Last Week in Ransomware: 04.22.2024

Industry
Written by
Halcyon Team
Published on
Apr 22, 2024

Last Week in ransomware news we saw RansomHub extorting Change Healthcare with stolen data, data exfiltration leading to legal liability, and Change Healthcare recovery reaching $1 Billion...

RansomHub Extorts Change Healthcare

RansomHub, a burgeoning entity in the cybercrime realm, has made headlines by purportedly obtaining data pilfered from Change Healthcare, a significant player in US healthcare payment processing.  

Allegations surfaced suggesting that Change Healthcare disbursed a $22 million ransom to the BlackCat/ALPHV ransomware syndicate, evidenced by a sizable Bitcoin transaction.

Reports from SC Media detail a twist in the narrative, indicating that the ransomware-as-a-service (RaaS) group absconded with the entire $22 million, leaving the affiliate who orchestrated the breach, dubbed 'notchy,' empty-handed.  

Wired corroborated RansomHub's possession of Change Healthcare data, furnishing samples of patient records and contracts allegedly sourced from the company.

This incident underscores the peril of yielding to ransom demands. While seemingly expedient, such actions only embolden cybercriminals, perpetuating a cycle of attacks and enriching illicit enterprises.  

Paying ransom offers no guarantee of data recovery or immunity from future incursions. Ransomware outfits operate with sophisticated structures, posing formidable challenges to victims and law enforcement alike.

The recurrent rebranding of ransomware groups, exemplified by DarkSide, BlackMatter, BlackCat/ALPHV, and now RansomHub, underscores the difficulty in tracking these elusive entities.  

Moreover, recent attacks on entities like Change Healthcare and Trans-Northern Pipelines post-law enforcement takedown attempts cast doubt on the efficacy of such measures.

READ MORE HERE

Data Exfiltration as Bad as Ransomware Payload

The US Department of Health & Human Services Office for Civil Rights (OCR) has initiated an investigation into Change Healthcare, a leading medical payments company, following a recent ransomware attack.  

This action aims to ascertain Change Healthcare's adherence to regulations safeguarding Protected Healthcare Information (PHI). The OCR emphasizes the unprecedented scale of the cyber-attack, indicating the necessity of regulatory compliance evaluation.

Partner organizations of Change Healthcare and UnitedHealth are reminded by the OCR of their regulatory obligations, including the maintenance of business associate agreements and prompt breach notifications to HHS and affected individuals, as reported by Infosecurity Magazine.

The incident underscores the broader ramifications of ransomware attacks, extending beyond financial and operational repercussions to encompass legal and regulatory liabilities.  

Data exfiltration has become a common tactic among ransomware operators, heightening the efficacy of extortion efforts. Attackers may not only demand ransom for encrypted systems but also for stolen data, amplifying the risk of data exploitation despite ransom payment.

Effective cybersecurity measures such as encryption, access controls, and employee training are imperative for data protection against ransomware threats. Executives must comprehend the multifaceted nature of modern ransomware attacks and proactively implement mitigation strategies.

Halcyon's reference guide, What Executives Should Know about Ransomware, offers valuable insights for C-level executives to fortify organizational security posture and mitigate cyber threats effectively.

READ MORE HERE

Change Healthcare Remediation Costs Near $1 Billion

The US Department of Health & Human Services Office for Civil Rights (OCR) has initiated an investigation into Change Healthcare, a leading medical payments company, following a recent ransomware attack.  

This action aims to ascertain Change Healthcare's adherence to regulations safeguarding Protected Healthcare Information (PHI). The OCR emphasizes the unprecedented scale of the cyber-attack, indicating the necessity of regulatory compliance evaluation.

Partner organizations of Change Healthcare and UnitedHealth are reminded by the OCR of their regulatory obligations, including the maintenance of business associate agreements and prompt breach notifications to HHS and affected individuals, as reported by Infosecurity Magazine.

The incident underscores the broader ramifications of ransomware attacks, extending beyond financial and operational repercussions to encompass legal and regulatory liabilities.  

Data exfiltration has become a common tactic among ransomware operators, heightening the efficacy of extortion efforts. Attackers may not only demand ransom for encrypted systems but also for stolen data, amplifying the risk of data exploitation despite ransom payment.

Effective cybersecurity measures such as encryption, access controls, and employee training are imperative for data protection against ransomware threats. Executives must comprehend the multifaceted nature of modern ransomware attacks and proactively implement mitigation strategies.

Halcyon recently published a reference guide that explores what each C-level executive should know about ransomware to ensure a strong security posture and protect their organization: What Executives Should Know about Ransomware.

READ MORE HERE

Ransomware: Key Metrics for Enterprise Resilience

The volume of attacks surged in 2023 by 55.5% year-over-year, and a report from Chainalysis revealed that payments to ransomware operators exceeded $1 billion in 2023, breaking all previous estimations.  

Assessing and enhancing cyber resilience is critical in today's rapidly evolving threat landscape. While robust cybersecurity measures are essential, effective cyber resilience goes beyond prevention to include swift detection, response, and recovery from cyber incidents.  

To achieve this, organizations need to adopt a strategic approach centered on the careful selection and continuous monitoring of key performance indicators (KPIs) and metrics tailored to evaluate cyber resilience effectively.  

Here are ten essential metrics to bolster cyber resilience:

Mean Time to Detect (MTTD): This measures how quickly an organization identifies a cyber threat or incident. A lower MTTD indicates better detection capabilities, helping to contain the impact and prevent further spread during a breach.

Mean Time to Respond (MTTR): MTTR measures how rapidly an organization responds to a detected cyber threat. Lower MTTR signifies quicker response capabilities, emphasizing the importance of efficient incident response procedures.

Incident Response Plan Effectiveness: Evaluate the effectiveness of incident response plans by measuring factors such as containment time, communication efficiency, and coordination among response teams. Ensure plans are followed and updated to address evolving threats.

Cybersecurity Training and Awareness: Track metrics related to employee awareness, training completion rates, and performance in simulated phishing exercises. Effective training programs are crucial in mitigating human error, a common factor in cyber incidents.

Cybersecurity Hygiene: Monitor practices such as system patching frequency, vulnerability scanning results, and compliance with security policies. Strong cybersecurity hygiene forms the foundation of resilience and should be prioritized.

Cyber Risk Exposure: Quantify risk based on asset criticality, vulnerability severity, and threat likelihood. Understanding risk exposure guides resource allocation and prioritization efforts.

Third-Party Risk Management: Track metrics related to third-party assessments, compliance with security requirements, and incidents involving third-party vendors. Assessing and managing third-party risk is vital in today's interconnected business landscape.

Security Controls Effectiveness: Evaluate the efficacy of security controls through metrics like IDS/IPS alerts, firewall rule effectiveness, and malware detection rates. Ensure investments in security technologies yield desired outcomes.

Backup and Recovery Metrics: Measure backup success rates, recovery time objectives (RTO), and recovery point objectives (RPO) to ensure data resilience. Regular testing confirms that recovery processes align with business needs.

Business Continuity and Disaster Recovery (BCDR) Metrics: Assess the organization's ability to maintain operations during and after a cyber incident by tracking RTOs, RPOs, and BCDR exercise success rates. Regular testing ensures readiness for real-world scenarios.

Effective cyber resilience requires a holistic approach that incorporates proactive measures, rapid detection, efficient response, and robust recovery mechanisms.

By monitoring and optimizing these key metrics, organizations can enhance their ability to withstand and recover from cyber threats, safeguarding their operations and maintaining business continuity.

READ MORE HERE

Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back
Next