Criminals are using covid-19 pandemic to target medical devices

June 27, 2020

Most of the healthcare organizations lack resources to implement a robust cybersecurity plan. A lot of medical devices are not up to date when it comes to cybersecurity. They still run on a legacy OS. Hence the hospitals cannot just upgrade to the latest version of the OS. And some of these devices are heavily priced.  As we all know when a OS reaches End Of Life, it is not supported and no updates are available. This makes the whole setup vulnerable.

In the midst of covid-19 pandemic, criminals will have it easy making a target fall for the bait. There have been many instances of phishing mails designed around covid-19 related topics. The mails are crafted in such a way that they look genuine enough to be from a reputed orgnaization, and a person who is compassionate, they are eager to help the needy, and in haste without checking the domain name etc., they click on a link or download a file which in turn unravels a ransomware.

Ransomware is evolving, earlier a ransomware only used to encrypt the data and asked for ransom. Now a days criminals are harvesting data before they encrypt it. In case someone refuses to pay a ransom, the criminals threaten to release all the harvested data on the web.

According to Bleeping Computer, cybersecurity firm Cyble has discovered data stolen from Brooks International by ransomware operators Sodinokibi available for purchase on a public hacking forum.

The company had refused to pay the ransom fee, which drove Sodinokibi to list the stolen 12GB dataset - said to contain credit card information and log in credentials - for a fee of around $2.15.

Medical devices are some of the most vulnerable to ransomware attacks in a healthcare system, for a simple reason that the device manufacturers are very very slow in providing the patches. And most of the devices run on an outdated OS. Ransomware has been targeting medical devices even since the Wannacry attack in 2017. It was reported that a Bayer MEDRAD device was encrypted with a ransom note on it's screen.

There is news that a few criminal groups have told that they will not be targeting the helathcare industry during this pandemic. But a majority of criminals do not have a conscience. And hence in March this year Champaign-Urbana Public Health District, which serves about 210,000 people in central Illinois, was hit by Netwalker ransomware.

"We are working to get our website up and running," the organization reported via its Facebook page on Thursday, before announcing Friday that the website had been restored.

"CUPHD can confirm that our system was attacked by a ransomware virus [called] Netwalker," a spokeswoman last week told the Register.

The Netwalker ransomware-as-a-service offering, which was first spotted in August 2019, has also been tied to numerous other attacks, including a Feb. 10 infection at Australian transportation and logistics firm Toll Group (see: Australian Delivery Firm Confirms Ransomware Attack).

Despite CUPHD getting its website back up and running, a full fix might take weeks to accomplish. In the meantime, of course, there's a global pandemic to contend with, and on Sunday, CUPHD confirmed its first confirmed local case of COVID-19. "The resident is a female in her 50s and is in home isolation and recovering," it said.

To ensure seemless care to the patients, helthcare systems relies heavily on connected devices. And the problem here is most of these devices run on an outdated OS, which makes them vulnerable. VLAN segmentation has to be implemented isolating these devices, which will prevent other computers in the system from getting affected during a ransomware attack.

Studies predict that by 2021 there will be 5 to 6 ransomware attacks every minute. Phishing emails/sites are the delivery vehicles for most of the ransomware attacks. It is also reported that each month there are about 1.5 million phishing sites created.

The most important thing to prevent a ransomware attack is to educate people about phishing emails/sites.

  • Educate them about a legit mail and a phishing mail.
  • Educate them about a legit site and a phishing site.
  • Educate them about how important it is to not click a link from a phishing email/site.

It's all about awareness, awareness, and awareness.

If you are worried about your cybersecurity. We are here to help you. For a robust cybersecurity awareness program, Advanced Virtual Attacks, click here.

Authored by

Basheer Ahmed Khan

Theta432 Director of Operations, India