In the latter half of 2020 the joint CISA, FBI, and HHS cybersecurity advisory issued an alert for the healthcare and public health sectors as a result of a recorded increase in ransomware attacks.
It revealed that these sectors were being concentrated on by ransomware operators and many cyber criminal groups had increased their level of activity particularly the Ryuk and Conti groups.
Following this, a report released by Check Point shows indicates attacks went on increasing during November and December 2020 with a 45% rise in cyber-attacks registered on healthcare organizations around the world during this time. This growth represents over double the percentage rise in attacks on all industry sectors for this duration of time globally with an average of 626 cyberattacks on healthcare groups weekly recorded for November and December. This contrast with 430 attacks weekly during October.
The tactics employed in the attacks were quite different. Check Point cybersecurity experts saw a rise in ransomware, botnet, remote code execution, and DDoS attacks in November and December; however, ransomware attacks registered their largest percentage increase during this time.
Conti ransomware goes on being hugely dangerous and is being deployed in a great number of healthcare sector attacks while Ryuk represents the most commonly used ransomware variant, closely followed by Sodinokibi.
By location the increases were as follows:
- 145% in Central Europe
- 137% in East Asia
- 112% in Latin America
- 67% in Europe
- 37% in North America
Ransomware attacks are operated to try and steal money. Ransomware gives threat actors a large payout very quickly so the healthcare industry is targeted due to the urgency in bringing their systems back online, particularly during the COVID-19 pandemic.
Most ransomware attacks begin with phishing emails that deliver Trojans including Emotet, TrickBot, and Dridex. Check Point advises security professionals to search for these Trojans on the network, along with Cobalt Strike, all of which are used to share Ryuk ransomware.
While most phishing attacks take place while a business is open it is growing increasingly common to conduct them during the weekend and during holidays due to the fact that security staff levels are more likely to be a lower level. is likely to be reduced. Due to this healthcare groups have been warned to be more careful than usual during these times.