happen in order to avoid clicking something malicious. Names and attacks that you should brush up on. Whether you're in a technology position at your company or even just an employee at a company that could be attacked. Employees should have trainings that prepare them to spot phishing emails, or other odd emails that might be used to attack a company.
Preventing Ransomware Attacks
- Multi-factor authentication for remote access to OT and IT networks
- Strong spam filters to prevent phishing emails
- Filter emails with executable files attached
- User training program and simulated attack campaigns to dissuade employees from opening malicious email attachments
- Block network traffic from malicious IP addresses
- Block URLs company-wide that are known malicious websites
- Meticulously update software, operating systems, applications, and firmware
- Patch management program
- Limit and restrict user access across networks to prevent high-level entry
- Routinely scan IT network with anti-virus and anti-malware programs
- Implement unauthoraized execution prevention by disabling macro scripts, only allowing approved executable files to launch, monitoring or blocking VPN anonymization services
Recovering From Malware
- Isolate the infected system
- Turn off other computers and devices
- Secure your backups
- Ensure that your backup data is offline, secure, and free of malware
- Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware.
Without a fail-safe system, and a proper backup protocol, you could be in a world of pain without paying the ransom. Avoid getting yourselves into a sticky situation by familiarizing yourselves with the most common ransomware actors in the game and common ways they are carried out on your servers. If you need any help in protecting your data, reach out to us!