In the News:
Fresenius, Europe’s largest private hospital operator, was impacted by an apparent Snake Ransomware attack, reported May 6th, 2020 by Krebs on Security and in an article written by Sarah Coble with Infosecurity Magazine. Snake Ransomware works by encrypting all connected devices and leaving a ransom note titled “Fix-Your-Files.txt” with an email address and ransom demands. The victim must pay the ransom in order to get the decryption key from the attackers.
It has not yet been made clear exactly how much of Fresenius’ data has been compromised. The Fresenius Group is based in Germany and includes Fresenius Medical Care, a major provider of care to those suffering from kidney failure. Their dialysis services are in huge demand, especially during the COVID-19 pandemic. Those with kidney failure are at higher risk of becoming seriously ill if they contract COVID-19. (National Kidney Foundation: Kidney Disease and Covid-19)
According to the international police organization, INTERPOL, there has been a significant increase in the number of attempted ransomware attacks against organizations that are currently involved in response to COVID-19. (INTERPOL – Cybercriminals Targeting Critical Healthcare Institutions with Ransomware)
Our Take:
Ransomware is one of the most dangerous types of malware faced by companies that process health data. Not only is health data at risk, but if vital systems are unable to function, or patient records are not accessible, patients’ health could be at stake. Organizations often struggle with the decision of whether to pay to retrieve their data, as paying attackers can be viewed as an encouragement for attackers to continue utilizing their criminal business model. The FBI has provided guidance including cautioning businesses that paying a ransom is no guarantee that the organization will regain access to their data and that the attackers won’t attack again.
Not only is ransomware dangerous for large companies, individuals can also be targeted by those looking to make a profit by stealing and encrypting data. It is important not only for large corporations but also the individual to be aware of the risk ransomware poses.
Ransomware can enter a network in a few different ways. Emails containing malicious attachments opened by unaware recipients can infect a system and quickly spread through the network. Malicious links can lead users to download malicious files that will infect the system. Additionally, compromised websites can hide malicious code in the form of an advertisement that redirects the user to an exploit kit landing page where the malicious payload is executed, and the vulnerable system becomes infected. (For more on this, check out Palo Alto Networks’ article on ransomware common attack methods.
Recommendations:
- Back up your personal computers’ data to external hard drives where possible.
- Don’t open attachments in emails unless you are sure you can trust the sender and the content of the attachment.
- Rather than clicking links, copy and paste the link address into your browser and review the hyperlink to ensure you aren’t being taken to a malicious website. Check the spelling of the link to verify you won’t be the victim of typosquatting (an attack where a malicious website sits on a misspelled link, i.e., www.gooogle.com instead of www.google.com)
- Avoid clicking advertisements. If you are interested in shopping for something advertised or otherwise would like to know more, go to the company’s website directly by typing their website in your address bar or googling the company rather than clicking the ad.
- Always maintain up-to-date antivirus on your computers and devices as a second line of defense.