Around $121 million in payments have been gained by a ransomware network only for the first half of 2016, as the Healthcare sector became a preferred target because of their reliance on legacy systems.
Earlier this year, a huge wave of ransomware attacks was set off on healthcare institutions forcing them to pay $100,000 in payments to several bitcoin addresses. While hospitals still accounted for a relatively small percent of all ransomware targets, they were among the new verticals, blacklisted by ransomware, reported Intel Security’s latest McAfee Labs Threat Report.
Intel Security researchers discovered a ransomware network which has made a profit of $121 million hitting several sectors, as the main distributor has gained $94 million for the first half of 2016, revealed the report.
The main reason that contributed hospitals to become such hot targets for malicious attacks is their dependence on legacy IT systems and medical devices with weak or no security. Moreover, healthcare institutions tapped third-party services that might be commonly used in the sector and needed immediate access to information to support patient care.
“Hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations.” – said Vincent Weafer, the vice president for Intel Security’s McAfee Labs – “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”
He also added that hospitals together with the manufacturing sector are so appealing to crooks because of their loose securities and complex environments.
“Cybercriminals’ motive is ease of monetization, with less risk.” – Weafer said – “Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered, but you can’t change your most personal data or easily replace business plans, contracts, and product designs.”
Furthermore, according to the McAfee report, these two sectors haven`t experienced many of these attacks in the past, meaning they probably don’t have reliable securities.
The report also stated that retail and financial services companies have the strongest protection, which is most likely because of the fact they store very valuable data and have been attacked numerous times in the past.
Overall, more than 25% of respondents didn’t monitor access involving sensitive employee or customer information and data sharing. Some 37% did so, and this figure was a higher 50 % where the largest organizations were concerned.
The report also stated that 90% relied on cloud security tactic but only 12% of them said their data activities were visible in the cloud. 40% of respondents reported data loss involving physical media such as thumb drives but only 37% of them used endpoint monitoring of user activities and physical media connections.
The total of ransomware threats jumped with 128%, macro malware increased with 106%, while the mobile malware had a record-worthy rise of 151% year-on-year to hit nearly 2 million new samples.