Monthly Archives: March 2020

Coronavirus and Ransomware

Coronavirus and Ransomware

According to Health Care Dive, 1,500 health care companies have been hit by a ransomware attack in the past four years. Healthcare companies like hospitals and clinics are often a target for these attacks because they store sensitive information and commonly lack cybersecurity. Ransomware attacks have changed in the past week as the Coronavirus pandemic impacts hospitals and healthcare organizations around the world.

Brno University Hospital

On March 13, Brno University Hospital in Brno, Czech Republic was hit by a ransomware attack that led to the cancellation of surgeries and the re-routing of all new patients to nearby St. Anne’s University Hospital. Brno University Hospital is one of the Czech Republic’s biggest COVID-19 testing laboratories. As the origin of the attack remain unknown, the attack was severe enough for the IT team to shut down the entire hospital’s infrastructure. This resulted in the delay of dozens of Coronavirus test results and surgeries.

Security experts warn that hospital staff has no time to worry about cybersecurity during this time. Flavius Plesu, founder and CEO of OutThink, claims that cybercriminals are remorseless and actively target healthcare facilities. Plesu and other professionals believe that prevalence of ransomware attacks will only increase during this crisis. Experts urge healthcare companies to continue providing as much cybersecurity training to their employees as possible.

Champaign- Urbana Public Health District

Just weeks prior to the Brno University Hospital ransomware attack, cybercriminals targeted the Champaign- Urbana Public Health District in Illinois. The ransomware was called Netwalker and it entered the network using a phishing campaign. Attackers have posed as helpful news article companies, healthcare providers, and public health agencies to lure victims into clicking the attachments in the emails that they send. In February, the World Health Organization (WHO) warned individuals about phishing scams related to the Coronavirus.

A Change of Heart?

As we’ve seen cybercriminals exploit healthcare organizations during the pandemic, one ransomware operator has pledged to avoid attacking them. According to BleepingComputer, operators of the Maze Ransomware stated that they will stop “all activity versus all kinds of medical organizations until the stabilization of the situation with the virus”.

Operators of DoppelPaymer Ransomware expressed that they do not normally target hospitals and will continue no to during this time. They added that if the group accidentally attacks a hospital, they will decrypt the victim’s data for free.

However, other operators were not as generous. Operators of the Netwalker Ransomware stated that no one, including them, has a goal to attack hospitals. Although, if they do attack a hospital by accident, the hospital must pay for the decryption.

In the event that a hospital becomes a victim of a Ransomware attack, Emisoft and Coveware have partnered together to offer free ransomware services. Their goal is to allow hospitals to remain operational in the shortest time possible following an attack.

Tips for Ensuring Cyber Safety When Working From Home

Tips for Ensuring Cyber Safety When Working From Home

As organizations shift to remote work during the viral outbreak, employees become vulnerable to cyber attacks if they are working outside of a secure network. This raises concerns for IT Security professionals. Some of these challenges include establishing a secure connection through all employee devices and keeping up to date with security patches and updates. It is crucial for all employees to be aware of security risks when working from home in order to ensure business continuity. Take these steps to securing your company’s data while working remotely.

1. User Education

Employees are often the main target for cyber crime. One crime cyber criminals often engage in to access a company’s network is phishing. A common example of phishing is when an attacker sends out an email to an employee, posing as a legitimate person or organization, and persuades the employee to click the attached link. Employees are often tricked into entering their employee ID and password.

Users should be trained on what a phishing email looks like and who to report to if they receive a suspicious email. Cyber criminals take advantage of employees that work from home, as there is usually less security in one’s home than at the office.

2. Secure Workspace

Ensure that employees are practicing physical machine safety as much as cyber safety. Employees should not work in a public area if they are working with sensitive information and should always lock their computers when unattended. Although working remotely takes place of working in the office, employees should continue to use best practices for physical machine safety.

Employees should also ensure that they are working through a secure connection. Employees should avoid working on public WiFi and should always use a VPN connection if the company has one. IT Security should make certain that VPN patches are up to date.

3. Monitor and Log

As employees will be accessing the company’s network from a number of endpoints, it is important to perform continuous monitoring and logging. The IT Security team should be notified immediately when an untrusted connection is made, and respond quickly to the alert.

4. Review Company Policy

Policies and procedures should be reviewed by all employees before starting to work remotely. This will provide guidelines when working from home. Some policies to review include:
– Access Control Policy
– Mobile Device Management Policy
– Alerts & Notifications Policy
– Network Security Policy
– Physical Access Control Policy
– Transmission Security Policy