Ransomware attacks on US local governments and healthcare providers are on the rise - CNN
(Source: cnn.com)

clicks | 8 months ago | comments: discuss | tags: bitcoin

Article preview (bot search)

(Original link: cnn.com)

(CNN) The attack starts, innocently enough, with an email. But when someone clicks the link inside, hackers quickly take over.
Computers at the school, hospital, or city government are locked, and the only way for employees to get back in is to pay the attacker hundreds of thousands of dollars worth of Bitcoin. Even then, there's no guarantee they won't do it again. Welcome to the world of ransomware attacks, a rising form of malware that hackers use to infect a computer or network to encrypt files and data, crippling them to users, with a ransom dangled as the only way out. 27 countries sign cybersecurity pledge with digs at China and Russia Just this year alone, 140 attacks targeting public state and local governments and health care providers have been reported, according to a tally by the cybersecurity firm Recorded Future, which has tracked attacks on local governments since 2013 and the healthcare industry since 2016. Read More The attacks have targeted schools, local government offices and hospitals. One recent victim was a network of Alabama hospitals that had to stop accepting new patients because of a ransomware attack. Last year, the firm tracked 85 attacks. That's a rise of nearly 65%, an average of nearly three attacks each week. Complicating officials' abilities to track these attacks, many organizations choose not to report these incidents, hoping to avoid news coverage of the attack and resulting payout. That means the total number is largely unknown. "Undoubtedly the number of attacks this year across all sectors is in the thousands," Recorded Future senior solutions architect Allan Liska tells CNN. "In fact, most security firms estimate that 2019 is set to see the highest number." How it works The most common way for attackers to penetrate a network is through a phishing attempt. The attacker may send a seemingly innocent email to a colleague or you with a malicious link or an infected file attached. Then, once the file is downloaded -- the targeted person usually has no idea what they've done -- the malware can infect your system and encrypt files on your computer, which locks users out and restricts access to them, and spread across your company's network and infect other computers. Crippling ransomware attacks targeting US cities on the rise The hackers will then demand a ransom be paid out in order to have the files decrypted. Payment is typically requested in Bitcoin or some sort of virtual currency so they can remain anonymous before unlocking the files and data. These attacks are serious -- they can cripple entire infrastructures, sometimes preventing doctors from accessing critical patient charts or police departments from knowing what resources they have available for emergency calls. And they're only getting more prevalent -- and harder to beat. "Ransomware is a big problem that is continuing to grow," said Liska. "It is also a big money making opportunity for both experienced and new cybercriminals. Which means the bad guys are devoting a lot of resources to developing new methods to deliver ransomware." The different styles and deployment methods used in ransomware is growing more sophisticated. Companies that use "weak and insecure" Remote Desktop Protocol (RDP) credentials, for instance -- a way for businesses to connect one computer to another -- are just one new way in, according to the FBI. Hundreds of dental offices crippled by ransomware attack The latest victim is DCH Health System, a regional health care system located in West Alabama. Computers across its network of hospitals were infected last week after its network was penetrated, according to a statement released by DCH Health System. While the hospitals in the DCH Health Systems network were still able to provide critical medical care to patients, it disrupted their ability to accept new patients. "Our teams continue to work around the clock to restore normal hospital operations, as we incrementally bring system components back online across our medical centers. "As we complete this process, all three hospitals will continue to be on diversion for all but most critical patients through the weekend. Our Emergency Departments will continue to see patients who bring themselves to the hospital," DCH Health System said in a statement. Officials for DCH Health System told Tuscaloosa News that the organization paid the hackers. DCH Health System said in a statement that a decryption key was obtained and that teams are working to restore its systems. CNN has reached out to DCH Health System about the report that it paid the hackers but has not received a response. A screenshot of an example of the Ryuk ransomware, provided by Allan Liska from Recorded Future. "Healthcare is a particularly tricky area for ransomware," Liska, the researcher who tracks the attacks, told CNN. "Many healthcare systems are locked down by vendors, so healthcare systems often can't be patched in the same way other sectors can patch. This means th...