While hospitals are inundated with coronavirus patients and scrambling to get remote workers set up, ransomware hackers are trying to take advantage of the chaos. They've been scanning hospital network devices like gateways and VPN systems for weaknesses and potential vulnerabilities.
Microsoft recently made a targeted notification to dozens of hospitals they identified to have high vulnerabilities. This is part of their campaign to help support hospitals and other critical infrastructure to monitor and combat cyber threats during this time of need.
While many ransomware hackers have vowed to stay away from healthcare during the pandemic, Microsoft has identified one group, that goes by the name REvil, to be scanning healthcare systems for vulnerabilities.
They employ a tactic called Human-Operated Ransomware Attack which is typically employed by nation-state actors. Which means they're more sophisticated than your typical run-of-the-mill ransomware campaigns.
These hackers have extensive knowledge on system administration and security misconfigurations that are not high on the priority list for many healthcare organizations.
Microsoft explains how REvil operates in their latest blog post:
"In these attacks, adversaries typically persist on networks undetected, sometimes for months on end, and deploy the ransomware payload at a later time. This type of ransomware is more difficult to remediate because it can be challenging for defenders to go and extensively hunt to find where attackers have established persistence and identify email inboxes, credentials, endpoints, or applications that have been compromised."
Microsoft had this advice to help protect your gateway and VPNs from being exploited:
"We understand how stressful and challenging this time is for all of us, defenders included, so here’s what we recommend focusing on immediately to reduce risk from threats that exploit gateways and VPN vulnerabilities:
If you're not sure how to properly monitor your remote access infrastructure or you're confused about any of the advice given, don't hesitate to reach out. We're always here to help!