Recently, U.S. Government Agencies such as the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) advised that Russian hacking groups are actively mounting a campaign targeting the U.S. healthcare industry. The attackers are thought to be leveraging the TrickBot malware to propagate ransomware infections across such organizations.
The attacker groups have been known to leverage the Ryuk ransomware strain. This particular variant has recently hit major organizations such as hospitals in Pennsylvania and an Alabama hospital chain. Ryuk is believed to have been created by North Korean cyber-criminals; it leverages Windows SMB protocols to laterally move throughout network segments and the attacker groups are known to destroy or delete data backups.
If your organization is a healthcare entity, you may be the potential target of one of these ransomware attacks. To reduce your risk, you should follow appropriate steps to ensure that such attacks do not affect your organization.
- Make backups
- Protect backups with the 3-2-1 rule (3 copies of data, 2 copies on separate storage media and 1 offline/offsite and unreachable.
- Disable antiquated SMB protocols if used
- Patch systems
- Ensure that no systems are exposed to the internet inadvertently
- Implement strong malware protections on systems
- Lock down administrative credentials within the organization
- Ensure that users do not have local admin privileges
- DO NOT expose RDP to the internet
- Have an incident response plan and practice incident response exercises
Following these precautions does not make your organization invincible to ransomware or other cyber-attacks. However, these steps may prove to be the factor that saves you and your organization from undue damage. The attackers are creating advanced campaigns that will likely use phishing attacks, remote access compromise, and drive-by malware downloads.
If your organization can't take on these items along, engage with the team at IGI Cybersecurity to lay out a plan and improve your cyber defense.
