Last Week in Ransomware: 07.15.2024

Last week in ransomware news we saw RansomHub publish Florida Health Department data, NHS still vulnerable to ransomware attacks, and Lurie Children’s Hospital named in a class action lawsuit...

RansomHub Posts Health Department Data

RansomHub, a ransomware threat group, claims to have published 100 gigabytes of data stolen from the Florida Department of Health after the agency failed to pay a ransom.  

They released a statement emphasizing the department's responsibility for public health and its policy, in line with the Cybersecurity and Infrastructure Security Agency guidelines, of not paying ransoms. The Florida Department of Health did not comment on the incident.

Traditionally, ransomware attacks involved encrypting files and demanding payment for decryption. Organizations countered this by restoring data from backups or accepting data loss.  

However, attackers have evolved their tactics to include data exfiltration, demanding ransom not only to regain access to systems but also for the stolen data.  

This dual-threat significantly increases the likelihood of extortion success as payment does not guarantee data protection.

Exfiltrated data often includes personally identifiable information, payment processing details, business transactions, trade secrets, and other valuable information.  

Ransomware operators may use this data in double extortion schemes, threatening to expose it if the ransom isn't paid by a certain deadline.  

Robust cybersecurity measures, including encryption, access controls, and employee training, are crucial in protecting sensitive data and preventing such attacks.

READ MORE HERE

NHS Vulnerable to Ransomware Attacks

A ransomware attack on UK pathology testing provider Synnovis has severely disrupted services at major hospitals, leading to the postponement of thousands of medical appointments and procedures.  

Despite the NHS investing £338 million in cybersecurity over the past seven years, Professor Ciaran Martin, former CEO of the UK's National Cyber Security Centre (NCSC), warns that the NHS remains "highly vulnerable" to further attacks without significant system updates.

Martin expressed concern over the persistent threat of ransomware in healthcare, calling it a major global problem.  

His warnings highlight the limited effectiveness of current measures, even as law enforcement has made scattered arrests of low-level affiliates in the ransomware space.  

The UK, US, and allied governments face significant challenges in curbing these disruptive attacks.

While law enforcement actions and sanctions against ransomware operators are necessary, the rapid replacement of disrupted operations suggests that more robust responses are needed.  

The increasing severity and frequency of ransomware attacks on healthcare and critical infrastructure suggest a shift from mere cybercriminal activity to a national security issue.  

These attacks, which threaten patient lives, may require addressing as state-sponsored terrorism, necessitating different response protocols.  

Maintaining the status quo is untenable, given the measurable impact on patient outcomes and mortality rates.

READ MORE HERE

Lurie Children’s Hospital Class Action Suit

Lurie Children’s Hospital in Chicago faces a class action lawsuit following a January 2024 ransomware attack that compromised the protected health information (PHI) of 775,000 patients.  

The lawsuit alleges that the hospital failed to implement adequate cybersecurity measures, violating industry standards and leading to unauthorized access. Plaintiffs claim they now face a lifetime risk of identity theft and fraud due to these security lapses.

The lawsuit criticizes the hospital for delayed notification and insufficient information in the notification letters, hindering plaintiffs' ability to mitigate the breach's effects. Allegations include negligence, breach of contract, unjust enrichment, invasion of privacy, and violations of several Illinois laws.

Ransomware attacks extend beyond financial and operational impacts, posing significant risks through the potential loss of sensitive data and intellectual property.  

Threat actors increasingly threaten to publish or sell stolen data if ransoms are unpaid, leading to regulatory fines, legal liabilities, and damage to brand reputation and customer trust.  

The surge in class action lawsuits following data-exfiltration ransomware attacks has heightened liability risks for executives and boards of directors.

Organizations must detect attacks early in the sequence, before the ransomware payload is delivered.  

Today’s ransomware operations often prioritize data exfiltration over encryption, with some groups focusing solely on data theft and extortion.  

Compliance with data protection laws and prompt breach reporting are essential to avoid substantial fines and legal liabilities.

READ MORE HERE

‍

Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform to defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.