New global ransomware attack ‘more sophisticated’

June 28, 2017
There is no news from the British  National Health Service (NHS), that was hit hard during the WannaCry ransomware atack earlier in May. Then, over 60 NHS hospitals and other organisations were force to shut down or limit operations because their systems were infected. 

More sophisticated ransomware

The new ransomware seems to be more sophisticated and more effective than the WannaCry worm, experts tell CNN. There is even speculation that the malware is just disguised as ransomware, and that the real reason behind the attack is to create a lot of chaos - or perhaps just a test. The ransomware part of the Petya related virus seems to be badly developed, often not even working anymore after a few hours.

It isn't just files being encrypted, after restoring a backup the Windows operating system stops working and needs to be re-installed. The BBC writes that security researchers have discovered some sort of vaccine. The creation of a single file can stop the attack from infecting a machine. But the researchers have not been able to find a so-called kill switch that prevents the crippling ransomware from spreading to other vulnerable computers.

Mobile ransomware skyrocketing

IT security Kaspersky yesterday stated that the Ukraine and Russia were hit hardest. The company wrote a few days ago that mobile ransomware activity skyrocketed in the first quarter of 2017 with 218,625 mobile Trojan-Ransomware installation packages – 3.5 times more than in the previous quarter. Activity then fell to the average level of the observed two year period. Despite a small relief, the mobile threat landscape is still arousing anxiety, as criminals target nations with developed financial and payment infrastructures that can be easily compromised.

Mobile ransomware actors are focusing their attacks on wealthy countries. Developed markets not only have a higher level of income, but also a more advanced and more widely used mobile and e-payment infrastructure. According to Kaspersky Lab’s annual ransomware report for 2016-2017, this is appealing to criminals because it means they can transfer their ransom in just a couple of taps or clicks.

Ransomware growing healthcare threat

Ransomware is a growing threat to the healthcare industry, McAfee Labs Cyber Threat report conclued September last year. Following a rash of targeted ransomware attacks upon hospitals in early 2016, Intel Security investigated the attacks, the ransomware networks behind them, and the payment structures enabling cybercriminals to monetize their malicious activity. The research team attributes the increased focus on hospitals to such organizations’ reliance on legacy IT systems, medical devices with weak or no security, third-party services that may be common across multiple organizations and the need for hospitals to have immediate access to information to deliver the best possible patient care.

Last November, ENISA (European Union Agency for Network and Information Security) also stated that hospitals will become victims of ransomware attacks more often. The introduction of Internet of Things (IoT) components in the hospital ecosystem, increases the attack vector rendering hospitals even more vulnerable to cyber-attacks. Last April, for example, a ransomware attack with the Dharma virus breached the data of 55.447 patients at San Antonio-based ABCD Children’s Paediatrics. Affected data included patient names, social security numbers and dates of birth.

NHS hit hard by WannaCry

Nowhere in the world were healthcare services harder hit than in the UK by the infamous WannaCry ransomware attack. In all over 200,000 organisations and people in 150,000 countries were confronted with infected computers. The attack started Friday May 12th in the UK, when sixteen hospitals had to suspend operations and divert patients because computers were encrypted, preventing access to vital information. At least 61 NHS organisations were compromised by the attack. 300 bitcoins was the going rate for decrypting a pc and regaining access.