Ransomware is evolving. Threat actors are now using double extortion tactics to ensure payment from their victims. In 2019 we saw the highest ever reports of the cyber crime Ransomware, when criminals hack into an organization’s database and encrypt it, holding it hostage until their victim pays them what they’ve asked for. Check out our blog about the 2019 ransomware attacks: https://hipaatrek.com/learning-from-2019s-ransomware-epidemic/
96% of all Ransomware is delivered via Phishing attacks. It is important to avoid potential Phishing emails. There are 3 types of Phishing attacks:
1. Malicious Attachments
This type of Phishing email will include an attachment and a message calling upon you to download it right away. However, once you click on this attachment, ransomware will begin to encrypt your organization’s data or inject another type of malicious code.
Do not click on any suspicious attachments that you were not expected to receive.
2. Suspicious Links
Phishing emails with suspicious links will have a clickable link in the body of the email urging you to visit this website. If anyone were to click on this link, it may begin to run malicious code or take them to a malicious website. These types of attacks will often come from “spoofed emails” which means they will look like they come from someone you know such as a colleague, friend or family member. Suspicious links are a threat actor’s best friend in delivering ransomware and other types of viruses/malware.
This best practice to avoid this type of attack is to not click on any links sent via email unless you were expecting to receive them. If you believe this email might be legit, but you were not expecting to receive this message, you may copy and paste the link into the wed browser. Do not click on any suspicious links.
3. Obtaining Your Passwords
Attackers sending you this type of phishing email are tying to get your passwords. Most commonly they will be sent by what looks to be Microsoft. They will tell you that there is something wrong with your Microsoft account and you need to log in. By logging in through the email, the attackers now have your information to be able to log into your accounts and steal or encrypt data.
Check the sender’s email address. Most likely it will be spoofed, but many are not spoofed well and there will be a clear indicator that this is not a direct email from Microsoft. In addition, let your employees know that Microsoft will not email them directly. If there is ever a reason Microsoft reaches out about a problem with your account, they will contact the person in charge of setting up the accounts.
If someone has fallen for any of type of phishing scam there is a chance it has run Ransomware, holding your data hostage. This year however, when our hospitals and clinics are more vulnerable than ever, ransomware is evolving into something new and much more dangerous. This new type of cyber crime is known as Double Extortion.
The FBI maintains an active resource page of common scams and crimes. Their page dedicated to ransomware provides links to report if you have been a victim of ransomware. Always contact law enforcement agencies BEFORE paying a ransom!
With more organization’s becoming savvy to how to prevent paying Ransomware attackers by keeping updated back-ups and having disaster recovery plans, less victims are needing to pay these criminals in order to continue running their business and treating their patients. Because less people are paying, attackers are using new tactics in order to put the pressure on victims to pay them.
Now if organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.
How to Prevent Double Extortion
With the invention of this new type of threat, now is the time to look at your policies and revise ransomware policies to address this new threat of Double Extortion. But most importantly, train your staff on:
- Recognizing and avoiding Phishing scams.
- What to do if they suspect they received a Phishing email
- What to do if they have fallen for a Phishing attack and it starts to run malicious code
This is incredibly important now since many employees are working from home and do not have the same resources that they are accustomed to at the office. Be sure to reach out and ensure that your staff is still exercising proper security protocol, that they are up to date on their training and that they have adequate access to training and resources to help prevent hacks and breaches.