August 31


Ransomware in times of COVID

Cyber criminal historically has leveraged a global phenomenon for personal gain, and COVID-19 wasn't the exception. Since the pandemic started, the reports of cyber attacks have ramp-up. In fact, according to Iomart, a cloud computing company, the number of breaches has increased by 273% in the 2020 first quarter compared to the same time last year.

Due to businesses having to make an abrupt shift moving their employees to work from home and the upheaval and confusion, they've become an easy target that bad actors are taking advantage of. Different kinds of attacks are being used. For instance, Ransomware that, according to VMWare, it is up 90%. It is an attack that infects the computer with malicious software encrypting and blocking access to its documents/system and displaying messages demanding a ransom to restore access.

Enterprises aren't the only ones being hit by cyber criminals. COVID-19 made of hospitals and other healthcare providers the perfect target for Ransomware. Cyber criminal knows that the nature of their operations makes the healthcare system more vulnerable during these times.

Let's review a couple of Ransomware attacks that happened this past month.

  • R1 RCM, INC, one of the nationals largest medical debt collection companies, was hit in a ransomware attack earlier this month. They track patients' records, including patients' insurance, registration, medical treatment documents, benefits verification, bill preparation, and collection, etc.

    According to KrebsOnSecurity sources, the malware that infected R1 RCM systems is known as Defray, which spread through phishing emails and try and coerce victims into downloading a malicious file. Defray has a history of explicitly targeting companies in the healthcare space.

    R1 RCM declined to discuss the Ransomware further; however, they acknowledged taking down its systems to respond to the attack.
  • Regis Healthcare, an Australian aged care provider with more than 6700 residents across 63 facilities, was hit by a gang using the Windows Maze ransomware. Maze Hacker is a group of cyber criminals that steal company's data while deploying Ransomware.

    Due to Regis Healthcare security strategy, they didn't have to pay the ransom. Instead, they moved to their "backup and business continuity systems" without impacting their day-to-day operations. It's important to mention that although they didn't have down times, they did have a massive data leak.

These attacks reveal that although healthcare providers are vulnerable, they can still implement some level of security. Organizations have to become more vigilant of cybersecurity tactics, techniques, and procedures to avoid becoming one of this year's victims.

About Allari

Allari implements customized service plans for IT Operations & Cyber-security which allow you to complete a higher volume of planned work, gain the capacity to innovate and help your business to win.

Subscribe to the best newsletter there is.

You won't regret it!


COVID, Ransomware

About the author

Gabriela Granda

I am a Systems Engineer specialized in security and networking. I'm interested in defensive security and forensics.

You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}