Since the start of the COVID-19 pandemic in 2020, there has been a steep increase in the number of cyberattacks worldwide.
Phishing attacks, ransomware-as-a-service, identity theft, digital data theft, and ransomware such as the Colonial Pipeline incident, have all flooded the dark web and infiltrated many organizations, causing millions of dollars in damage to individuals and businesses alike.
Cybercriminals now show a definite trend toward the healthcare sector, presumably due to the valuable personal data healthcare firms possess, the limited budgets many healthcare systems have, and opportunity amid the chaos that COVID-19 caused.
Last year, a joint report by CISA, the FBI, and the Department of Homeland Security alerted U.S. healthcare providers of the sharp increase in cybercriminal activity moving against the public health sector, first responder networks, and dispatch centers.
The report detailed the common practices of cybercriminals and a new wave of cyberattacks. This time, cybercriminals were not only looking to receive ransom payments from their attacks; they were also exploiting endpoint access to steal information and disrupt the healthcare system. The malware that led to the ransomware infection, TrickBot, had spread through phishing emails that directed victims to webpages infected with malware.
Taking advantage of COVID-19’s healthcare emergency, Russian cybercriminals are capitalizing on the pandemic panic to maximize their income from ransom payments, requesting over twice as much as they used to in the past to return stolen data.
In 2021, the attacks targeting the healthcare sector have only increased. This time, Conti ransomware was at the forefront.
What Is Conti Ransomware?
Conti ransomware is a data encryption malware for Microsoft Windows operating systems, with worm-like capabilities that allow Conti actors to access the entire contents of a computer system and create remote copies at their disposal before encrypting the whole network.
This feature allows ransomware groups to carry out a double extortion model against the victims: total inaccessibility of the encrypted data and the sale of that sensitive data on the dark web.
The Conti malware is an improved version of Ryuk ransomware, operated by the same ransomware gang, Wizard Spider, based in Russia.
According to a recent FBI alert, the ransom demands of this cybercriminal group have exceeded $25 million in cryptocurrency payments (commonly in bitcoin). They have been targeting healthcare providers, emergency medical services, and critical infrastructure during the coronavirus pandemic.
The FBI report details that at least 16 healthcare and emergency provider networks have been attacked in the United States — and healthcare businesses aren’t the only victims. The cybercriminal group behind Conti also attacked OmniTRAX and the Scottish Environment Protection Agency in January; Remax Kelowna in February; FatFace in March, the Broward County School District in April; Aspire, the Health Service Executive of Ireland; Exagrid in May, and the Salvation Army in June.
Best Practices for Preventing Ransomware Attacks
To protect your IT infrastructure and be prepared against cyber threats like Conti ransomware and their impact on your company, consider incorporating the following best practices.
Reinforce Cybersecurity Monitoring and Awareness
Most attacks occur due to a lack of awareness regarding the risks involved in day-to-day business. So the first step to avoid ransomware attacks is to create a strong culture of cybersecurity awareness and constant monitoring of the digital ecosystem. Examples of best practices include:
- Not opening word documents or email links from unfamiliar senders
- Avoiding public networks (or using a VPN while using one)
- Implementing multi-factor authentication to access the local network
- Reporting potentially malicious emails
- Keeping your OS devices and applications up to date
All of these measures substantially reduce a company’s exposure to cybercrime and can be promoted internally as part of the company’s culture.
Segment Your Network
By segmenting your company’s network, you implement a security barrier between blocks of information, limiting the actions that can be taken within the network based on a series of security requirements. This practice will limit attackers from infecting the entire network and reduce the amount of information they can access in the event of a data breach.
Create Offline, Read-Only Back-Ups
Creating external backup copies, inaccessible within the same network, will allow you to restore data quickly without giving into the attackers’ extortion.
It is common for cyber attackers to eliminate any alternative record that would allow companies to recover information by means other than paying the ransom; so having a copy that’s inaccessible by the infected media and that, even if accessible, can’t be modified, is an effective response to ransomware.
ZenGRC Can Alert You to Cybersecurity Risks
Now more than ever before, cybersecurity risks are outpacing traditional forms of risk. Managing and monitoring myriad activities that lead to cybersecurity risks is a never-ending task in today’s digital world. As such, new tools to enable the practical assessment of these risks are necessary.
At Reciprocity, our automation platform helps companies improve their information security by evaluating their cybersecurity risks and implementing the appropriate workflows to meet all your security requirements.
ZenGRC can also map your security automation tasks across multiple frameworks and use cases such as CMMC, HIPAA, and PCI DSS, and more. Our dashboard provides a real-time view of your cybersecurity stance, identifying where your gaps are and what security tasks are needed for remediation.
Not only does this enable a stronger, more efficient cybersecurity risk management stance; it also helps compliance officers feel more effective at their jobs while keeping stakeholders informed.
ZenGRC can answer today’s challenges, with monitoring tools and risk assessment templates to address various elements from an information security perspective.
With clear, easy-to-use, and effective frameworks to keep your company protected from threats to your IT systems and with integrated support from subject matter specialists, ZenGRC is the solution your company needs.
To see how ZenGRC can improve your cybersecurity strategies, schedule a free demo today.