Medical Facilities Beware: Cybercriminals Targeting Weak Systems with Ransomware
While healthcare and medical facilities work to combat the COVID-19 crisis, cybercriminals are attempting to take advantage of the crunch by targeting healthcare systems with ransomware, a type of malicious software that restricts users from accessing their systems and demands ransom payment in order to regain access.
Microsoft recently notified several hospitals to ensure that secure web gateway and virtual private network (VPN) applications are updated and configured appropriately. Healthcare and medical facilities are among the most vulnerable to ransomware attacks because they frequently lack the time or resources to install the latest patches or update firewalls.
This specific ransomware campaign is particularly dangerous because it is human-operated. While most traditional ransomware is auto-spread, human-operated ransomware is controlled by cybercriminals who are armed with a deep understanding of system administration and network security misconfigurations. These attackers are employing methods typically seen in nation-state attacks to exploit and prey on the urgent need for information during the COVID-19 crisis.
A human-operated ransomware attack typically begins by gaining access into a network through outdated or misconfigured gateway or VPN application. Once inside, attackers steal login credentials to access other areas of the network and conduct reconnaissance. Once they have acquainted themselves with the system and file locations, they deploy the ransomware, locking the organization out of their own files.
- Security Updates for VPN and Firewalls Ensure that VPN is updated and has all the correct configurations. Patches and the latest security updates should be implemented and installed.
- Password Security Implement password management processes.