Health Sector Cybersecurity Coordination Center (HSCCC) recently published an outline of the ransomware trends affecting healthcare cybersecurity. Conti ransomware was at the top, affecting healthcare cybersecurity in the first quarter of 2022. It warned that ransomware groups increasingly use legitimate tools such as AnyDesk, ScreenConnect, FileZilla, and BitLocker to access organizational data during intrusions. Conti ransomware attacks that use resident software are called Living off the Land Attacks (LOLA). Cybercriminals use tools already in the target environment instead of deploying their design tools. Health professionals today need to consider cybersecurity training to protect all stakeholders.
Actions Against Conti Ransomware
On May 6, 2022, the US Department of State issued a declaration offering a reward of up to $10M for any information on the location or identification of an individual who holds a key leadership position in the Conti ransomware variant transnational organized crime group. The Department is also offering a reward of up to $5,000,000 for information leading to the arrest and conviction of individuals conspiring to participate in or attempting to participate in a Conti ransomware incident in any country.
The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years. Up to January of this year, pay-outs to Conti ransomware are estimated to be more than $150,000,000, making Conti ransomware the most expensive ransomware ever documented.
How Does Conti Ransomware Work and How to Prevent it
Conti Ransomware gains access to computers via email, file attachments, and remote desktop protocols. Then it clears servers of organizations’ files, followed by encrypting them. The actors then demand that organizations pay to regain access to their data. Conti actors sell or publish the stolen information if the victims refuse to pay. Though the ransom amount changes from one incident to the next, demands can reach as much as $25 million.
The HSCCC report concluded that threat actors would continue to evolve their intrusive systems and use resident software to avoid detection. Though many of the intrusions are challenging to detect, it is not impossible to ensure that healthcare cybersecurity is up to the challenge and able to contain and defend its information against attack. The HSCCC presentation discussed above included a comprehensive list of actions to mitigate Conti ransomware attacks. Managers responsible for healthcare cybersecurity will have their work cut out for them in the future, finding ways to overcome and contain attacks.
Conti isn’t the only ransomware making the rounds. Since the beginning of the year, LockBit, SunCrypt, ALPHV/BlackCat, and Hive have been active. Hive, in particular, has only been around since June 2021, but it has already breached more than 350 systems. At a rate of three attacks per day, that number is rapidly growing. Under these conditions, all types of healthcare professionals’ cybersecurity must focus on getting the needed training to protect the vulnerable people they serve by making their information systems safer. Mitigations should include multi-factor authentication, network segmentation, and firewall-restricted file sharing.
Cybersecurity Training for Professionals
Cybercriminals and hacking will always creep through cyberspace, and ransomware will continue to create problems unless organizations remain alert and update their healthcare cybersecurity to meet the challenges.