Patients with appointments at certain Eastern Connecticut Health Network (Connecticut, USA) locations on 5 August 2023 experienced an unwelcome surprise: Their appointments had been canceled.1 The mass cancellation was not due to the network being overbooked or understaffed, however. 而不是, it was a result of a ransomware attack on Prospect Medical Holdings, a US State of California-based healthcare system operating in 4 states, of which Eastern Connecticut Health Network is an affiliate.
Unable to access many of their computer systems, some locations were forced to cancel appointments. Others stepped back in time, relying on paper records to facilitate patient care. 然而, Eastern Connecticut Health Network’s experience is anything but an outlier, as ransomware attacks have become frighteningly familiar in today’s digitally dominated landscape.
Ransomware攻击, malicious software that encrypts or steals a victim's data and demands payment for their release, regularly impact healthcare providers, 教育机构, 政府机构, small and medium-sized businesses (SMBs) and even major corporations.
Ransomware攻击 are nothing new. The first documented incident occurred in December 1989 (it also targeted a healthcare institution).2 多年来, these attacks have increasingly grown more common, 代价高昂,后果重大, making it critical that organizations understand the latest threats and implement solutions to keep their (and their customers’) data secure—and their operations thriving.
Understanding the Ransomware Landscape
Modern ransomware has changed considerably since its inception 3 decades ago. Perhaps most important, this malicious software is no longer the work of isolated hackers. 而, it is the product of sophisticated, 通常是分散的, teams with organizational structures and differentiated roles. The Ransomware-as-a-Service (RaaS) model has proliferated in recent years, allowing less sophisticated malicious cyberactors to acquire and deploy attacks at scale. RaaS products accounted for nearly 60% of all malware products sold on the Dark Web, according to a study sampling malware offerings between 2015 and 2022.3
Highly organized criminal enterprises are making organizations more likely to experience an attempted ransomware attack. Surprisingly, only a few groups control the RaaS landscape. The top 10 RaaS groups account for 87% of attacks, with the top 3 responsible for more than 50%.4 当然, these groups can be challenging to pin down as increased law enforcement attention leads to regular rebranding and regrouping.
In 2023, threat actors appear to target service, manufacturing and wholesale trade organizations, emphasizing enterprises with revenue between US$1 million and US$50 million.5 A median ransom amount is estimated to be approximately US$200,000.6
Attackers attempt to strike a balance between an organization's level of cyberprotection and the potential ransom payment. 简单地说, organizations in the mentioned revenue range often lack the IT and security solutions to prevent a ransomware attack, but have enough revenue to pay the ransom to recover their data or IT infrastructure.
(目标)组织...often lack the IT and security solutions to prevent a ransomware attack, but have enough revenue to pay the ransom.
The cost of failure can be incredibly high. 虽然它可以有很大的不同, from several hundreds of thousands of dollars to as high as US$70 million,7 长期影响, 包括机会成本, reputation damage and investor outlook, make it challenging to calculate the actual impact.
Strategies for Protection, Compliance and Risk Management
每年, 85% of enterprises experience at least 1 attempted ransomware attack, making implementing strategies for protection, compliance and risk increasingly important.8
To elevate an organization’s defensive posture, start by addressing the most common culprit: compromised credentials and exposed Internet servers (mainly remote desktop protocol [RDP] connections). 澳门赌场官方下载 should monitor servers and be vigilant about compromised credentials because these are standard attack methods. 同时, it is important to ensure that all employees use strong, unique passwords for their accounts.
Proactively and continuously scanning the Internet and dark web for potential compromise (and responding accordingly) also helps organizations anticipate attack vulnerabilities. 值得注意的是, more ransomware attacks occur in the second half of the year than the first due to the increase of cyberactivity surrounding winter holidays.9 This does not mean that enterprises should let their guard down at the beginning of the year, but it allows them to plan accordingly, ensuring that they have their proverbial ducks in a row before an attack occurs.
澳门赌场官方下载 can also analyze data to gauge the likelihood of an attack based on their industry and size, although these trends may change over time. 具体地说, organizations can leverage data to perform a quantitative cyberrisk analysis to determine the likelihood of a ransomware attack and the impact an incident would have on their operations and bottom-line results. 有了这些信息, IT teams and decision makers are empowered to understand the financial impact of a cyberevent, assess the return on investment (ROI) of their cybersecurity budgets and prioritize risk management decisions accordingly.
Digital hygiene best practices can meaningfully reduce the risk of a ransomware attack, equipping organizations of every size with what they need to take control of their digital environments.
最后, teams can be trained and taught to anticipate ransomware attacks, making them more likely to closely scrutinize potential phishing emails, better manage their account credentials and regularly install software updates. These digital hygiene best practices can meaningfully reduce the risk of a ransomware attack, equipping organizations of every size with what they need to take control of their digital environments.
Is a Ransomware Attack Inevitable?
In today's digitally connected world, ransomware attacks have become a pervasive element of the ever-changing and increasingly sophisticated landscape. 澳门赌场官方下载, healthcare institutions and organizations across various sectors are all potential targets facing the risk of significant financial loss, operational disruption and reputational damage.
The emergence of RaaS has further complicated this scenario, making the ransomware industry more organized and formidable. 然而, the inevitability of an attack does not translate into helplessness. Organizations can employ strategic protection, compliance and risk management measures including constant vigilance, regular employee training and targeted defensive planning based on industry and size trends.
By understanding the current threat landscape and taking proactive steps, organizations can secure their digital environments and reduce the risk of falling victim to malicious attacks.
尾注
1 艾布拉姆斯,.; “Rhysida Claims Ransomware Attack on Prospect Medical, Threatens to Sell Data,” Bleeping Computer, 27 August 2023
2 帕默,D.; “30 Years of Ransomware: How One Bizarre Attack Laid the Foundations for the Malware Taking Over the World,” ZDNET2019年12月19日
3 Weigand,年代.; “Ransomware Tops Malware-as-a-Service Offered on the Dark Web,《澳门赌场官方软件》,2023年6月15日
4 Kovrr, The Ransomware Threat Landscape H1-23, 2023年7月13日
5 同前.
6 Coveware, Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments2023年7月21日
7 络筒机,D.; “$70 Million Demanded as Revil Ransomware Attackers Claim 1 Million Systems Hit,” 《澳门赌场官方下载》2021年7月5日
8 兰格尔,M.; “Ransomware Prevention: Safeguarding Your Digital World,《澳门赌场官方下载》,2023年10月2日
9Op cit Kovrr
家伙两者兼得
是Kovrr的数据主管吗, a leading cyberrisk quantification (CRQ) technology and solutions provider enabling global enterprises and (re)insurers to financially quantify cyberrisk on demand. He has more than 10 years of cybersecurity experience and extensive expertise in reverse engineering, malware research and threat actor analysis. 以前, Propper was the head of the threat intelligence and deep learning group at Deep Instinct and participated as a speaker in Defcon 26.