Targeted ransomware of the Ryuk variety continues to cause headaches today with a noticeable uptick in attacks, more than a year after it started making the rounds; initially focused on organizations and businesses, it has more recently been focused on healthcare and hospitals. Three hospitals in Ontario, Canada have been hit in recent weeks, which has raised the alarm that more facilities may be at risk in the coming days.
What is interesting to note about the recent attacks is that the malware has so far only been trying to exfiltrate data instead of demanding money. Word from Michael Garron Hospital CEO in Toronto is that, due to their firewalls, data was prevented from leaving the organization. In this hospital’s case, the organization had over 100 servers, which are still being evaluated for infection. The most immediate result was that a couple of elective surgeries and out-patient clinics had to be rescheduled while staff had to resort to paper documentation for their ongoing day-to-day operations. Within a day, the organization noted that email services had been restored, although some VPN access was still not available and some minor administrative systems were still offline. Thankfully, MGH, which is one of Toronto’s largest hospitals, had expert hospital teams in place and had prepared for all issues with extensive processes in place to respond quickly when experiencing disruptions in services.
Getting back to the Ryuk ransomware variety, this piece of malware is quite stealthy, remaining invisible to average users for weeks or months while it collects information about the organization and its perceived ability to pay a ransom. If the hackers feel that the organization is a lucrative target, it then locks files and then demands a ransom in order to make them accessible again. Ryuk is a very opportunistic and targeted ransomware, looking at organizations where a lockup of their files could do the most damage; potentially leading to higher ransomware amounts.
Thankfully, all three hospitals in Ontario have said that they have paid no money in order to retrieve their files and that no specific amount was demanded. With detailed processes in place at all three organizations, systems are in the process of being restored. Unfortunately, according to some cybersecurity experts, healthcare facilities are particularly vulnerable to malware attacks because of their reliance on specialized software that rarely gets updated.
The healthcare industry is hopefully not going to be as easy a victim as has been seen with the multitude of municipalities that have been rocked by ransomware attacks over the past year, with millions of dollars of ransom payouts having occurred and with more in the wings. Wedge has recently been working with the healthcare industry in Eastern Canada and what we have been seeing has been somewhat comforting. The hospitals and healthcare organizations that we have deployed with, on the whole, realize that they are sitting on goldmines of health, research and personal data that must be protected at all costs; especially with HIPAA regulations put in place by the governing bodies. We have also seen that, as mentioned before, the healthcare industry, with their growing number of IoT devices, medical equipment and more, are more susceptible to attacks. Any disruptions to networked systems and devices could wreak havoc on patient care; in many cases, which could have life or death consequences.
Wedge is very excited to be working with the hospitals to be able to provide a proven security platform that can help prevent the ransomware issue and that can ensure that patient data is secure, while enabling hospitals to maintain their high levels of patient care. Since working with the healthcare industry, we have seen incredible results from the use of WedgeARP and the Advanced Malware Blocker in helping to detect and block ransomware such as Ryuk from making any headway with these organizations, all in real-time. Healthcare organizations are realizing that with a small investment now, they can save a huge remediation cost later. If your healthcare organization is concerned about this recent spate of targeted Ryuk attacks, contact us at: firstname.lastname@example.org or our team directly (Dale or Rob) to find out more about how you can be easily protected. WedgeAMB is available for a FREE 90 day trial and we encourage all healthcare organizations to give us a try!