{"id":23640,"date":"2024-01-13T12:27:45","date_gmt":"2024-01-13T20:27:45","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/01\/13\/news-17370\/"},"modified":"2024-01-13T12:27:45","modified_gmt":"2024-01-13T20:27:45","slug":"news-17370","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/01\/13\/news-17370\/","title":{"rendered":"Exposing the ransomware lie to \u201cleave hospitals alone\u201d"},"content":{"rendered":"\n<p>Ransomware groups are liars, yes, but even when these dangerous cybercriminals would ransack organizations and destroy entire companies, a few select groups espoused a sort of &#8220;honor among thieves.\u201d According to those few groups, their cybercriminal actions would never include organizations actively involved in healthcare, such as hospitals. <\/p>\n<p>But, as can be expected from ransomware groups, these were nothing but lies. The million-dollar criminal operations, awash with cash, are still vulnerable to greed.<\/p>\n<p>LockBit has claimed the recent attack on <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/capital-health-hospitals-hit-by-cyberattack-causing-it-outages\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Capital Health<\/a>. And even though LockBit claims they did not encrypt the hospitals files, the hospitals and physicians&#8217; offices experienced IT outages that forced them to resort to emergency protocols designed for system outages. Several surgeries were moved to later dates and outpatient radiology appointments were canceled.<\/p>\n<figure data-wp-context=\"{ &quot;core&quot;: \t\t\t\t{ &quot;image&quot;: \t\t\t\t\t{   &quot;imageLoaded&quot;: false, \t\t\t\t\t\t&quot;initialized&quot;: false, \t\t\t\t\t\t&quot;lightboxEnabled&quot;: false, \t\t\t\t\t\t&quot;hideAnimationEnabled&quot;: false, \t\t\t\t\t\t&quot;preloadInitialized&quot;: false, \t\t\t\t\t\t&quot;lightboxAnimation&quot;: &quot;zoom&quot;, \t\t\t\t\t\t&quot;imageUploadedSrc&quot;: &quot;https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/01\/lockbit.png&quot;, \t\t\t\t\t\t&quot;imageCurrentSrc&quot;: &quot;&quot;, \t\t\t\t\t\t&quot;targetWidth&quot;: &quot;1241&quot;, \t\t\t\t\t\t&quot;targetHeight&quot;: &quot;540&quot;, \t\t\t\t\t\t&quot;scaleAttr&quot;: &quot;&quot;, \t\t\t\t\t\t&quot;dialogLabel&quot;: &quot;Enlarged image&quot; \t\t\t\t\t} \t\t\t\t} \t\t\t}\" data-wp-interactive class=\"wp-block-image aligncenter size-large is-resized wp-lightbox-container\"><img decoding=\"async\" loading=\"lazy\" width=\"1241\" height=\"540\" data-wp-effect=\"effects.core.image.setButtonStyles\" data-wp-init=\"effects.core.image.initOriginImage\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/01\/lockbit.png?w=1024\" alt=\"Capital Health is listed on LockBit's leak site\" class=\"wp-image-101737\" style=\"width:700px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-label=\"Enlarge image: Capital Health is listed on LockBit&#039;s leak site\"> \t\t\t \t\t\t\t \t\t\t \t\t<\/button>        <\/p>\n<div data-wp-body=\"\" class=\"wp-lightbox-overlay zoom\" data-wp-effect=\"effects.core.image.initLightbox\">                 <button type=\"button\" aria-label=\"Close\" class=\"close-button\">                                      <\/button>                 <\/p>\n<div class=\"lightbox-image-container\">\n<figure class=\"wp-block-image aligncenter size-large is-resized responsive-image\"><img decoding=\"async\" src=\"\" alt=\"Capital Health is listed on LockBit's leak site\" class=\"wp-image-101737\" style=\"width:700px\" \/><\/figure>\n<\/p><\/div>\n<div class=\"lightbox-image-container\">\n<figure class=\"wp-block-image aligncenter size-large is-resized enlarged-image\"><img decoding=\"async\" src=\"\" alt=\"Capital Health is listed on LockBit's leak site\" class=\"wp-image-101737\" style=\"width:700px\" \/><\/figure>\n<\/p><\/div>\n<div class=\"scrim\" style=\"background-color: #fff\" aria-hidden=\"true\"><\/div>\n<\/p><\/div>\n<\/figure>\n<p>Unfortunately, we have seen these type of disruptions in healthcare before. And despite promises, we expect to see them again.<\/p>\n<p>But in an even more brutal turn of events, a ransomware group is crossing another line, and resorted to threatening physical violence against patients. As fewer organizations are willing to pay the ransom, it seems the ransomware operators have lost all human decency (admittedly, it&#8217;s hard to believe they ever had any).<\/p>\n<p>Again, we have seen ransomware groups turn on people who had their data stolen before. It\u2019s an extra type of leverage to get the target organization to pay the ransom. <a href=\"https:\/\/integrisok.com\/landing\/cyber-event\/cyber-event-dec-24-comm\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Integris Health<\/a> for example, an organization which operates a network of 15 hospitals and 43 clinics, reported that some of their patients received emails threatening to sell their information on the <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2021\/09\/what-is-the-dark-web-the-dark-web-explained\">dark web<\/a>.