Last Week in ransomware news we saw RansomHub extorting Change Healthcare with stolen data, data exfiltration leading to legal liability, and Change Healthcare recovery reaching $1 Billion...
RansomHub Extorts Change Healthcare
RansomHub, a burgeoning entity in the cybercrime realm, has made headlines by purportedly obtaining data pilfered from Change Healthcare, a significant player in US healthcare payment processing.
Allegations surfaced suggesting that Change Healthcare disbursed a $22 million ransom to the BlackCat/ALPHV ransomware syndicate, evidenced by a sizable Bitcoin transaction.
Reports from SC Media detail a twist in the narrative, indicating that the ransomware-as-a-service (RaaS) group absconded with the entire $22 million, leaving the affiliate who orchestrated the breach, dubbed 'notchy,' empty-handed.
Wired corroborated RansomHub's possession of Change Healthcare data, furnishing samples of patient records and contracts allegedly sourced from the company.
This incident underscores the peril of yielding to ransom demands. While seemingly expedient, such actions only embolden cybercriminals, perpetuating a cycle of attacks and enriching illicit enterprises.
Paying ransom offers no guarantee of data recovery or immunity from future incursions. Ransomware outfits operate with sophisticated structures, posing formidable challenges to victims and law enforcement alike.
The recurrent rebranding of ransomware groups, exemplified by DarkSide, BlackMatter, BlackCat/ALPHV, and now RansomHub, underscores the difficulty in tracking these elusive entities.
Moreover, recent attacks on entities like Change Healthcare and Trans-Northern Pipelines post-law enforcement takedown attempts cast doubt on the efficacy of such measures.
Data Exfiltration as Bad as Ransomware Payload
The US Department of Health & Human Services Office for Civil Rights (OCR) has initiated an investigation into Change Healthcare, a leading medical payments company, following a recent ransomware attack.
This action aims to ascertain Change Healthcare's adherence to regulations safeguarding Protected Healthcare Information (PHI). The OCR emphasizes the unprecedented scale of the cyber-attack, indicating the necessity of regulatory compliance evaluation.
Partner organizations of Change Healthcare and UnitedHealth are reminded by the OCR of their regulatory obligations, including the maintenance of business associate agreements and prompt breach notifications to HHS and affected individuals, as reported by Infosecurity Magazine.
The incident underscores the broader ramifications of ransomware attacks, extending beyond financial and operational repercussions to encompass legal and regulatory liabilities.
Data exfiltration has become a common tactic among ransomware operators, heightening the efficacy of extortion efforts. Attackers may not only demand ransom for encrypted systems but also for stolen data, amplifying the risk of data exploitation despite ransom payment.
Effective cybersecurity measures such as encryption, access controls, and employee training are imperative for data protection against ransomware threats. Executives must comprehend the multifaceted nature of modern ransomware attacks and proactively implement mitigation strategies.
Halcyon's reference guide, What Executives Should Know about Ransomware, offers valuable insights for C-level executives to fortify organizational security posture and mitigate cyber threats effectively.
Change Healthcare Remediation Costs Near $1 Billion
The US Department of Health & Human Services Office for Civil Rights (OCR) has initiated an investigation into Change Healthcare, a leading medical payments company, following a recent ransomware attack.
This action aims to ascertain Change Healthcare's adherence to regulations safeguarding Protected Healthcare Information (PHI). The OCR emphasizes the unprecedented scale of the cyber-attack, indicating the necessity of regulatory compliance evaluation.
Partner organizations of Change Healthcare and UnitedHealth are reminded by the OCR of their regulatory obligations, including the maintenance of business associate agreements and prompt breach notifications to HHS and affected individuals, as reported by Infosecurity Magazine.
The incident underscores the broader ramifications of ransomware attacks, extending beyond financial and operational repercussions to encompass legal and regulatory liabilities.
Data exfiltration has become a common tactic among ransomware operators, heightening the efficacy of extortion efforts. Attackers may not only demand ransom for encrypted systems but also for stolen data, amplifying the risk of data exploitation despite ransom payment.
Effective cybersecurity measures such as encryption, access controls, and employee training are imperative for data protection against ransomware threats. Executives must comprehend the multifaceted nature of modern ransomware attacks and proactively implement mitigation strategies.
Halcyon recently published a reference guide that explores what each C-level executive should know about ransomware to ensure a strong security posture and protect their organization: What Executives Should Know about Ransomware.
Ransomware: Key Metrics for Enterprise Resilience
The volume of attacks surged in 2023 by 55.5% year-over-year, and a report from Chainalysis revealed that payments to ransomware operators exceeded $1 billion in 2023, breaking all previous estimations.
Assessing and enhancing cyber resilience is critical in today's rapidly evolving threat landscape. While robust cybersecurity measures are essential, effective cyber resilience goes beyond prevention to include swift detection, response, and recovery from cyber incidents.
To achieve this, organizations need to adopt a strategic approach centered on the careful selection and continuous monitoring of key performance indicators (KPIs) and metrics tailored to evaluate cyber resilience effectively.
Here are ten essential metrics to bolster cyber resilience:
Mean Time to Detect (MTTD): This measures how quickly an organization identifies a cyber threat or incident. A lower MTTD indicates better detection capabilities, helping to contain the impact and prevent further spread during a breach.
Mean Time to Respond (MTTR): MTTR measures how rapidly an organization responds to a detected cyber threat. Lower MTTR signifies quicker response capabilities, emphasizing the importance of efficient incident response procedures.
Incident Response Plan Effectiveness: Evaluate the effectiveness of incident response plans by measuring factors such as containment time, communication efficiency, and coordination among response teams. Ensure plans are followed and updated to address evolving threats.
Cybersecurity Training and Awareness: Track metrics related to employee awareness, training completion rates, and performance in simulated phishing exercises. Effective training programs are crucial in mitigating human error, a common factor in cyber incidents.
Cybersecurity Hygiene: Monitor practices such as system patching frequency, vulnerability scanning results, and compliance with security policies. Strong cybersecurity hygiene forms the foundation of resilience and should be prioritized.
Cyber Risk Exposure: Quantify risk based on asset criticality, vulnerability severity, and threat likelihood. Understanding risk exposure guides resource allocation and prioritization efforts.
Third-Party Risk Management: Track metrics related to third-party assessments, compliance with security requirements, and incidents involving third-party vendors. Assessing and managing third-party risk is vital in today's interconnected business landscape.
Security Controls Effectiveness: Evaluate the efficacy of security controls through metrics like IDS/IPS alerts, firewall rule effectiveness, and malware detection rates. Ensure investments in security technologies yield desired outcomes.
Backup and Recovery Metrics: Measure backup success rates, recovery time objectives (RTO), and recovery point objectives (RPO) to ensure data resilience. Regular testing confirms that recovery processes align with business needs.
Business Continuity and Disaster Recovery (BCDR) Metrics: Assess the organization's ability to maintain operations during and after a cyber incident by tracking RTOs, RPOs, and BCDR exercise success rates. Regular testing ensures readiness for real-world scenarios.
Effective cyber resilience requires a holistic approach that incorporates proactive measures, rapid detection, efficient response, and robust recovery mechanisms.
By monitoring and optimizing these key metrics, organizations can enhance their ability to withstand and recover from cyber threats, safeguarding their operations and maintaining business continuity.
Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.
Related Posts
The Halcyon Platform
Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.
Interested in getting a demo? Fill out the form and let’s talk!
Get a Demo
Meet with a Halcyon Anti-Ransomware Expert