Last Week in Ransomware: 03.18.2024

Written by
Halcyon Team
Published on
Mar 18, 2024

Last week in ransomware news we saw Russians collecting 74% of ransomware revenue, governments failing to address ransomware threat, and Change Healthcare facing second attack from regulators...

Government Ransomware Response Inadequate

A scathing report by the UK's Joint Committee on the National Security Strategy (JCNSS) warned of a "high risk" of a catastrophic ransomware attack due to governmental negligence.  

Former Home Secretary Suella Braverman was criticized for her lack of interest in addressing the issue, despite her department's pivotal role in national security policy.

In response, the government dismissed key recommendations from the JCNSS, indicating a disconnect between official strategy and the urgent need for action. Committee chair Dame Margaret Beckett condemned the government's stance, highlighting the lack of awareness and preparation, leaving the nation vulnerable to severe economic and national security ramifications.

The situation is not unique to the UK; the United States also grapples with the ransomware menace. Despite sporadic arrests, law enforcement struggles to disrupt ransomware operations effectively. Even the Cybersecurity and Infrastructure Security Agency (CISA) fell victim to attackers, compromising sensitive infrastructure and industrial data.

Both governments face a daunting challenge in addressing ransomware, compounded by attribution ambiguities and the resilience of cybercriminal networks. While law enforcement focuses on criminal prosecution, the escalating threat demands a shift towards treating ransomware as a national security issue.

However, without decisive action, organizations remain at risk, with limited recourse against sophisticated ransomware operations. Government intervention is crucial to provide a coordinated and robust defense against this escalating threat.

The failure to address ransomware as a national security concern poses grave risks to both the UK and US. Urgent action is imperative to safeguard critical infrastructure and mitigate the far-reaching impacts of ransomware attacks.


Do Ransomware Attacks on Healthcare Meet Terrorism Definition?

Recent findings from the FBI's Internet Crime Complaint Center (IC3) underscore the alarming frequency of ransomware attacks targeting the healthcare sector, surpassing all other critical U.S. infrastructure industries.  

The appeal for attackers lies in the lucrative nature of healthcare facilities, often willing to pay ransoms to maintain essential services, compounded by the wealth of sensitive patient data they possess.

A surge in attacks late last year highlighted the profound impact on patient care, with postponed procedures and disrupted services becoming commonplace. Recognizing the severity of the threat, the Cybersecurity and Infrastructure Security Agency (CISA) issued guidelines to bolster healthcare providers' defenses.

While ransomware attacks historically fell under cybercriminal activity, the escalation against critical infrastructure, particularly healthcare, raises concerns about national security.  

A study by Ponemon revealed alarming statistics linking ransomware attacks to adverse patient outcomes, including disrupted care, increased mortality rates, and complications in medical procedures.

Notably, evidence suggests a significant portion of ransomware proceeds is funneled to Russian-linked entities, fueling speculation about state involvement. The potential alignment of ransomware attacks with geopolitical interests underscores the complex nature of the threat, blurring the line between cybercrime and nation-state operations.

Calls for reclassification of certain ransomware attacks as acts of terrorism cite Executive Order 13224, which states that terrorism encompasses activities intended to coerce governments or intimidate populations. A reclassification could unlock broader response options, including offensive cyber measures and military interventions.

Addressing ransomware attacks against critical infrastructure as acts of terrorism reframes the issue, emphasizing the gravity of the threat and the need for decisive action.  

By acknowledging the dual nature of a portion of these attacks—those serving both financial gain and geopolitical agendas—governments can adopt a more comprehensive approach to safeguarding vital sectors like healthcare.

In essence, the imperative to recognize ransomware attacks on healthcare organizations as acts of terrorism reflects the urgent need to confront this multifaceted threat with appropriate measures, transcending conventional law enforcement responses to cybercrime.


Russian Affiliations Dominate Ransomware Profiteers

Recent research from crypto-fraud tracker Chainalysis reveals a staggering 74% of ransomware revenue in 2021, totaling over $400 million in cryptocurrency payments, flowed to entities strongly linked to Russia.  

Analysis of blockchain transactions suggests extensive use of Russian-based crypto companies for money laundering associated with threat actors. The findings underscore the prevalent association between cybercriminal activity and Russia, along with the surrounding Commonwealth of Independent States (CIS).  

However, the report's focus on financial flows to prominent cybercriminal leaders raises questions about the geographic origins of individual hackers affiliated with these groups.

Beyond mere profit-seeking, mounting evidence suggests ransomware operations intertwine with nation-state interests, with rogue nations like Russia, China, Iran, and North Korea implicated in supporting or influencing such activities. This nexus blurs lines of attribution, complicating responses to these attacks.

While law enforcement traditionally addresses cybercrime, treating ransomware as a national security concern warrants a different approach, potentially involving offensive actions against aggressor nations. However, ambiguity in attribution hampers decisive action against state-sponsored ransomware.

The challenge lies in holding rogue governments accountable for harboring and influencing ransomware actors, who basically act as proxies. Until the U.S. government imposes severe sanctions on such regimes, the onslaught of ransomware attacks is likely to persist.

The overlap of cybercriminal networks with state interests underscores the urgency for coordinated international responses.


Change Healthcare Faces Scrutiny Amid Ransomware Fallout

Change Healthcare, a major player in medical payments, finds itself under a different kind of attack as the US Department of Health & Human Services Office for Civil Rights (OCR) launches an investigation following a recent ransomware incident.  

The attack, described as one of the most severe against a US healthcare organization by American Hospital Association CEO Rick Pollack, has disrupted prescription drug distribution nationwide for weeks.

The OCR's investigation aims to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, given the unprecedented scale of the cyberattack.  

Covered entities, including those partnered with Change Healthcare and UnitedHealth, are reminded of their regulatory obligations, emphasizing the need for timely breach notification and business associate agreements.

While regulations governing sensitive personal information are deemed necessary, the current regulatory environment faces criticism for its limited ability to protect organizations from ransomware attacks.  

Executives and Boards now face heightened liability, with potential legal and regulatory consequences following security incidents. Recent legal actions against industry figures signify a growing liability for security-related decisions.

Government interventions, ranging from guidelines to punitive measures, further complicate the landscape for organizations already struggling to defend against ransomware threats. The SEC's reporting rule mandates disclosure of security events within four days for publicly traded companies, potentially straining forensic investigations and creating regulatory ambiguity.

The overarching effect of the legal and regulatory tone is increased pressure on security teams in regard to what they should report and when, potentially hindering transparency and impeding effective security operations.  

Organizations now face the dual challenge of combating ransomware threats while navigating a complex legal and regulatory landscape, raising concerns about overzealous responses exacerbating the impact on victims.

READ MORE HERE is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started
3 is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow to store and process the personal information submitted above to provide you the content requested.