INTRODUCTION:
Described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to their advantage. Recent studies show a 273% percent rise in large-scale data breaches in the first quarter of 2020, compared to prior-year statistics, and a 109% year-over-year increase in ransomware attacks in the United States through the first half of 2020. This post will focus specifically on ransomware attacks targeting researchers working on a COVID-19 vaccine and how these attacks have evolved since the start of the pandemic.
In a ransomware attack, hackers use phishing or other means to introduce malware onto the victim’s computer system that encrypts the system, rendering the files and data on the system inaccessible to the victim. The hackers then attempt to extract a monetary payment from the victim in exchange for the key needed to decrypt the compromised files. In some instances, hackers also threaten to publicly release encrypted data by a specified deadline if no payment is received.
Recent ransomware attacks have targeted entities conducting confidential COVID-19-related research, including firms and groups working to develop a vaccine for the virus. In March, for example, the Maze ransomware hacking group attacked a British research company that was preparing to conduct trials of a COVID-19 vaccine. The hackers released thousands of personal medical records stolen from the company’s servers after the company, which stated it lacked funds to pay a ransom, refused to pay. In April, the U.S. firm 10x Genomics—which was performing sequencing research from the cells of patients who had recovered from COVID-19—suffered a ransomware attack The hacking group Sodinokibi took credit for that attack, claimed to have stolen one terabyte of sensitive data and publicly released some of that information. More recently, in June, hackers infiltrated servers in the epidemiology and biostatistics department of the University of California at San Francisco. UCSF, then in the midst of research into a COVID-19 treatment or vaccine, hired a professional negotiator and agreed to pay a $1.14 million ransom for the decryption key (according to a leaked transcript. Other recent targets of ransomware attacks include pharmaceutical companies working on trial-stage COVID-19 vaccines, such as Modern These attacks show that hackers are capitalizing on the vulnerabilities exposed by changing work patterns, such as increased use of personal e-mail accounts and “shadow” IT. However, the increase in ransomware incidents specifically further suggests that high-stakes COVID-19 research may make companies especially attractive targets because, as the director of the U.S. National Counterintelligence and Security Center warned in the early days of the pandemic, “there is nothing more valuable or worth stealing than any kind of biomedical research that is going to help with a coronavirus vaccine.” Because of the urgency created by the global health crisis and the value of being the first to market a vaccine, the researchers may be both more willing to cut corners with technology security and more likely to pay high ransoms to minimize work disruptions. The situation is proving irresistible to hackers, as even groups such as Maze—which publicly committed to refrain from attacking healthcare organizations throughout the pandemic—continue to mount attacks.
The UCSF hackers, who remain unidentified but were likely from Russia or Eastern Europe, were motivated primarily by the prospect of a large payday. However, data from other recent ransom ware attacks suggests at least some overlap between hacking groups driven by profit and groups working on behalf of nation states to co-opt American research for foreign vaccine efforts. In July, a federal grand jury in Washington State indicted two Chinese nationals on hacking charges. The defendants allegedly conducted a years-long hacking campaign, occasionally employing ransomware, and “in some instances acted for their own personal financial gain, and in others for the benefit of Chinese government agencies.” The indictment identifies multiple specific instances between January and June 2020 when the defendants allegedly probed the servers of U.S. biotechnology and medical diagnostics companies for vulnerabilities, seeking to obtain sensitive COVID-19-related research. In the wake of these recent attacks, companies and organizations—especially those involved in medical research related to COVID-19—should take all possible steps to protect their data and follow best practices for remote work. We will continue to monitor the unique threat environment caused by the COVID-19 pandemic a unique threat environment caused by the COVID-19 pandemic
• Malware, or malicious software, is any piece of software that was written with the intent of doing harm to data, devices or to people. Types of malware include computer virus spyware, ransom ware, adware, worms, file-less malware, or hybrid attacks. Recent malware attacks have become more sophisticated with the advent of machine learning and targeted spear phishing emails. The total malware infections have been on the rise for the last ten years:
o 2009 – 12.4 million
o 2010 – 29.97 million
o 2011 – 48.17 million
o 2012 – 82.62 million
o 2013 – 165.81 million
o 2014 – 308.96 million
o 2015 – 452.93 million
o 2016 – 580.40 million
o 2017 – 702.06 million
o 2018 – 812.67 million
• 92% of malware is delivered by email.
• Mobile malware on the rise with the number of new malware variants for mobile increased by 54% in 2018.
• Third-party app stores host 99.9% of discovered mobile malware.
