{"id":89137,"date":"2024-07-31T08:00:14","date_gmt":"2024-07-31T15:00:14","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=89137"},"modified":"2024-08-02T06:20:59","modified_gmt":"2024-08-02T13:20:59","slug":"ransomware-risk-current-state","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/ransomware-risk-current-state\/","title":{"rendered":"The Current State of Ransomware Risk"},"content":{"rendered":"

Ransomware risk is top of mind for citizens and CISOs alike. From the board room to the room known as the \u2018SOC\u2019, everyone is feeling the pain of disruption. Being locked out of a system and forced back to pen and paper is shocking to our working lives. Too often, it is delaying a much-needed surgery or forcing manual intervention where a digital avenue was easy and efficient.<\/p>\n

But the effects of ransomware don\u2019t appear to be going anywhere soon.<\/p>\n

Digital extortion-based attacks are on a steady rise and its impact is being felt across every industry, including those in critical infrastructure<\/a>. Forescout Research \u2013 Vedere Labs<\/a> has observed 2,676 attacks through June<\/strong> of this year. The data is compiled via open-source tracking of ransomware leak sites. This is an increase of 15%<\/strong> from last year and is equal to 446 attacks per month<\/strong> or 15 per day<\/strong>.<\/p>\n

\"\"<\/p>\n

Every day, it seems, there are new reports of extortionists being paid off by large enterprises or municipal government systems being shut down by attackers. Claims of the largest ransom ever paid \u2013 $75 million \u2013 have been published<\/a> by researchers at Zscaler. This amount is nearly double the highest known payment of $40 million made by US insurer CNA in 2021<\/a>.<\/p>\n

CDK Global, a software company that serves the automotive dealership industry, recently paid $25 million in equivalent Bitcoin after a ransomware incident in June, according to Spiceworks<\/a>. But not every organization will pay up.<\/p>\n

The Florida Department of Health was hit by the ransomware group RansomHub<\/a> recently with a threat of revealing 100 gigabytes of citizen information. The state has only confirmed the state\u2019s online Vital Statistics system, used to issue birth and death certificates, was inaccessible. Though Florida has a standing policy of not paying digital extortion, data on over 10 million Floridians has been obtained by hackers in the last three years, per The Tampa Bay Times<\/a>.<\/p>\n

Cities and municipalities across the US are experiencing this rash of ransomware: Columbus, Ohio. The Los Angeles County Superior Court system. And smaller towns and cities, including Forest Park, Georgia, and Newcastle, Washington have all been recently attacked, according to Recorded Future News<\/a>.<\/p>\n

We follow it closely in our research \u2013 and have been for many years. In 2022, we published proof of concept research which explored the role of ransomware within IoT devices<\/a>.<\/p>\n

Ransomware Risk in 2024: The Spotlight Is on Healthcare<\/h2>\n

Some of the largest attacks using ransomware in 2024 have been in healthcare where medical device hardware and digital systems are intertwined. Between devices and software, healthcare is highly dependent on networked systems and the Internet of Things (IoT). In 2024, many large hospitals and healthcare networks \u2013 including Change Healthcare<\/a> in February and Ascension<\/a> in May \u2013 were attacked by ransomware.<\/p>\n

\u201cThe tools that are available now can make amateur bad actors into pretty good, bad actors,\u201d states Lee Schwamm, chief digital health officer at\u00a0Yale New Haven Health System in an interview with MedCity News<\/a>. \u201cYou can literally use LLM products and have them help you build ransomware code.\u201d<\/p>\n

Last year, we wrote about the topic in our blog \u201cYou\u2019re Not Hallucinating: AI-Assisted Cyberattacks Are Coming to Healthcare, Too<\/a>\u201d. Here, we showed examples with technical detail about point-of-care testing and laboratory devices \u2013 and a proprietary protocol used in medication dispensing systems. <\/p>\n

The recovery from the Change Healthcare attack is now being predicted to cost in the range of $2.4 billion \u2013 which is more than $1 billion more than previously expected by United Health Care \u2013 which owns Change, according to The HIPPA Journal<\/a>.<\/p>\n

What\u2019s critical to understand is the sheer number of devices and technology vendors in healthcare. The volume of third-party risk is large and being managed as a \u2018normalized\u2019 part of operations.<\/p>\n

\u201cWe have 4,800 different apps in our environment \u2014 with 1,700 attached to the EHR [Electronic Health Records],\u201d relays<\/a> Leah Miller, chief clinical application and data officer, at CommonSpirit Health, which is a large non-profit hospital chain in the US. \u201cThat\u2019s 4,800 vendors that can fail every day, so that\u2019s why we have two or three events every week.\u201d<\/p>\n

Go deeper. Learn how to <\/em><\/strong>master healthcare segmentation<\/em><\/strong><\/a> with the Director of Cybersecurity at ECU Health and experts from Forescout. <\/em><\/strong><\/p>\n

The real challenge occurs when attackers and criminals are able to find a vulnerability to gain control of data and systems. Sometimes, it is as easy as not having multifactor authentication turned on a server \u2013 which is what happened to Change Healthcare<\/a>.<\/p>\n

In other cases, an employee is phished or attackers use vulnerabilities in unpatched software or hardware devices as entry points into a network. Once inside, attackers move laterally to avoid detection and snoop around organizational data \u2013 and then lock it up and lock you out \u2013 until the ransom is paid.<\/p>\n

\u201cHospitals are installing a lot of\u00a0IoT devices\u00a0\u2014 everything\u2019s hooking into the network,\u201d says Ashis Barad, chief digital and information officer, to MedCity News<\/a>. \u201cEvery MRI machine is now connected to a network, but it wasn\u2019t this way before.\u201d<\/p>\n

To better understand hardware risk, we compile an annual report dubbed \u201cThe Riskiest Devices<\/a>\u201d. This year, we discovered IoT devices had a 136% increase in vulnerabilities. For healthcare and medical fields, specifically, we detailed the five riskiest areas:<\/p>\n