- Even with some well-publicized ransomware attacks against healthcare organizations this year, such as Allscripts and LabCorp, healthcare ransomware attacks are on the decline, according to the latest analysis by cybersecurity firm Cryptonite.
The number of healthcare ransomware attacks decreased 57 percent in the first half of 2018 compared to the same period in 2017. There were only 8 ransomware events in the 2018 first half, while there were 19 ransomware events in the 2017 first half, according Cryptonite’s analysis of OCR data.
“While 1st half 2018 shows a downtrend in the successful use of ransomware, we expect cyber criminals to continue to adjust their attack techniques to successfully targeting the IoT devices, medical devices, and mobile devices for the continued compromise of healthcare networks,” commented Cryptonite President and CEO Michael Simon.
“They are driven by the economic opportunity for the sale and ransom of these stolen data records, and that opportunity remains as strong as ever,” Simon added.
In total, there were 59 incidents reported to OCR as IT/hacking in the first half of 2018. This compares to 140 IT/hacking events reported to OCR for all of 2017, according to Cryptonite.
In first half of 2018, there were 1,928,432 records compromised, a 9 percent increase over the same period in 2017.
“Cyberattackers continue to target healthcare to obtain medical records they contain for sale on the dark web. Medical records still continue to provide the best and most complete data which can support identity theft and related financial fraud,” said Simon.
Other studies support the findings of Cryptonite about the decline in ransomware attacks.
Endpoint security firm Kaspersky Lab recently found that the number of users of its products who encountered ransomware fell by close to 30 percent, from 2,581,026 in 2016-2017 to 1,811,937 in 2017-2018.
At the same, the number of Kaspersky users who encountered cryptocurrency miners increased by 44.5 percent, from 1,899,236 in 2016-2017 to 2,735,611 in 2017-2018.
“While ransomware can provide cybercriminals with potentially large but one-off rewards in a turbulent landscape, miners might make less money out of their victims, but through a more sustainable/longer-term model,” Kaspersky observed in its report.
In addition, a recent report by Skybox Security uncovered a similar trend.
In the first half of 2018, cryptocurrency miners accounted for 32 percent of attacks while ransomware only accounted for 8 percent of attacks, according to analysis by Skybox Research Lab’s security analysts.
In the second half of 2017, ransomware accounted for 32 percent of attacks, while cryptocurrency miners accounted for only 7 percent.
“In the last few years, ransomware reigned supreme as the shortcut money-maker for cybercriminals,” said Skybox CTO and Vice President of R&D Ron Davidson.
“It doesn’t require data exfiltration, just encryption to hold the data hostage and a ransom note of how the victim can pay up. With cryptominers, the criminals can go straight to the source and mine cryptocurrency themselves. There’s no question of if they’ll be paid or not,” he added.
While not as destructive as ransomware, cryptocurrency miners can still significantly degrade a healthcare organization’s IT infrastructure because of the computational power required to mine for cryptocurrency.
Skybox identified a few advantages to cryptocurrency mining over ransomware for cybercriminals:
• Victim doesn’t need to be notified of the attack, so it can continue indefinitely in a stealth manner
• Cryptocurrency can be mined over long periods of time, rather than the cybercriminal receiving a single lump-sum ransom payment
• No decision on payment is needed from the victim—the attacker controls how much money will be generated
“Ransomware received a lot of attention in years past, especially thanks to the likes of WannaCry, NotPetya and BadRabbit,” said Skybox Director of Threat Intelligence Marina Kidron.
“To some extent, organizations took note and put effective precautions in place, ensuring they had reliable back-ups and even thwarting attackers with decryption programs. So, cybercriminals found—in cryptomining—a path of lesser resistance. The recent uptick in value of cryptocurrencies also made this an incredibly profitable attack option,” Kidron concluded.