Last Week in Ransomware: 11.13.23

Last Week in Ransomware News we saw an attack disrupt the US Treasury Market, Cl0p Exploiting a Vulnerability in SysAid, and ransomware and data Extortion claims spike...

US Treasury Market Disrupted by Attack on ICBC

The financial world recently witnessed the disruptive impact of a ransomware attack on the Industrial and Commercial Bank of China (ICBC), with repercussions felt in the US Treasury market.  

The attack on ICBC, China's largest bank, serves as a stark reminder of the interconnectedness of global financial systems and the potential for widespread disruption.

Critical infrastructure providers like the financial, manufacturing, healthcare and energy sectors remain top targets for ransomware operators because the pressure to quickly resolve the attacks and resume operations increases the chances victim organizations will pay the ransom demand.

Critical infrastructure providers need to have the capability to respond quickly and decisively to ensure that any potential disruption to operations is kept to an acceptable minimum. A robust defense is key, but resilience is how we will win the battle and remove the economic incentive for further ransomware attacks.

READ MORE HERE

Ransomware Attack Puts Healthcare Provider Akumin in Bankruptcy

In a distressing turn of events, Florida-based healthcare provider Akumin Imaging has filed for Chapter 11 bankruptcy protection in the aftermath of a debilitating ransomware attack. Patients have reported an inability to schedule appointments as Akumin grapples with the aftermath of the incident.

The company temporarily suspended most clinical and diagnostic operations, emphasizing the need to restore systems securely before resuming services. Despite implementing workarounds and manual processes, the estimated time for full-service restoration remains uncertain.

A spokesperson from Akumin stated, “We have made substantial progress restoring certain operations, including all oncology services, since taking our systems offline, and have resumed treating some patients.”  

However, the broader impact of the attack highlights the targeting of vulnerabilities in the healthcare sector, where disruptions directly jeopardize the delivery of life-saving services. The incident sheds light on the persisting threat of ransomware attacks targeting healthcare providers, a trend that has become increasingly prevalent in recent years.

This unfortunate event adds to a series of ransomware attacks plaguing the healthcare sector. Previous incidents include a breach at MCNA Dental Insurance, exposing personal information of nearly nine million patients, and an attack on SMP Health, leading to the closure of the vital St. Margaret’s Health facility.  

Prospect Medical Holdings also faced disruptions, with emergency rooms shuttered and procedures delayed, further emphasizing the significant impact on patient care.

A recent study underscores the gravity of ransomware attacks in the healthcare industry, with over 500 reported attacks impacting nearly 10,000 facilities and exposing more than 52 million patient records. The financial toll on the US economy has reached tens of billions of dollars.  

The modus operandi of ransomware groups is clear – to exploit vulnerabilities and disrupt healthcare operations, pressuring organizations to pay ransoms to avoid delays in critical care.

READ MORE HERE

Ransomware Attacks and Data Extortion Claims Surge

The escalating frequency of ransomware attacks is not limited to healthcare; it extends across various sectors, posing a serious threat to businesses and critical infrastructure.  

Research from a leading business insurance provider indicates a worrying surge in ransomware and extortion claims, rising from 40% in 2019 to almost 80% in 2022, with 2023 continuing the upward trend.  

Overall, ransomware activity has increased by 50% year-over-year in the first two quarters of 2023, with attacks becoming more sophisticated and efficient.

The financial repercussions of ransomware attacks are staggering, with estimates suggesting over 2,300 successful attacks in the first half of 2023, marking a 74% increase over Q1 volumes.  

However, the true extent may be much higher, as a significant number of organizations opt not to report attacks to law enforcement, according to recent surveys. Efforts to combat ransomware are hindered by a lack of accurate data, making it challenging for security teams to quantify the threat accurately and secure necessary funding.  

The federal government's intervention is crucial in providing organizations with accurate information to strengthen cybersecurity programs. The landscape of ransomware attacks is evolving, necessitating a comprehensive approach that includes prevention, detection, and resilience strategies.

READ MORE HERE

Cl0p Actively Exploiting SysAid Zero- Day Vulnerability

One alarming aspect is the increasing use of zero-day vulnerabilities by ransomware gangs, a departure from traditional methods. The exploitation of a zero-day vulnerability in the SysAid IT support software by the Cl0p ransomware underscores this trend.  

Until recently, it was highly unusual to see ransomware gangs using zero-day exploits targeting vulnerabilities, as these exploits are highly valuable to attackers and were most often leveraged in nation-state operations as opposed to cybercriminal attacks.

Organizations are urged to adopt robust cybersecurity measures, including regular patching, endpoint protection, and proactive security protocols. The imperative for organizations to fortify their cybersecurity defenses and embrace resilience strategies has never been more urgent.  

As the ransomware landscape evolves, proactive measures are essential to mitigate risks and safeguard against potentially catastrophic consequences.

READ MORE HERE

‍

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.