A Patient Dies After Ransomware Attack Paralyzes German Hospital Systems
Ravie Lakshmanan - September 21, 2020
Ravie Lakshmanan - September 21, 2020
[SHOWTOGROUPS=4,20,22]
Для просмотра ссылки Войдиили Зарегистрируйся
German authorities last week Для просмотра ссылки Войдиили Зарегистрируйся that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure of IT systems, resulting in the death of a woman who had to be sent to another hospital that was 20 miles away.
The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities, which has ramped up in recent months.
The attack, which exploited a Citrix ADC Для просмотра ссылки Войдиили Зарегистрируйся vulnerability to cripple the hospital systems on September 10, is said to have been "misdirected" in that it was originally intended for Heinrich Heine University, according to an extortion note left by the perpetrators.
After law enforcement contacted the threat actors and informed them that they had encrypted a hospital, the operators behind the attack withdrew the ransom demand and provided the decryption key.
The case is currently being treated as a homicide, BBC News Для просмотра ссылки Войдиили Зарегистрируйся over the weekend.
Unpatched Vulnerabilities Become Gateway to Ransomware Attacks
Although several ransomware gangs said early on in the pandemic that they would not deliberately Для просмотра ссылки Войдиили Зарегистрируйся, the recurring attacks Для просмотра ссылки Войди или Зарегистрируйся to issue a warning cautioning hospitals against ransomware attacks designed to lock them out of their critical systems in an attempt to extort payments.
Weak credentials and VPN vulnerabilities have proven to be a blessing in disguise for threat actors to break into the internal networks of businesses and organizations, leading cybersecurity agencies in the U.S. and U.K. to publish Для просмотра ссылки Войдиили Зарегистрируйся Для просмотра ссылки Войди или Зарегистрируйся about active exploitation of the flaws.
"The [Federal Office for Information Security] is becoming increasingly aware of incidents in which Citrix systems were compromised before the security updates that were made available in January 2020 were installed," the German cybersecurity agency Для просмотра ссылки Войдиили Зарегистрируйся in an alert last week.
"This means that attackers still have access to the system and the networks behind it even after the security gap has been closed. This possibility is currently increasingly being used to carry out attacks on affected organizations."
The development also coincides with a fresh Для просмотра ссылки Войдиили Зарегистрируйся from the U.K. National Cyber Security Centre (NCSC), which said it's observed an uptick in ransomware incidents targeting educational institutions at least since August 2020, while urging schools and universities to implement a "defence in depth" strategy to defend against such malware attacks.
Some of the affected institutions included Для просмотра ссылки Войдиили Зарегистрируйся and Для просмотра ссылки Войди или Зарегистрируйся Universities, among others.
Citing Remote Desktop Protocol (RDP), vulnerable software or hardware, and email phishing as the three most common infection vectors, the agency Для просмотра ссылки Войдиили Зарегистрируйся organizations to maintain up-to-date offline backups, adopt endpoint malware protection, secure RDP services using multi-factor authentication, and have an effective patch management strategy in place.
A Spike in Ransomware Infections
If anything, the ransomware crisis seems to be only getting worse. Для просмотра ссылки Войдиили Зарегистрируйся gathered by Temple University's CARE cybersecurity lab has shown that there have been a total of 687 publicly disclosed cases in the U.S. since 2013, with 2019 and 2020 alone accounting for more than half of all reported incidents (440).
Government facilities, educational institutions, and healthcare organizations are the most frequently hit sectors, as per the analysis.
And if 2020 is any indication, attacks against colleges and universities are showing no signs of slowing down.
Для просмотра ссылки Войдиили Зарегистрируйся
Allan Liska, a threat intelligence analyst at Recorded Future, revealed there had been at least 80 publicly reported ransomware infections targeting the education sector to date this year, a massive jump from 43 ransomware attacks for the whole of 2019.
"Part of this change can be attributed to extortion sites, which force more victims to announce attacks," Liska said in a Для просмотра ссылки Войдиили Зарегистрируйся. "But, in general, ransomware actors have more interest in going after colleges and universities, and they are often easy targets."
You can read more about NCSC's mitigation measures Для просмотра ссылки Войдиили Зарегистрируйся. For more guidance on proofing businesses against ransomware attacks, head to US Cybersecurity Security and Infrastructure Security Agency's response guide Для просмотра ссылки Войди или Зарегистрируйся.
[/SHOWTOGROUPS]
Для просмотра ссылки Войди
German authorities last week Для просмотра ссылки Войди
The incident marks the first recorded casualty as a consequence of cyberattacks on critical healthcare facilities, which has ramped up in recent months.
The attack, which exploited a Citrix ADC Для просмотра ссылки Войди
After law enforcement contacted the threat actors and informed them that they had encrypted a hospital, the operators behind the attack withdrew the ransom demand and provided the decryption key.
The case is currently being treated as a homicide, BBC News Для просмотра ссылки Войди
Unpatched Vulnerabilities Become Gateway to Ransomware Attacks
Although several ransomware gangs said early on in the pandemic that they would not deliberately Для просмотра ссылки Войди
Weak credentials and VPN vulnerabilities have proven to be a blessing in disguise for threat actors to break into the internal networks of businesses and organizations, leading cybersecurity agencies in the U.S. and U.K. to publish Для просмотра ссылки Войди
"The [Federal Office for Information Security] is becoming increasingly aware of incidents in which Citrix systems were compromised before the security updates that were made available in January 2020 were installed," the German cybersecurity agency Для просмотра ссылки Войди
"This means that attackers still have access to the system and the networks behind it even after the security gap has been closed. This possibility is currently increasingly being used to carry out attacks on affected organizations."
The development also coincides with a fresh Для просмотра ссылки Войди
Some of the affected institutions included Для просмотра ссылки Войди
Citing Remote Desktop Protocol (RDP), vulnerable software or hardware, and email phishing as the three most common infection vectors, the agency Для просмотра ссылки Войди
A Spike in Ransomware Infections
If anything, the ransomware crisis seems to be only getting worse. Для просмотра ссылки Войди
Government facilities, educational institutions, and healthcare organizations are the most frequently hit sectors, as per the analysis.
And if 2020 is any indication, attacks against colleges and universities are showing no signs of slowing down.
Для просмотра ссылки Войди
Allan Liska, a threat intelligence analyst at Recorded Future, revealed there had been at least 80 publicly reported ransomware infections targeting the education sector to date this year, a massive jump from 43 ransomware attacks for the whole of 2019.
"Part of this change can be attributed to extortion sites, which force more victims to announce attacks," Liska said in a Для просмотра ссылки Войди
You can read more about NCSC's mitigation measures Для просмотра ссылки Войди
[/SHOWTOGROUPS]