Ransomware Forces Hospitals To Payout $100,000 To Cyber Criminals

Hospitals have made nearly $100,000 in Bitcoin payments to hackers after falling victim to ransomware, which according to Intel Security demonstrates the healthcare industry is unprepared for such cyber threats.

In the company’s McAfee Labs Threats Report: September 2016, which tracked malware attacks and other cyber threats that occurred in the second quarter of 2016, Intel Security noted there has been a rash of ransomware attacks against hospitals, which indicated the healthcare sector is becoming a growing vector for these cyber attacks.

The report also noted that the targeted hospital appear to be part of a wider ransomware network that has raked in $121 million through its attacks over the first half of 2016. According to discussions on the Dark net, the attacks have netted the author and distributor of the malware $94 million. This indicates that ransomware attacks are almost a form of business for some hackers.

Rise of ransomware

The scale of ransoware operations can be vast; last October McAfee Labs research with the Cyber Threat Alliance having identified a ransomware operation which used the CryptoWall ransomware strain to extort nearly $325 million over two months

And more organisations like hospitals are being targeted as they are seen by hackers to have legacy IT systems that cannot effectively defend against ransomware attacks.

As these organisations have not historically been targets of ransomware, they have not had the impetus to have robust cyber security, which now means they are ‘soft targets’ for hackers and cyber criminals.

With the need for rapid access to information, hospitals in particular are more likely to pay the hackers to release them from the ransomware, making healthcare organisations a lucrative target.

Raj Samani, CTO of the EMEA region at Intel Security noted that for many organisations, it was a case of not if but when they will come under cyber attack.

“As such, to stay ahead of cyber criminals, companies must think beyond simply implementing protection strategies, to putting systems in place to rapidly detect threats and correct their systems in the event of an attack,” he said.

“Industries such as financial services and retail have been aware of this threat for some time and have largely taken measures to implement such strategies. It’s crucial that the likes of healthcare and manufacturing pick up the pace with cyber security. Vulnerabilities in these sectors provide hackers with access to extremely personal, valuable and often irreplaceable data and IP.”

More malware

Intel Security’s research also revealed that cyber threats, such as mobile malware, network attacks and Mac OS malware, had all risen in the second quarter, with McAfee Labs’ global threat intelligence network having detected 316 new threats every minute.

This rise in cyber threats will not come as a surprise given the number of connected devices and the shift from analogue systems to digital version in the business world. But it does highlight how difficult it is for the technology industry to stay ahead of cyber threats despite advancements in detection and prevention systems.

Yet this increase in cyber threats can also be attributed to the way people and companies defend themselves against cyber attacks. For example, Intel Security’s research noted that only 37 percent of organisations use endpoint monitoring of user activity and physical media connections that could counter such cyber threats.

This is indicative of the need for organisations to be more proactive with how they handle cyber security as the current reactive approach does not seem to be curtailing cyber threats.

Such is the need for cyber security, Intel Security is becoming a separate company, splitting away from Intel to trade under the McAfee brand.

Are you a security pro? Try our quiz!