• More than 250,000 unique users were attacked by Trojan-Banker.AndroidOS.Asacub malware application.
• 98% of mobile malware target Android devices.
• Over the last year, Machos malware has increased by 165%.
• Malware development rates for Windows decreased by 11.6% since reaching an all-time high in 2015.
• Malware is still the preferred distribution model, used 71.14% of the time over the last 12 months, while PUAs were only used in 28.86% of instances.
• Gamut spambot was the most frequently used, with over 86% of all spambot cases involving its use.
• The United States continues to host the most bonnet control servers in the world. Over the last year, 36% of these servers were hosted in America, while 24% were hosted in undefined countries.
• Trojans make up 51.45% of all malware.
• 7 out of every 10 malware payloads were ransom ware.
• 230,000 new malware samples are produced every day — and this is predicted to only keep growing.
• Malware and web-based attacks are the two most costly attack types — companies spent an average of US $2.4 million in defense.
• Overall business detections of malware rose 79% from 2017 due to an increase in backdoors, miners, spyware, and information stealers.
• Over 18 million websites are infected with malware at a given time each week.
• 34% of businesses hit with malware took a week or more to regain access to their data.
• 90% of financial institutions reported being targeted by malware in 2018.
Ransom ware is a form of malicious software that threatens you with harm, usually by denying you access to your data. Ransom ware attacks are often deployed via social engineering tacitics. Once a user falls victim to the attack, their data is encrpyted. The attacker then demands a ransom from the victim, with the promise to restore access to the data upon payment.
• Ransom ware attacks worldwide rose 350% in 2018.
• Ransom ware attacks are estimated to cost $6 trillion annually by 2021.
• 50% of a surveyed 582 information security professionals do not believe their organization is prepared to repel a ransomware attack.
• 81% of cyber security experts believe there will be more ransomware attacks than ever in 2019.
• 75% of companies infected with ransomware were running up-to-date endpoint protection.
• Ransomware costs businesses more than $75 billion per year.
• The NotPeyta ransomware attack losses could exceed $1 billion.
• FedEx lost an estimated $300 million in Q1 2017 from the NotPetya ransom ware attack.
• Atlanta, Georgia has spent more than $5 million rebuilding its computer network, after being hit by the Sam Sam ransomware attack in March 2018.
• The average cost of a ransomware attack on businesses was $133,000.
• Businesses lost around $8,500 per hour due to ransom ware-induced downtime.
• 25% of business executives would be willing to pay between $20,000 and $50,000 to regain access to encrypted data
• 30% of organizations who pay the ransom receive all of their money back.
• 40% of ransom ware victims paid the ransom.
• More than 50% of ransoms were paid by bit coin in 2018.
• 10% of all ransom demands are over $5,000.
• Of the 1,100 IT professionals surveyed, 90% had clients that suffered ransomware attacks in the past year.
• 40% had clients that were subject to at least 6 ransomware attacks.
• A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.
• 1.5 million new phishing sites are created every month.
• In 2019 ransomware from phishing emails increased 109% over 2017.
How effective do you believe your current anti-malware solution is at protecting your organization from ransom ware.
The table below shows the opinions of current anti-malware regarding the protection of the organization from Ransom ware.
Linker scale Frequency Percentage
completely effective 60 60
somewhat effective 40 40
Total 100 100
The table above indicates that the majority of the respondents who were 60% suggest that the anti-malware solution is protecting the organization from ransom ware and it is completely effective. Another 40% of the respondents suggest that the malware solution was somewhat effective.
What other security solutions do you currently employ to combat ransom ware?
Respondent’s opinions concerning security solutions to combat ransom ware
Linker scale Frequency Percentage
Data backup and recovery
30
30
User awareness
Operating systems 20
10 20
10
Email and web gateways
15
15
Application white listing 10 10
Security/behavioral analytics 15 15
Total 100 100
The table above indicates that the majority of the respondent who was representing 30% employs Data backup and recovery, 20% suggests to employ User Awareness, 10% of the respondent employs operating systems, and 15% use email and web gateways, while the other 10% and 15% respectively use Application whitelisting and Security /behavioral analytics.
