ink drop - stock.adobe.com

Healthcare Industry Remains a Top Victim of Ransomware Attacks

Guidepoint Research’s latest ransomware report revealed that the healthcare industry was the second most targeted industry by ransomware attacks specifically targeted by groups like Everest and LockBit.

Ransomware attacks continue to be the most prolific threat that organizations face across all infrastructure verticals, with the healthcare sector as a top target, according to the GuidePoint Security Q3 GRIT Ransomware report.

Behind the manufacturing sector, the healthcare industry was the second targeted by ransomware attacks in Q3. Ransomware groups such as Everest, BianLain, and LockBit were responsible for most of the attacks on the healthcare sector.

“Everest is a Russian-speaking ransomware group with potential connections to Blackbyte (who were observed in November 2021 targeting organizations with unpatched Microsoft Proxyshell vulnerabilities), and they maintain a presence on dark web marketplaces and forums such as Breached.to–a supposed RAID forums replacement–and XSS,” the report said.

The report noted a minor downtrend in ransomware attacks during Q3 as the biggest ransomware actors, including LockBit and Hive, saw a combined 53 percent decrease in reported victims.

Despite this slight decrease, the report found that eight groups published increases of five or more victims in October compared to September. According to the report, these groups had 62 more victims than the month prior.

Even though LockBit declined in activity, the ransomware groups remain one of the most active across all sectors.

“While two of the biggest ransomware actors saw a combined 53 percent decrease in reported victims, the total victims published across GRIT’s dataset only decreased by 7.3 percent, indicating a major increase among the remaining ransomware organizations,” the report stated. “If this shift continues, we may see a major increase in targeting from groups toward organizations impacting potential loss of life, such as Healthcare, Utilities, and Energy.”

In February 2022, the Federal Bureau of Investigation (FBI) released a flash alert to warn victims of LockBit 2.0 ransomware indicators of compromise.

“LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero-day exploits,” the FBI flash alert stated.

“After compromising a victim network, LockBit 2.0 actors use publicly available tools such as Mimikatz to escalate privileges. The threat actors then use both publicly available and custom tools to exfiltrate data, followed by encryption using the LockBit malware. The actors always leave a ransom note in each affected directory within victim systems, which provides instructions on how to obtain the decryption software.”

As the group evolves rapidly, healthcare organizations should remain aware of potential threats, officials stated in brief.

The cybercriminal group released LockBit 2.0 in June 2021 after launching the original version in September 2019.

HHS recommended that healthcare organizations follow standard ransomware prevention best practices, such as using multi-factor authentication, enforcing strong passwords, and establishing a comprehensive data backup program.

Next Steps

Dig Deeper on Cybersecurity strategies