Medical Centers impacted by ransomware around the U.S.
Medical Centers around the United States are becoming victims on ransomware. Now, during a time of COVID it’s causing more hardship than ever before. We’ve selected three briefs to share with you about the results and difficulties these circumstances have created for medical facilities.
Greater Baltimore Medical Center Hit by Ransomware Attack
BY MIKE LENNON
The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. In late October, the U.S. government warned hospitals and healthcare providers of an “increased and imminent” ransomware threat. The alert warned that threat actors are targeting the healthcare sector with the TrickBot malware in attacks that often lead to ransomware infections, data theft and disruption of healthcare services.
The ransomware attack is the latest of many that have impacted healthcare providers over recent months. In September, a ransomware attack forced the shutdown of more than 250 locations operated by Universal Health Services (UHS). Also in September, an attack shutdown IT systems at a hospital in Duesseldorf, Germany, resulting in the death of a woman after she had to be taken to another city for urgent treatment.
TrickBot has been updated with functionality that allows it to scan the UEFI/BIOS firmwareof targeted system for vulnerabilities, security researchers recently discovered. READ MORE…
UHS Shuts Down Systems in U.S. Hospitals Following Cyberattack
BY IONUT ARGHIRE
In the end of September, 2020, Universal Health Services (UHS) shut down IT networks at multiple hospitals in the United States, after being hit with a cyberattack. A Fortune 500 company operating more than 400 facilities in the United States, Puerto Rico, and the United Kingdom, the healthcare services provider has approximately 90,000 employees and claimed an annual revenue of $11.4 billion for 2019. While many said that patient care wasn’t critically affected, others detailed difficulties in receiving lab results or performing other types of investigations in a timely manner. There was also one unconfirmed report of patients dying due to such delays. Furthermore, Bleeping Computer and TechCrunch report that information from people with knowledge of the incident leads to the conclusion that the Ryuk ransomware was used. READ MORE HERE…
As Hospitals Cope With a COVID-19 Surge, Cyber Threats Loom
BY ASSOCIATED PRESS
The (University of Vermont Medical Center) Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.
The same day as UVM’s attack, the FBI and two federal agencies warned cybercriminals were ramping up efforts to steal data and disrupt services across the health care sector.
By targeting providers with attacks that scramble and lock up data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they’re paid.
Ransomware is also partly to blame for some of the nearly 700 private health information breaches, affecting about 46.6 million people and currently being investigated by the federal government. In the hands of a criminal, a single patient record — rich with details about a person’s finances, insurance and medical history — can sell for upward of $1,000 on the black market, experts say. READ MORE…
A True Tale of Two Ransomware Attacks
Read a true tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing emails. The difference is in their disaster recovery plans.
RANSOMWARE PREVENTION
A TALE OF TWO SCHOOLS
Imagine a world where ransomware didn’t exist. Now, snap back to reality and read a tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing email. The difference is in their disaster recovery plans.
The Allegheny Intermediate Unit School System, Pennsylvania, U.S.A.
School A, The Allegheny Intermediate Unit school system, DID NOT have to engage with the criminals and were able to use the services of a third-party to get their critical data recovered quickly. When you read the wording on various articles related to this incident, it appears that the school system quickly engaged with their cyber insurance carrier. Their insurance carrier mobilized resources quickly to identify and remediate the attack and then restored from existing backs of critical data. THIS is how the process is supposed to work.
The University of Maastricht, The Netherlands
School B, The University of Maastricht, did not have an adequate plan in place and had to completely shut down information systems and pay the ransom in order to decrypt their computers and servers. The timeline on this attack is interesting; the original compromise occurred a little over two months before their networks were ransomed. Had they had an extra layer of defense like the RealTime Cyber Defense package, they could have potentially caught the attack during this phase.
LESSONS LEARNED?
The lessons that a school [or any business] that has been through an event like this one will make them better at risk-based decisions going forward. Now they know that they are vulnerable to an attack like this and will take positive steps to introduce better prevention and detection processes.