<\/p>\n<p>But in the <a href=\"https:\/\/www.fredhutch.org\/en\/news\/releases\/2023\/12\/fred-hutchinson-cancer-center-notifies-patients-of-data-security.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">case of Seattle&#8217;s Fred Hutchinson Cancer Center<\/a>, the criminals have taken it even a few steps further and threatened to &#8220;swat&#8221; hospital patients.<\/p>\n<p>Swatting is where someone makes a hoax emergency call to law enforcement in order to get armed police (in reference to US &#8220;Special Weapons And Tactics&#8221; teams) to target a particular address. Over time, swatting has evolved from a dangerous type of prank to <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/04\/swatting-as-a-service-is-a-growing-and-complicated-problem-to-solve\">a cybercrime that can be ordered as a service<\/a>.<\/p>\n<p>Swatting is dangerous because of the potential consequences. Not only does it take emergency services away from their actual tasks,  but there have been\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/2017_Wichita_swatting\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">swatting incidents that had fatal consequences<\/a>. <\/p>\n<p>Once the Fred Hutchinson Cancer Center became aware of the cybercriminals\u2019 swatting threats, they immediately notified the FBI and Seattle police. Let&#8217;s hope this reduces the potential dangers involved in swatting.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-data-breach\">Data breach<\/h3>\n<p>There are some actions you can take if you are, or suspect you may have been, the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor\u2019s advice.<\/strong>&nbsp;Every breach is different, so check with the vendor to find out what\u2019s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong>&nbsp;You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\" rel=\"noreferrer noopener\">strong password<\/a>&nbsp;that you don\u2019t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong>&nbsp;If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong>&nbsp;The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong>&nbsp;Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Set up identity monitoring.<\/strong>&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">Identity monitoring<\/a>&nbsp;alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\" id=\"h-how-to-avoid-ransomware\">How to avoid ransomware<\/h3>\n<ul>\n<li><strong>Block common forms of entry.<\/strong>&nbsp;Create a plan for&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/business\/vulnerability-patch-management\">patching vulnerabilities<\/a>&nbsp;in internet-facing systems quickly; and disable or&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/03\/blunting-rdp-brute-force-attacks-with-rate-limiting\">harden remote access<\/a>&nbsp;like RDP and VPNs.<\/li>\n<li><strong>Prevent intrusions.<\/strong>&nbsp;Stop threats early before they can even infiltrate or infect your endpoints. Use&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/business\/edr\">endpoint security software<\/a>&nbsp;that can prevent exploits and malware used to deliver ransomware.<\/li>\n<li><strong>Detect intrusions.<\/strong>&nbsp;Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/business\/edr\">EDR<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/business\/managed-detection-and-response\">MDR<\/a>&nbsp;to detect unusual activity before an attack occurs.<\/li>\n<li><strong>Stop malicious encryption.<\/strong>&nbsp;Deploy Endpoint Detection and Response software like&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/business\/edr\">ThreatDown EDR<\/a>&nbsp;that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.<\/li>\n<li><strong>Create offsite, offline backups.<\/strong>&nbsp;Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.<\/li>\n<li><strong>Don\u2019t get attacked twice.<\/strong>&nbsp;Once you\u2019ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p>Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-371336e6-815b-4134-8818-f944dbc308bb\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/business\/contact-us\/\">TRY NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/01\/exposing-the-ransomware-lie-to-leave-hospitals-alone\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Ransomware gangs are getting more ruthless to increase the pressure on their victims. Now, even swatting cancer patients seems to be on the table. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2640,24616,32,3765,10745],"class_list":["post-23640","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-hospital","tag-lockbit","tag-news","tag-ransomware","tag-swatting"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23640"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23640\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}