Healthcare Information Security

Cybersecurity News

Cybercriminals Using Innovative GrandCrab for Ransomware Attacks

Over the last few months, cybercriminals have begun using the innovative GrandCrab ransomware for their ransomware attacks, according to Fortinet’s Threat Landscape Report Q2 2018.


Source: Thinkstock

By Fred Donovan

- Over the last few months, cybercriminals have begun using the innovative GrandCrab ransomware for their ransomware attacks, according to Fortinet’s Threat Landscape Report Q2 2018.

GrandCrab is the first ransomware to accept Dash cryptocurrency and to be based on a ransomware-as-a-service model that shares profits between malware developers and cybercriminals.

In addition, GrandCrab uses .BIT, which is a top-level domain that is served via the Namecoin cryptocurrency infrastructure and uses various name servers to help resolve DNS and redirect traffic to it, the report explained.

The security firm expected version 4 of GrandCrab to be available in July. The latest version renders the tool created by security researchers to prevent the encrypting of files useless.

In addition, Fortinet found that cryptomining criminals are now targeting IoT devices to mine currency. Because IoT devices tend to be always on and connected, this enables attackers to load them with malware that is continually engaged in cryptomining.

Fortinet’s FortiGuard Labs found that 96 percent of firms experienced at least one severe exploit during the quarter. In addition, nearly a quarter of companies saw cryptomining malware, and six malware variants spread to over 10 percent of all organizations. It also detected 30 new zero-day attacks in the quarter.

In terms of botnets, a new Mirai botnet variant called WICKED added at least three exploits to its toolkit to better target unpatched IoT devices, the report found.

VPNFilter, a nation-state-sponsored attack that targets industrial control systems, emerged as a significant threat in the quarter. VPNFilter is particularly devastating because it steals data and disables devices, either individually or simultaneously as a group.

The Anubis variant of Bankbot introduced several innovations, including ransomware, a keylogger, RAT functions, SMS interception, lock screen, and call forwarding. BankBot is a family of banking trojans that targets Android devices and steals credentials from the victim’s device.

Ransomware attacks have plagued healthcare organizations for a number of years. In 2017, the WannaCry ransomware targeted medical devices and caused widespread problems for healthcare organizations, including UK's National Health Service. Earlier this year, SamSam ransomeware hit a number of healthcare organizations.

SamSam ransomware attacks have netted its creator $6 million so far. Three-quarters of the victims are based in the United States, and the largest ransom paid by an individual victim is $64,000.

Medium to large organizations in healthcare, education, and government make up half of the identified victims. Healthcare victims included Hancock Health Hospital and Adams Memorial Hospital, cloud-based EHR provider Allscripts, and possibly Case Regional Medical Center.

A threat report from security firm Cylance concluded that the healthcare industry is taking the brunt of ransomware attacks. 

Ransomware attacks grew three-fold last year, with healthcare being affected the most by this increase, according to data collected from Cylance’s customers.

The most common malware infection vectors remained email phishing and drive-by downloads. System damage and data destruction represented the top risks from malware.

“Cybercriminals are adept at modifying their malware and methods to stay ahead of traditional protections that organizations deploy, as seen by the rise in infections and sophistication of attacks in 2017,” said Rahul Kashyap, CEO of Awake Security and former Cylance Worldwide CTO. “It’s critical that companies are aware of the threats, keep up-to-date with patches, and use defenses that protect against constantly evolving malware.”

Not surprisingly, ransomware attacks concern healthcare IT professionals. According to a survey of HIMSS18 attendees by security firm Imperva, a ransomware attack is the type of cyberattack that most worries healthcare IT professionals. Almost 10 percent of those surveyed had paid a ransom or extortion fee, while almost half didn’t know if they had paid a ransom or not.

Other types of cyberattacks that concerned respondents included insider threats, compromised applications, and distributed denial of service (DDoS) attacks.

More than one-third of healthcare organizations have suffered a cyberattack within the last year, the survey found.

“There have been a number of incidents recently where cybercrime has impacted hospitals and left them unable to access patient data, which demonstrates the consequences of a successful attack. It is crucial that healthcare organizations take steps to protect their data,” concluded Imperva CTO Terry Ray.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...