Attackers have a single focus in many of these cases. This may be to embarrass the entity, have the accounting department urgently wire funds on behalf of the CEO, or to encrypt files and charge a fee for a decrypt key.
These attacks may have, dependent on the circumstances, naturally intended circumstances, but also unintended effects. The intended, direct effects may be malicious, with files being deleted or sensitive, confidential data being leaked into the media mainstream, collecting the ransom for the attack, or selling PII or PHI stolen and selling it on the dark web. These are the first phase effects.
The attacks also may have indirect effects on the victims. The operational aspect of the attack may have effects on the victim’s day-to-day tasks. The business’ services may stop during the attack, the staff members may not be paid in a timely manner, or in a hospital setting surgeries may be postponed.
Hospitals as of late have been the target of these attacks. The hospitals have the data and information the attackers want to steal and sell. A spectacular recent case occurred in late October 2016 with the hospital industry. The attack involved the Norther Lincolnshire and Goole NHS Foundation Trust. The trust operated three hospitals. These shared a network.
The effects of this had been rather substantial. The network had to be shut down due to the attack. This was the only way to isolate the attack and issue. The hospital’s operations had to be cancelled along with appointments and diagnostic procedures. Overall this affected approximately 3,300 patients and hundreds of surgeries were cancelled. These actions had to be done to ensure the patient’s safety. This was a rather serious decision, but was necessary. The patients were told not to come to the hospital unless the procedure was an absolute necessity. As an indicator of the seriousness, even women in labor were diverted to other hospitals. Due to this, there was a rather expeditious move to find the malware and remediate it.
In addition to holding the data the attackers were seeking, hospitals also are known to abound in vulnerabilities. This is due to a number of issues with budgetary constraints, different operations per department, or simply outdated systems. The culprit in the attack was ransomware.
Ransomware has proven to be rather disruptive to operations on many levels to virtually all affected. With this case, the victim was unsure which form of ransomware was to blame. Defending against this costly attack can be a significant issue. The Administrators certainly may maintain a proper security stance and patches, however the weakest link still are the users. These are able to load ransomware and other malware on a system with a simple click. Training, repeated and relevant, continue to be the first line of defense against this attack.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Bisson, D. (2016, November 2). Services slowly resume after malware strikes UK hospitals. Retrieved from https://www.grahamcluley.com/services-slowly-resume-malware-strikes-hospital/
Buntinx, J.P. (2016, November 2). UK’s NHS hospital postpones transplants due to ransomware attack. Retrieved from http://www.newsbts.com/2016/11/02/uks-nhs-hospital-postpones-transplants-due-to-ransomware-attack/
Kumar, M. (2016, November 3). Hundreds of operations cancelled after malware hacks hospital system. Retrieved from http://thehackernews.com/2016/11/hospital-cyber-attack-virus.html
Memoria, F. (2016, November 4). Computer virus cancels hundreds of scheduled surgeries in the UK. Retrieved from https://hacked.com/computer-virus-cancels-hundreds-scheduled-surgeries-uk/
Metzga, M. (2016, November 1). Breaking: NHS trust crippled by cyberattack. Retrieved form http://www.scmagazineUK.com/breaking-nhs-trust-crippled-by-cyberattack/article/5696301
Wooller, S. (2016, November 3). Red alert: Russia accused as all UK hospitals are put on high-alert after cyber attack forced trust to cancel operations for three days. Retrieved from https://www.thesun.co.uk/living/2108702/hospitals-on-high-alert-after-cyber-attack-forced-nhs-trust-to-cancel-all-ops-and-appointments-for-three-days/
Zorz, Z. (2016, November 3). NHS trust recovers after cyber attack. Retrieved from http://www.computerweekly.com/news/450402278/NHS-trust-recovers-after-cyber-attack
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!