German authorities revealed last week that a ransomware attack on the University Hospital of Düsseldorf (UKD) caused a failure in IT systems, resulting in the death of a woman who had to be sent to another hospital 20 miles away.
The incident marks the first casualty reported as a result of cyberattacks on critical healthcare facilities, which has increased in recent months.
The attack, which exploited the vulnerability of Citrix ADC CVE-2019-19781 to address the hospital systems on September 10, is said to have been “misdirected” in the sense that it was originally intended for University of Heinrich Heine, according to an extortion note left by the perpetrators.
After law enforcement contacted the threat actors and informed them that they had encrypted a hospital, the activists behind the attack withdrew the ransom call and provided the decryption key.
The case is currently being treated as a manslaughter, BBC News reported over the weekend.
Untouched vulnerability Become a Gateway to Ransomware Attacks
While several ransomware gangs said early in the pandemic that they would not intentionally target hospitals or medical facilities, the cyclical attacks prompted the Interpol to issue a warning warning hospitals against ransomware attacks designed to lock them out of their systems critical in an attempt to extort. payments.
Weak testimonials and VPN vulnerabilities have proven to be a blessing in disguise for threat actors to break into the internal networks of businesses and organizations, leading cyber security agencies in the United States and the United States to issue several advisers about active exploitation of the flaws .
“The [Federal Office for Information Security] is becoming increasingly aware of incidents where Citrix systems were compromised before the security updates available in January 2020 were installed, “the German cyber security agency said in a warning last week.
“This means that attackers have access to the system and the networks behind it even after the security gap is closed. At present this possibility is being increasingly used to carry out attacks on affected organizations. “
The development also coincides with a new consultant from the UK’s National Cyber Security Center (NCSC), who said he has seen an increase in ransomware incidents targeting educational institutions at least since August 2020, while encouraging schools and universities to implement a “precision defense” strategy to protect against such malicious attacks.
Some of the institutions affected included Newcastle and Northumbria Universities, among others.
Citing Remote Desktop Protocol (RDP), vulnerable software or hardware, and phishing as the three most common infection vectors, the agency recommended organizations to maintain up-to-date backups offline, adopt malicious endpoint software protection, secure RDP services using multifactor. validate, and have an effective patch management strategy in place.
Spike in Ransomware Infection
If anything, the ransomware crisis only seems to be getting worse. Historical data collected by Temple University’s CARE cybersecurity laboratory has shown that there have been a total of 687 publicly disclosed cases in the United States since 2013, with 2019 and 2020 alone accounting for more than half of all reported incidents ( 440).
Government facilities, educational institutions, and healthcare institutions are the sectors most hit, according to the analysis.
And if 2020 is any indication, attacks against colleges and universities show no signs of slowing down.
Allan Liska, a threat intelligence analyst at Recorded Future, revealed that at least 80 publicly reported ransomware infections targeting the education sector so far this year, a massive jump of 43 ransomware attacks for the whole of 2019.
“Part of this change can be attributed to extortion sites, which force more victims to announce attacks,” Liska said in a tweets. “But, generally, ransomware actors are more interested in going after colleges and universities, and they are often easy targets.”
You can read more about NCSC mitigation measures here. For more guidance on preventing businesses against ransomware attacks, visit the US Cyber Security and Infrastructure Security Agency’s response guide here.