Todd Swartzman, RealTime CISO
TODD’S TAKE ON THE RECOVERY:
After paying the ransom, it was pretty fast to decrypt that many systems and perhaps most were using the same decryption keys – some victims aren’t that lucky and have to juggle hundreds or thousands of decryption keys that really slows down recovery. Part of the decision to pay was based on how much quicker it can be to decrypt machines rather than reloading from scratch. The statement by the university indicates that they may not have had backups of some of their critical data.
summary:
Be sure to have a good backup in place;
Cyber insurance is a great idea;
Adding a cyber security plan could have helped detect the internal attack during the months they “inside” the system rather than waiting.
WANT TO TALK?
Want to talk to our Chief Information Security Officer about a better strategy for your business?
RealTime team creates Ransomware awareness
This isn't our normal blog post, but this short 'Live' Facebook video gives heart and humor to the serious subject of Ransomware.
RealTime educating the general public on Ransomware during the 2017 Foster Fest in downtown Dothan, AL.
This isn't our normal blog post, but this short 'Live' Facebook video gives heart and humor to the serious subject of Ransomware. Watch this brief video showing some of our RealTime team in action. If you have a question about how Ransomware can affect your business, email us at info@realtime-it.com or call (334) 678-1417.
*Also, don't forget to follow us on Facebook! Look at what you're missing...
"WannaCry" RANSOMWARE TAKES ADVANTAGE OF WINDOWS VULNERABILITY
The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.
WHAT IS HAPPENING?
The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.
The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March. But computers and networks that hadn't updated their systems were still at risk.
In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.
"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."
Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible.
When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the "most damaging" he'd seen in several years, and warned that businesses would be most at risk.
HOW TO PROTECT YOURSELF
Consumers who have up-to-date software are protected from this ransomware. Here's how to turn automatic updates on.
*This blog post is excerpts from the original article on money.cnn.com
5 TYPES OF SOCIAL ENGINEERING SCAMS
With the recent phishing scam using Google Docs, phishing is a word on everybody's lips. Educating yourself and your employees to understand all the different types of cyber threats is important and how to avoid them is crucial to keeping your company and personal information secure. In today's blog, we'll cover the 5 different types of social engineering scams.
With the recent phishing scam using Google Docs, phishing is a word on everybody's lips. Educating yourself and your employees to understand all the different types of cyber threats is important and how to avoid them is crucial to keeping your company and personal information secure. In today's blog, we'll cover the 5 different types of social engineering scams.
PHISHING
This is the leading tactic used by today’s ransomware hackers, usually delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. The message within these emails often appears to be from the government or a major corporation; it can include corporate logos and/or other legitimate-looking branding and is often written in a way to deliver a sense of urgency and importance.
QUICK TIP: You should never click through the offered link or hit reply unless you are 100% certain that an email is legitimate.
BAITING
Like phishing, baiting involves the offer of something enticing in exchange for private data. The “bait” comes in many forms: it could be digital, such as a music or movie download, or it might be physical, such as a jump drive left out on a desk for an end user. Once the bait is taken, malicious software is delivered directly into the victim’s computer.
QUICK TIP: Never insert any item into your computer that you "found" to see what is on the drive.
QUID PRO QUO
Quid pro quo is also a request for the exchange of private data but in this scheme, the enticement is a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.
QUICK TIP: Never give out your login credentials to anyone, especially to someone you don't know over the telephone.
PRETEXTING
When a hacker creates a false sense of trust between him/herself and an end user by impersonating a co-worker or an authority figure within the company to gain access to private data, this is known as pretexting. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data to comply with a corporate audit (that isn’t real).
QUICK TIP: Don’t give out your personal information on the phone, via email or snail mail unless you’ve initiated the contact or unless you’re sure it’s safe. Pretexters are especially interested in information such as your SSN, mother’s maiden name, pet or child’s name, bank, brokerage and credit card account numbers, and phone company.
TAILGATING
Tailgating is the most face-to-face cyber threat: a scam artist physically enters your business through the front door. Often these hackers will try to befriend an employee or will ask a person with access authorization to hold the door open claiming they’ve forgotten their RFID card. In this way, they gain access into a restricted area and can steal valuable company secrets and /or wreak havoc on your IT infrastructure.
QUICK TIP: Never hold the door open to a secure building for someone you don't work with directly.