TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Ransomware groups show zero-respect to healthcare industry; attacks continue to rise!

Ransomware groups show little to literally zero respect to critical industries including healthcare, especially when the entire world is fighting against the on-going crisis. As a lot of businesses have transitioned to working remotely, critical industries continue to endure challenges. At a time when the world is fighting a pandemic, ransomware groups continue to leverage the current situation to their advantage.

 

ransomware rise

Microsoft describes how Ransomware groups continue to target healthcare, critical services. They’ve also outlined a strategy on how to mitigate the overall risk factor.

Ransomware continues to target healthcare & other critical services

In its recent blog post, Microsoft wrote:

“At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations.”

In the first two weeks of April, Microsoft observed an uptick in the number of ransomware deployments. Microsoft says multiple ransomware groups activated at least dozens of ransomware deployments targeting the healthcare industry this month.

These attackers largely affected aid organizations, medical billing companies, manufacturing, transport, government institutions, and educational software providers. One thing is certain. These attacks are not limited to critical services since major IT firms like Cognizant are also falling prey to ransomware attacks.

According to Microsoft security intelligence as well as the company’s Detection and Response Team (DART) team, this is clearly not the first of these attacks that have surfaced.

“Many of the compromises that enabled these attacks occurred earlier.”

Microsoft sees a pattern that is more or less similar to human-operated ransomware campaigns. Attackers have been targeting networks target networks for several months beginning earlier this year while the ransomware deployments happen to be part of their monetization strategies.

Most of these attacks start with the lateral movement technique when attackers try to exploit vulnerabilities in network devices and remote desktop servers exposed to the Internet. As a result, attackers use brute force to compromise RDP servers in large numbers.

“The attacks delivered a wide range of payloads, but they all used the same techniques observed in human-operated ransomware campaigns.”

RDP or Virtual Desktop endpoints without multi-factor authentication are susceptible to ransomware attackers. Plus, Older platforms no longer getting security updates, and Misconfigured web servers also remain subject to ransomware related risks.

Microsoft warns users against some of the deadliest ransomware families such as:

  • RobbinHood ransomware,
  • Vatet loader,
  • NetWalker ransomware,
  • PonyFinal ransomware,
  • Maze ransomware,
  • REvil ransomware, etc.

Microsoft is already working to protect Hospitals against ransomware attacks, however.

Updated on Tags:

AnandKhanse@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP (2016-2022). He enjoys following and reporting Microsoft news and developments in the world of Personal Computing.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap