Report: Healthcare Services Pay Nearly $100,000 to Ransomware Attacker
A new report has found that hospitals are increasingly targeted by ransomware attackers because of the low-security measures put into place.
The McAfee Labs Threats Report: September 2016 has found that hospitals paid around $100,000 to a bitcoin address in the first quarter of the year.
In February 2016, one hospital in California was reported to have been targeted by hackers demanding a ransom of 9,000 bitcoins, amounting to around US$5.77 million.
The hospital reportedly paid $17,000 to have its files and systems restored; however, it suffered a downtime of five days.
Different Method of Attacks
In most ransomware attacks, ransomware is delivered through phishing when emails are sent with subjects such as ‘failed delivery’ or ‘my resume’. They have attachments, which then download the ransomware.
Another method that hackers tend to use is through exploit kits; however, according to the McAfee report, none of these methods were employed during the first quarter of 2016.
The report found that through the open-source tool JexBoss, hackers targeting hospitals were able to scan for vulnerable JBoss web servers before sending an exploit to initiate a shell on those hosts. Once the servers were then infected, available tools used by the hackers were then utilized to map the trusted network.
Hospitals Off Limits
When it comes to hospitals these are typically seen to be off limits for ransomware attacks. That’s according to McAfee.
The report said:
In the Russian underground, there is an ethical ‘code of conduct’ that places hospitals off limits, even if they are in countries normally targeted in their cybercrime campaigns and operations.
It was concluded that these types of hospital attacks that took place at the beginning of the year were undertaken by malicious hackers and even though the attacks were effective they were not very sophisticated.
In the first half of 2016, most ransomware attacks took place on American and Canadian hospitals with a few targeting U.K. and Australian hospitals. As a result, the U.S. and Canadian cybersecurity agencies issued an alert earlier this year regarding ransomware attacks, as reported by CCN.
The report found that a ransomware author and distributor had received BTC 189,813, translating to around $121 million. The author, the report stated, claimed that they have earned $94 million in the first six months of 2016.
As it can be seen, money can be made quickly through ransomware attacks. While the report discovered that the majority of victims did not pay the ransom demand, hospitals that were targeted by the ransomware family samsam did appear to pay.
The amounts involved varied, but the biggest direct costs were from downtime or lost revenue, incident response, system recovery, audit services, and other cleanup costs. Those targeted had a downtime for at least five to 10 days.
It seems, though, that unless health care services improve on their cybersecurity, malicious hackers will continue to target them, gaining access to personal and oftentimes irreplaceable data. For now, the advice from the FBI is to avoid paying the ransom demand to hackers.
Featured image from iStock/zimmytws and Shutterstock.