Ransom ware Attacks Becoming More Widespread, Destructive, Expensive:
After more destructive attacks globally against critical infrastructure, the stakes are growing for the public and private sector regarding ransomware. Let’s explore the latest malware, including LockerGoga More ransom ware attacks made news headlines this month, with the most notable being the Oslo, Norway-based aluminum manufacturing Norse Hydro being shut The company manufactures aluminum products, manufacturing close to half a million tons each year, and is also a significant provider of hydroelectric power in the Nordic state.The LockerGoga malware was used to disrupt operations at one of the largest global aluminum manufacturers. According to Techcruch, “Employees were told to ‘not connect any devices’ to the company’s network.”Magazine offered this Guide to LockerGoga, the ransomware that is crippling industrial firms. Here’s a quote from the Wired article: “Since the beginning of the year, LockerGoga has hit a series of industrial and manufacturing firms with apparently catastrophic consequences: After an initial infection at the French engineering consulting firm Altran, LockerGoga last week slammed Norwegian aluminum manufacturer Norsk Hydro, forcing some of the company's aluminum plants to switch to manual operations. Two more manufacturing companies, Hexion and Momentive, have been hit by LockerGoga—in Momentive's case leading to a "global IT outage," according to a report Friday by Motherboard. And incident responders at security firm Fire Eye tell WIRED they've dealt with multiple LockerGoga attacks on other industrial and manufacturing targets they declined to name, which would put the total number of victims in that sector at five or more.” Mitigation methods should be incorporated in preventing Ransomware -attacks due to COVID-19 Concerning the above information, the IT Professionals have identified that the following mitigation will help the pharmaceutical industry to prevent a Ransomware attack.
Email Security:
(Botas, et al,2020) recommends implementing a threat-based, real-time e-mail security control to reduce e-mail threats especially during this pandemic period. This information aids in the blocking of malicious files and URLs in real-time. Additionally, reputation intelligence should be included in the email sender identifier to prevent potential Internet malware senders from sending incoming emails. To filter malicious URLs in the body of an email or attached documents, URL databases must be used. Adler also suggests running dynamic analysis on suspected attachments or URLs in a sandbox, which is a virtual environment isolated from other computers. When the file or URL is run in a sandbox environment, any suspicious behavior, such as notifying management and control servers, dumping misdeeds, changing Windows registry keys, and performing other potentially harmful tasks, is documented.
Blocking strange system files based on the content instead of an enhancement, obstructing password-protected records and encoded attachments, removing dynamic content from within files such as executable files or screenplays, and disabling Microsoft Office macros are among the mitigation measures recommended by the Cyber Security Center for the potential problems presented by social engineering email attacks(Botas, et al,2020). Institutions should also create different email authentication control measures, as per guidance released by the UK's National Cyber Security Center, to make it hard for dishonest emails to be sent from their domain names (Nasrallah et al,2020). The Sender Strategy Document, that is used to recognize the mail servers that are required to receive emails on behalf of any domain; Domain Keys Recognized Mail, a verification process that utilizes cryptographic signatures to better guarantee that a notification is not altered while it is sent or received; and Domain-based Message Authentication, Reporting, and Authentication, which is used to recognize the mail servers that are required to receive email messages on behalf of any domain; and Domain-based Message Authentication, Reporting.
Vulnerability Management:
Due to the COVID-19 effects, there have been an increased risk of cyber-attacks and the compliance requirements of HIPPA, NIS 800-731, PCI DSD, and other rules, business owners should consider implementing a vulnerability management program. The term "vulnerability management" refers to a "complete, ongoing process for identifying, assessing, classifying, resolving, and reporting vulnerabilities." Web browser flaws, end-user applications, business solutions, browsers, network devices, and servers can all be used by cybercriminals to gain unauthorized access or privileged control. The Department of Human Services' Office for Civil Rights (OCR) issued a guideline on software vulnerabilities and patches. According to the OCR report, many healthcare providers and employees rely on electronic protected health information processing and management software (ePHI). Following the HIPPA Security Regulations, healthcare providers and business partners must make every effort to mitigate software, system security, and electronic health information (ePHI) problems. Security flaws can occur in software and Pharmaceutical systems such as systems, databases, EHR systems, e-mails, firmware, devices, and customer-facing applications such as Java and Adobe Flash.
Risk levels Summar
Critical risk Respondents are almost always self-selected in all survey investigations, which is a major flaw. Everyone who receives a survey is unlikely to complete it, regardless of how reassured they are or what incentives are offered. If those who choose to react differ greatly from those who do not, the results may not reflect the views or behavior of the entire population being studied. A representative sample of the pharmaceutical population should be investigated, for example, to identify barriers to pharmacists' use of information. If only a recent pharmacist who is frustrated by their hospital's lack of internet access responds, the results may be misleading and thus cannot be applied to all nurses. One of the most serious risks in the field could be a lack of cooperation among participants seeking to protect the privacy of their businesses. This factor may have an impact on the study's credibility. However, by selecting a participant in each company, the risk is reduced.
