the popularity of a few select families.
Another F-Secure report noted that
ransomware users were moving to more
targeted tactics and instead of casting
wide nets to catch as many victims as
possible, they were honing their sights
on high-value targets.
Increasingly ransomware is moving away
from targeting individual consumers
and narrowing its focus on businesses
which have greater cash reserves (if
not infosec insurance) and more to lose
whether from IT resumption cost or
hours of business paralysis. Symantec’s
2017 Internet Security Threat Report
revealed that 42% of ransomware attacks
were focused on business targets.
That focus on target sensitivity
has increased focus on healthcare
targets. A 2018 report from Cylance
listed healthcare as the top target
www.intelligentciso.com
|
Issue 05
for ransomware families in 2017.
Most recently, a Wisconsin-based
medical facility was infected with
RISE ransomware, putting the data of
thousands of patients at risk. Earlier in
the year, a Chicago-based healthcare
records provider found its services
paralysed by a ransomware attack.
That attack trickled down to hundreds
of its customers – medical practices –
which were unable to access patients’
medical records.
The ill-gotten gains of these attacks can
be leveraged two-fold. Not only can the
hospital be blackmailed for thousands
but that stolen data can also be sold
for prices far higher than a comparative
tranche of breached data can.
Ransomware families are also being
reengineered to suit the needs of the
modern cybercriminal.
SamSam malware for example – the
source of Atlanta’s woes – requires
attackers to enter a password before
executing its payload, meaning a more
controlled distribution of its damage.
Xiaoba ransomware has been modified
to keep up with the times and steal
cryptocurrency – an ever more popular
activity for cybercriminals – while still
destroying its victim’s files.
Any strategy to deal
with ransomware
must extend to
every level of your
environment.
85