The New COVID-19 Reality
The new coronavirus-induced reality has brought new challenges and new risks, specifically in cyberspace, as more and more organizations are required to go digital.
It’s no secret that cybercriminals often take advantage of vulnerable targets during times of crisis. Unfortunately, today’s coronavirus epidemic is no exception. Not only are businesses and governmental organizations being targeted – we’ve seen an uptick in attacks and threats against healthcare facilities and hospitals too, where the systems that care for patients and perform lab work are often linked.
At Acronis SCS, we believe we have a responsibility to spread the word: we have no doubt cybercriminals will continue to target private and government hospital systems with ransomware in the coming weeks, both in the United States and beyond.
Rise of Pysa (Mespinoza) Ransomware
According to ZDNet, some of France’s local governments were infected with a new version of the Pysa (Mespinoza) ransomware last month. The country’s cybersecurity agency even issued an alert about a new criminal gang targeting the networks of local government authorities.
Unsurprisingly, Pysa attacks aren’t limited to France. The ransomware gang has apparently attacked victims across multiple continents.
Healthcare Facilities Targeted by Ransomware
Attacks against public sector entities, like municipalities, port authorities, and medical facilities and clinics have been trending upward for sometime now. During this pandemic, however, the stakes have changed dramatically for healthcare organizations and the patients they serve.
Early on, observers worried that medical responders treating COVID-19 patients would be particularly hard hit, because of their need for immediate access to data, applications, and systems in order to save lives. Yet, at the beginning of the crisis, some hacker groups claimed they would refrain from targeting medical facilities.
That promise was quickly broken though, as a UK-based coronavirus testing lab was targeted by the Maze ransomware group – one of the cybercriminal gangs that had announced the so-called “ceasefire.” And they’re not the only cybercriminals on the hunt for vulnerable targets. Cyberattacks against the World Health Organization (WHO) have doubled since the onset of COVID-19.
Data Protection Needs Cybersecurity
Sophisticated ransomware threats often disable backup solutions and/or delete backup files. It is therefore crucial that a modern, future-proof backup software can protect itself, its agent, and all the backups it creates (by preventing write access from other processes, for example) from attack.
Copying backup files to read-only locations can sometimes also help safeguard against cyberattacks. If the backups are stored in the cloud, then the connection to the cloud must be secure, as well as the configuration of the cloud itself.
We recommend taking the following critical steps to protect your organization’s data and systems:
Establish an anti-phishing strategy.
Train employees to recognize malicious emails/sites or use email systems with integrated anti-phishing solutions. Better yet, use both methods.
Use two-factor authentication whenever possible.
Even in its simplest form with SMS, two-factor authentication reduces the success rate of bulk phishing attacks by 96% and targeted attacks by 76%.
Use strong, unique passwords for different services.
A password manager can help you remember all these different passwords.
Update your systems automatically.
You wouldn’t want to increase your financial debt – don’t increase your technical debt either. Ensure you are patching and updating systems regularly to mitigate known vulnerabilities.
Deploy ransomware protection and anti-virus systems.
You should always backup your critical systems and data, period. While many organizations have separate tools to perform anti-virus and backup functions, implementing a backup tool with built-in anti-ransomware functionalities can save time and money. To make sure your backups aren’t accessible by ransomware, keep them offline or on a remote system that ransomware attacks cannot reach.
Unless you absolutely must, make public-facing websites static.
Most organizations do not need complex content management systems on their websites. Pre-rendered static pages are much more secure and often perform all the necessary functions. There are a few site generators supporting such an approach. Most are affordable and some are even free. Static websites are also light on CPU usage, so SMEs will not need to invest in expensive additional hardware or virtual machines. You can even host a static site on a file-sharing platform.
Benefits of Cyber Protection
As the volume of healthcare data grows, methods for safeguarding that data (as well as the systems and applications in which it sits) must address complex and often competing considerations – making a holistic cyber protection approach necessary.
At Acronis SCS, we have developed a balanced approach to address the Five Vectors of Cyber Protection: safety, accessibility, privacy, authenticity, and security (or SAPAS). As a result, our solutions provide comprehensive, well-balanced protection that goes well beyond traditional backups or classic anti–virus solutions which, by themselves, only tackle one side of the equation.
Organizations – particularly healthcare institutions right now – need to start shifting to a cyber protection mindset to better anticipate and defeat cyberattacks. That’s why behavioral anti-ransomware, like Acronis SCS Active Protection, has emerged as an important defense against hackers. Using artificial intelligence and machine learning, our technology identifies malicious threats based on behavioral processes. Because it looks for suspicious activity rather than monitoring for known threats, it is particularly effective against new ransomware strains and zero-day attacks.
Preparing for the Future
While the world continues to respond to the spread of the novel coronavirus and medical teams care for the suffering, it is shameful that cybercriminals are exploiting the crisis for personal gain. Yet, we are certain such cyberattacks against government agencies, healthcare facilities, and medical professionals treating COVID-19 patients will continue unabated.
Countering these fast-changing threats – both the physical threat of coronavirus and the related uptick in opportunistic malware – needs to be a priority for everyone.