Higher Risk Increasing insecurity is caused by the use of online interviews. During this process, technical problems may arise, resulting in unreliable data. However, under COVID-19 policies, some online materials will be sent to inform participants about how to efficiently use the online interviewing platforms. This will therefore help prevent the contraction of the disease at the same time lead to the success of the programs.
Medium level Risk
The research should be done within a specific time and this could be impossible at times because of challenges faced while collecting data. The respondents might not be willing to take part in the process causing some repercussions and risk on the deadline.
Low-risk Level Issues related to communication breakdown can lead to inconveniences during the research process. The respondent for instance may lack an effective network that allows free flow of information. Data collection hence may be tiresome in such a scenario and because this is the online way data can be collected due to COVID-19, will bring some inconveniences.
Recommendations or remedies to use to stop ransom ware attacks:
Respondent’s opinions concerning remedies to use to stop ransom ware attacks
Recommendations Frequency Percentage
Rehearse-IT lock-down protocol 20 20
backup of medical records 30 30
Speedup any pending software patches 40 40
Review plans within the next 24 hours should you be hit.
10 10
Total 100 100
The table above showcases Recommendations or remedies from a different respondent to stop ransom ware attacks for instance 40% of the respondent suggests that they will Speed up any pending software patches as a remedy to stop ransom ware attacks. Software patches that are pending should be completed as soon as possible. It not only costs you or your company money, but it also reduces revenue and productivity while your data is unavailable, and it can even endanger lives in hospitals and other health care facilities. There may be legal ramifications or, at the very least, damage to your company's reputation. Another disadvantage of paying the ransom is that the attacker provides positive enhancements to perform more and "better" attacks when the ransom is paid. The other group of respondents who represents 30% of the respondents suggest using a backup of medical records including electronic records and have a 321-backup strategy – have a hard copy or remote back-up or both.20% of the respondent employs Rehearse IT lock-down protocol and process including practicing backups. Other respondents were suggesting that a ransom ware email attachment is a different way to infect the computer. In senders, you do not know you should not open attachments in emails. Check who sent an email and double-check the correct email address. Make sure that it appears genuine before you open an attachment. If you're uncertain, check the man you think you've sent him. If you are asked by an attachment to enable macros to view it, don't open it. If the attachment is infected the malicious macro is switched off so that the malware can take control. Clicking on links in spam emails or unfamiliar websites should not be possible. One way to infect your computer is to click on malicious links that begin with. When ransom ware infects your computer, it encrypts your files or locks down your operating system. Once the ransom ware has taken a "hostage," it will require a lift-off to decrypt your files. It may appear to be the simplest way to pay the ransoms. This is what the criminal intends, but paying the ransom does not guarantee you access to your device or data. A ransom ware email attachment is another method of infecting the computer. Some respondents suggested that you should not open attachments in emails from senders you do not know. Check to see who sent an email and double-check the email address. Before you open an attachment, make certain that it appears genuine. If you're not sure, double-check the man you think you've sent him. If an attachment asks you to enable macros to view it, do not open it. If the attachment is infected, the malicious macro is disabled, allowing the malware to take control.
560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020:
In 2020, data shows 560 healthcare provider facilities fell victim to ransomware attacks, of an overall 2,354 US entities hit by the malware variant. January 19, 2021 - In the midst of responding to COVID-19, the healthcare sector faced a significant number of ransomware attacks in 2020 with 560 healthcare provider facilities falling victim to the malware variant, according to the latest Emsisoft State of Ransomware report The last quarter of 2019 saw an unprecedented number of ransomware incidents in the healthcare sector. And while the number of reported successful attacks petered off during the first half of 2020, those numbers drastically increased through a coordinated ransomware wave that began in September Overall, Semisoft data shows at least 2,354 US government, healthcare, and schools were impacted by ransomware attacks in 2020.The education sector saw the greatest number of successful attacks with 1,681 schools, colleges, and universities impacted by the threat. Federal, state, and municipal governments and agencies reported 113 successful attacks.The second half of the year saw some of the greatest impact from ransomware, with a host of healthcare ransomware victims were driven into EHR downtime. These attacks also caused other life-threatening disruptions, including the diverson of ambulances, inaccessible lab tests, and the like.
