New Wave of COVID-19 Cases Sees Increase in Ransomware Affecting Healthcare Industry

Ransomware has been a popular topic on our blog in 2020, and for a good reason. It continues to affect businesses and be a highly relevant and growing threat amid COVID-19.

One industry that has been primarily targeted by ransomware: healthcare and the public health sector. An official warning from the FBI, the Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) stated that cybercriminals were evolving and elevating their ransomware attacks on healthcare organizations in response to the newest wave of increased COVID-19 cases. 

Understanding the Threat 

Ransomware attacks come down to three factors to be considered successful by attackers: profitability, speed, and ease. 

Trickbot, a cybercriminal enterprise also suspected of creating BazarLoader malware, continues to evolve its attack tools to meet the three objectives mentioned above: profitability, speed, and ease. Trickbot is released via phishing campaigns that use malicious links or attachments to trick the user. A user unknowingly clicks a link or downloads an attachment, allowing Trickbot to deploy on the computer using the backdoor from the command and control (C2) server and ultimately allowing attacks to install Trickbot on the user’s computer. 

What exactly is Trickbot?

More than just a cybercriminal enterprise, Trickbot has evolved to provide attackers with a full range of tools that allow them to carry out various illegal cyber activities. Trickbot allows for cyber activities that include: mail exfiltration, crypto mining, point-of-sale data exfiltration, credential harvesting, and the deployment of ransomware (specifically Conti and Ryuk). 

Many of these illegal cyber activities are specifically detrimental when deployed within a healthcare organization’s confines: namely, credential harvesting and deployment of ransomware. While all healthcare organizations are subject to HIPAA regulations, data privacy is of the utmost importance. When cybercriminals can deploy ransomware, the greatest risks are — losing patient data privacy and losing patient data altogether. 

What should my organization do to prevent ransomware? 

Healthcare organizations are urged to take ransomware threats very seriously. With a recent increase in COVID-19 cases, many cybercriminals are taking advantage of this time to deploy new and unknown attacks on healthcare networks. Healthcare organizations should be taking proactive steps to protect their networks if they are not doing so already. Having a clear plan if attacked and taking active steps to preserve existing networks is vital in staying ahead of the ever-evolving range of attacks we see today.  

The fact that cybercriminals have chosen to time their attacks during a significant resurgence of a global pandemic shows the complete lack of humanity in their actions. Organizations should expect that cybercriminals will take advantage of healthcare organizations and attack when they are most vulnerable. 

If you have questions about how to protect your organization, or if you are specifically interested in PK Tech’s expertise around HIPAA regulations, please reach out to us. We are here to help.