For its annual report, Orange Cyberdefense analyzed more than eleven thousand reports of "cyber extortion," also referred to as CyX. "The healthcare sector saw the largest increase in cyber extortion incidents with an alarming 160 percent increase over the past year," the researchers said. "During the corona crisis, various hacker groups were still letting it be known that hospitals and other healthcare facilities were being spared because of their crucial social function. So now that the corona crisis is over, those principles seem to have been jettisoned."
Life-threatening situation
The consequences of these attacks are significant. "Shutting down systems can directly lead to life-threatening situations," said Matthijs van der Wel-ter Weel, strategic advisor at Orange Cyberdefense Netherlands in Computable. "Attacks not only disrupt daily operations, but also bring financial burdens. Both by paying ransom and by the cost of recovery and improved security measures."
$22 Million ransom
The trend described by Orange Cyberdefense appears to have accelerated in recent months. In March, American Change Healthcare, which handles $15 billion in health insurance payments annually, fell victim to ransomware. As funding streams stalled, healthcare services also came to a halt in hundreds of locations. Change Healthcare paid the cybercriminals $22 million to regain control of its systems.
Vicious circle
Experts warned in Wire that the ransomware, known to be one of the largest ever, leads to "a vicious cycle": "Rewarding hackers who carry out an unscrupulous attack on the U.S. healthcare system encourages new attackers to hit similarly targeted targets." Cybersecurity company Recorded Future counted 44 healthcare-related attacks in the month following the attack on Change Healthcare, a record!
Threat Image
Early last month, several major hospitals in London fell victim to hostage software. Although Dutch healthcare -as far as we know- has been spared any major incidents recently, the healthcare cybersecurity expertise center Z-Cert warned again about the growing dangers of hostage software when presenting its latest threat assessment.
New actors
According to Orange Cyberdefense, law enforcement agencies are having difficulty getting a handle on the activities of cybercriminals. Although those agencies have dismantled prominent cyber extortion groups such as LockBit, the number of victims has not noticeably decreased. "Every year, a third of the threat actors disappear, while an equal number of new actors emerge," the authors of the annual report said.
They also see that decommissioning often leads to a regrouping of remaining actors and the creation of new, often even more sophisticated, cyber extortion groups. These use the knowledge and techniques gained from the dismantled groups and are thus even better able to carry out their attacks and create victims, the security firm sees.
RaaS
In addition, it is becoming increasingly easy to obtain and use hostage software. Whereas programming knowledge was still necessary for a few years, now anyone who bothers to search the darkweb has Ransomeware as a Service (RaaS) at their fingertips Through the use of artificial intelligence, ransomware is also getting "smarter," Orange warns.