The rapidly advancing digital age brought with it numerous unique threats to cybersecurity and data privacy. The most pressing issue in the news recently is the elevated amount of ransomware attacks. These are a type of malicious software characterized by encrypting a victim’s files, systems, and data, then threatening to release the stolen private information unless a ransom amount is paid to the attackers.
Ransomware attacks became even more prevalent with the emergence of Ransomware-as-a-Service (RaaS). These platforms use professional developers to create ready-to-use ransomware software to sell to clients - allowing amateur hackers to enter the ransomware scene and widen the target range for increasingly sophisticated cyber-attacks. The escalating tactics to dismantle the cybersecurity of organizations feels bleak enough, but there does seem to still be a slight moral code to uphold – even according to the cyber-criminals themselves. This is one of the reasons why businesses need to have a strategy for ransomware prevention.
SickKids Ransomware Attack
On December 18th of 2022, the Toronto SickKids teaching and research hospital was hit by a ransomware attack that affected internal and corporate systems, including the hospital website and phone lines, leading to an arduous wait for critical lab and imaging results. The cyber-attack was claimed by an affiliate of the LockBit group - a notorious Ransomware-as-a-Service platform.
Source: https://www.sickkids.ca/en/
Two days later, cybersecurity specialist Dominic Alvieri, noted in a tweet that the ransomware gang had issued an apology for the attack and released a decryptor for free. The group insisted that the attack on the healthcare institution was in error, saying that the partner who attacked the hospital had violated the group’s rules and is now blocked and no longer in their affiliate program.
According to Bleeping Computer, the decryptor file is now freely available and seems to be a Linux/VMware ESXi decryptor - indicating that virtual machines in the hospital were the only target.
On the 5th of January, 2023, the SickKids institute released a statement that the “Code Grey” response to the cyber-attack had been lifted and that 80% of the affected systems had been restored. The hospital went on to assure that it did not pay any ransom or use the decryptor offered by the LockBit group – instead relying on its third-party experts to remedy the situation. They also clarified that there had been no evidence that any personal information was leaked.
Nimira Dhalwani, Chief Technology Officer at SickKids warned in the same statement that “ransomware and other malware attacks are becoming more and more frequent and sophisticated across organizations and industries.”
The BleepingComputer noted that the LockBit ransomware operation allows its affiliates to encrypt pharmaceutical companies, dentists, and plastic surgeons – yet they prohibit them from encrypting "medical institutions" where attacks could lead to death.
The policy states that "it is forbidden to encrypt institutions where damage to the files could lead to death, such as cardiology centers, neurosurgical departments, maternity hospitals and the like, that is, those institutions where surgical procedures on high-tech equipment using computers may be performed."
While these ethical codes seem like heartwarming sentiments, one of the possible rationales behind is to evade greater legal action from being taken against the group in the wake of a tragedy after a cyber-attack is carried out.
Prevention Is Better Than Cure
The healthcare industry alone has taken various hits in terms of cyber-attacks within the past few years – with ransomware attacks becoming startlingly more prominent in the industry. A sectoral survey report by Sophos revealed a 94% increase in ransomware attacks on the healthcare industry in 2022, according to Techwire Asia. Targeting healthcare facilities puts a massive strain on an entire community and risks patient confidentiality and actual lives.
This is why ransomware protection is an integral aspect of any organization – in healthcare or otherwise. Cybersecurity should be at the forefront of concerns going into the modern age. Sangfor Technologies prides itself on offering effective and secure solutions for your company through holistic ransomware prevention.
Sangfor strives to protect your company from ransomware attacks and provides ransomware prevention and solutions that will secure your data. For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.