A cybercriminal’s work is never done (just ask Lady Gaga), and those looking to capitalize on the opportunities created by COVID-19 have been particularly busy devising ransomware attacks, specifically. Already a growing trend, a sharp uptick in the first quarter of 2020 shows bad actors are using the increasingly popular vector to take advantage of newly exposed weaknesses among victim organizations.
The healthcare industry, under immense strain from the pandemic, seems to be a favorite target. Take the recent ransom attack on Magellan Health, for example.
A record number of employees working from home is providing an abundance of new opportunities for criminals to take advantage of remote desktop protocols (RDP). Though a phishing email was used in the Magellan Health case, cybercriminals are also using “brute force” attacks, systematically trying different username and password combinations to gain access. Those combinations come to the criminals via other data breaches and the resulting sale of stolen data on the dark web.
Once inside a network, a criminal has a powerful hand to play. They can extract sensitive data for blackmail and infect systems with malware that render them useless … until the right price is paid, that is.
Organizations are forced to make a series of calculated decisions that weigh the costs and potential outcomes for different response strategies.
- Pay the ransom in exchange for a decryption code that yields a quicker resolution? (Criminals often do follow-through on their end of the bargain, by the way, to support the ransomware business model.)
- Ignore the demands and try to painstakingly restore data from backups? (If a cybercriminal hasn’t deleted them.)
- Hack back, or attempt to locate data exfiltrated by the criminal and delete it from where it’s being stored? (Very few organizations would be in a position to even attempt this.)
Consumers’ personal data is becoming an increasingly lucrative target and bargaining chip. The ransom requests can vary widely, but large enterprises are being hit up for hundreds of thousands of dollars. (And keep in mind … this doesn’t include the average $732,000 in associated recovery costs!)
As such, patients, customers and other innocent victims end up virtual hostages stuck in the middle, with little say or visibility into the process. And it isn’t just the breached enterprises that bear the costs. We know from our history in data breach research that when a consumer’s personal healthcare information is breached, it is one of the riskiest types of breaches.
The Breach Clarity Score of the Magellan breach, for instance, shows patients whose personal healthcare data was stolen are now at greater risk of fraudulent financial accounts and tax refund identity theft due specifically to the type of data exposed. (The Magellan Breach scores a 5 out of 10, and those affected should check their credit reports, set fraud alerts and file their taxes as soon as possible rather than waiting to hit the IRS’ extended deadline of July 15, 2020.)
Unfortunately, when it comes to ransomware, we all pay the price.
About Breach Clarity
Breach Clarity’s proprietary, machine learning algorithm instantly analyzes more than 1,000 elements to score the risk level of a data breach. Each publicly reported data breach in the U.S. receives a Breach Clarity Score on a simple numerical scale, typically from 1 to 10. Breach Clarity’s dynamic algorithm and easy-to-use interface runs on the most comprehensive source of data breaches in the U.S., maintained and updated continuously by the Identity Theft Resource Center. To learn more, or to check the score of a recent data breach, visit breachclarity.com.
Kelly Moore (for Breach Clarity)
515-720-9670 (texts welcome)