FBI Ragnar Locker Ransomware Attacks Increase with Data Theft Risk:
Hackers continued to heavily target the healthcare sector throughout the year, with at least 80 separate incidents. For Emsisoft, the most significant incident was seen with the attack on Universal Health Services which operates more than 400 hospitals and care facilities in the US.All sites were impacted by the attack, which was first disclosed by employees who were concerned by what appeared to be IT issues at facilities across the country.“The impact of the attacks was alarming: ambulances were rerouted, radiation treatments for cancer patients were delayed, medical records were rendered temporarily inaccessible and, in some cases, permanently lost, while hundreds of staff were furloughed as a result of the disruptions,” researchers wrote. A prime example of ransomware fallout can be seen with the attack on the University of Vermont Health Network. The health system was forced to operate under EHR downtime procedures for more than a month, with its patient portal, EHR, and lab result inaccessible for most of its care sites during that time. The main campus medical center was the hardest hit by the attack, including a lack of electronic communications across the network. Given the severity and extent of the attack, the Governor of Vermont deployed the Army National Guard’s Cyber Response to assist with recovery efforts.
FBI Warns Egregor Ransom ware Actors Actively Extorting Entities:
Further, estimates show the attack cost UVM about $1.5 million a day in increased expenses and lost revenue. Those costs don’t include expenditures on recovering the system from the attack, according to local news outlet VT Digger. With at least 42 days since the launch of the attack, the total impact could reach a total of at least $63 million. The health system was also forced to push back its planned EHR implementation due to the attack.The Emsisoft report highlighted the other severe fallout from ransomware: exfiltration and extortion effort. Cove ware data found extortion attempts occur in half of all ransomware attacks. Part of the increase could be attributed to a rise in the number of hacking groups leveraging exfiltration.At the start of 2020, Emsisoft noted that just the Maze hacking group leveraged this malicious tactic. But by the end of the year, at least 17 other cybercriminal groups adopted extortion and published a record amount of stolen data in online dark web forums.In total, at least 58 public sector entities had data stolen ahead of a ransomware attack, with 56 occuring during the second half of the year. And more than 1,300 private sector companies, many US-based, lost data through exfiltration.
Biggest Healthcare Security Threats, Ransomware Trends into 2021:
For healthcare, PHI and other sensitive data was stolen and published online in at least 12 incidents. All of the incidents occurred during the second half of 2020.“This is simply the number of companies which had data published on leak sites and takes no account of the companies which paid to prevent publication,” researchers wrote. “We believe it is probable that some data was sold to companies’ competitors or passed to other governments.”
“A number of threat actors are known to auction data or to invite offers from interested third parties, while others may contract to other governments or even be in their direct employ,” they added.What’s more, 2021 is on pace to be another severe year for cyberattacks unless entities take significant action now. Public sector entities may face the greatest challenges, as they remain prime targets for hackers and are typically less
Secure.Emsisoft also predicts that data theft will double in the coming year, as cybercriminals adopt proven strategies in their attacks. Providers and organizations from other sectors continue to pay ransom demands, which prove exfiltration is a successful business model.For healthcare provider, it’s imperative to adopt a proactive approach to cybersecurity. Administrators and other security leaders should review previous insights from Microsoft, the Office for Civil Rights, the FBI, and CISA, among others, to tackle the ransomware threat before falling victim.“We also anticipate that cybercriminals will put stolen data to more use, using it to attack the individuals to which it relates in order to put additional pressure on the organizations from which it was stolen,” researchers noted. “The ransomware problem will not be easy to solve… but solutions must nonetheless be found.”“2021 need not be a repeat of 2020,” Emsisoft CTO Fabian Woser, said in a statement. “Proper levels of investment in people, processes and IT would result in significantly fewer ransomware incidents and those incidents which did occur would be less severe, less disruptive and less costly.”
CONCLUSION:
To sum up is that, a good research project should have a good methodology such as the use of surveys and questionnaires. This research used both methods to obtain essential data. A descriptive design, according to Rival (2013), allows researchers to describe, record, analyze, and report on existing conditions. Descriptive research is a great way to find out about things like characteristics, intensities, trends, and classifications. When there isn't a lot of information available about a topic or issue, it's helpful. You must first comprehend how, when, and where something occurs before you can comprehend why it occurs. This research seeks to analyze the increase in Ransom ware attacks in the pharmaceutical Industry. The design, planning, collection, analysis, drawing meaningful interpretations, and reporting of research findings are all examples of statistical methods used in conducting a study. The statistical analysis gives meaning to insignificant numbers, bringing previously lifeless data to life. Only when proper statistical tests are used are the results and inferences accurate. Descriptive data is useful because it would be difficult to see how the data displayed if it were considered raw data. This enables us to present data more effectively in descriptive statistics, making data interpretation easier.