Ransomware 2.0: It's coming, and healthcare needs to get prepared
Next wave of attacks will likely target Internet of Things and medical devices, which remain tempting targets for their lack of sufficient protections, experts say.
Some cybersecurity experts say health care has only dealt with “Ransomware 1.0” to date, which begs the question: How much worse will “Ransomware 2.0” be for a sector already under siege?
“The latest variation on a theme regarding this threat is what can appropriately be called a ransomworm,” said Rich Curtiss, managing consultant at Clearwater Compliance, a former hospital CIO, and liaison for cybersecurity vulnerability projects with the National Cybersecurity Center of Excellence. “This is a combination of two types of malware, ransomware and a worm. While we have become all too familiar with ransomware in the healthcare sector, we have ignored other forms of malware.”
The use of a worm coupled with a ransomware payload is a new exploit, but the techniques are not. A worm allows the ransomware payload to move laterally or across internal and external networks, exploiting unpatched vulnerabilities.
“A question on everyone’s mind is what is the next malware threat,” Curtiss said. “The malware ecosystem has changed dramatically from the days of zero-day exploits with newly crafted packages to modification of existing malware packages to quickly exploit identified vulnerabilities. Malware-as-a-service is quickly gaining traction on the Dark Web. This makes ransomware a commodity for any malicious user wanting to achieve financial gain with low risk and limited cost.”
One place Ransomware 2.0 is sure to strike the Internet of Things and medical devices. These devices remain tempting targets for their lack of sufficient protections.
“Healthcare security practitioners do not have authority or control over the medical or biomedical equipment that usually is vendor-managed,” Curtiss said. “Any new malware strains will impact the medical devices due to a protracted software update process that leaves vulnerabilities unpatched or uncorrected for extended periods of time.”
So far, ransomware has been relatively unsophisticated. For the most part, it has been developed and distributed looking for targets of opportunity. Knowing that a great number of organizations have not patched for a specific vulnerability, like how EternalBlue was leveraged for WannaCry, attackers can use a “spray and pray” method: Build ransomware to infect the greatest possible number of targets and hope that a good portion of victims pay the ransom.
Check out the rest of this article over at HealthCareIT News