Ransomware attacks can cause an incredible amount of damage to an organization’s reputation as well as huge financial losses from the downtime they cause. Recovery from an attack, regardless of whether the ransom is paid, can take weeks and the theft and publication of sensitive data on the dark web can prompt customers to leave in their droves. Attacks are still being conducted in high numbers, especially in the United States and the United Kingdom. One recent survey indicates that 90% of businesses in those countries have experienced at least one attack in the past 12 months, with three-quarters of organizations suffering more than one attack in the past year.
The healthcare sector is often attacked as defenses are perceived to be weak and sensitive data can be easily stolen, increasing the chance of the ransom being paid. The Inc Ransom group has been targeting the healthcare sector and conducted an attack on an NHS Trust in Scotland earlier this year, stealing 3 TB of sensitive data and subsequently publishing that data on the dark web when the ransom wasn’t paid.
The Inc Ransom group also conducted an attack on a Michigan healthcare provider, preventing access to its electronic medical record system for 3 weeks in August. A group called Qilin attacked an NHS pathology provider, Synnovis, in June 2024 which had a huge impact on patient services, causing a shortage of blood in London hospitals that caused many surgeries to be postponed. Education is another commonly attacked sector. The Billericay School in Essex had its IT system encrypted, forcing the school to temporarily close. In all of these attacks, highly sensitive data was stolen and held to ransom. The public sector, healthcare, and schools are attractive targets due to the value of the sensitive data they hold, and attacks on businesses cause incredibly costly downtime, both of which can force victims into paying ransoms. What is clear from the reporting of attacks is no sector is immune.
There is increasing evidence that ransomware groups are relying on malware for initial access. Microsoft recently reported that a threat actor tracked as Vanilla Tempest (aka Vice Society) that targets the healthcare and education sectors has started using Inc ransomware in its attacks and uses the Gootloader malware downloader for initial access. A threat actor tracked as Storm-0494 is responsible for the Gootloader infections and sells access to the ransomware group. Infostealer malware is also commonly used in attack chains. The malware is installed by threat groups that act as initial access brokers, allowing them to steal credentials to gain access to networks and then sell that access to ransomware groups. Phishing is also commonly used for initial access and is one of the main initial access vectors in ransomware attacks, providing access in around one-quarter of attacks.
Infostealer malware is often able to evade antivirus solutions and is either delivered via malicious websites, drive-by malware downloads, or phishing emails. Gootloader infections primarily occur via malicious websites, with malvertising used to direct users to malicious sites where they are tricked into downloading and installing malware. Credentials are commonly compromised in phishing attacks, with employees tricked into disclosing their passwords by impersonating trusted individuals and companies.
Advanced cybersecurity defenses are needed to combat these damaging cyberattacks. In addition to traditional antivirus software, businesses need to implement defenses capable of identifying the novel malware threats that antivirus software is unable to detect. One of the best defenses is an email sandbox, where emails are sent for behavioral analysis. In the sandbox – an isolated, safe environment – file attachments are executed, and their behavior is analyzed, rather than relying on malware signatures for detection, and links are followed to identify malicious content.
DNS filters are valuable tools for blocking web-based delivery of malware. They can be used to control access to the Internet, prevent malvertising redirects to malicious websites, block downloads of dangerous file types from the Internet, and access to known malicious URLs. Employees are tricked into taking actions that provide attackers with access to their networks, by installing malware or disclosing their credentials in phishing attacks, so regular security awareness training is important along with tests of knowledge using phishing simulations.
There is unfortunately no silver bullet when it comes to stopping ransomware attacks; however, that does not mean protecting against ransomware attacks is difficult for businesses. TitanHQ offers a suite of easy-to-use cybersecurity solutions that provide cutting-edge protection against ransomware attacks. TitanHQ’s award-winning products combine advanced detection such as email sandboxing, AI and machine-learning-based detection, and are fed threat intelligence from a massive global network of endpoints to ensure businesses are well protected from the full range of threats.
Give the TitanHQ team a call today and have a chat about improving your defenses with advanced anti-spam software, anti-phishing protection, DNS filtering, and security awareness training solutions and put the solutions to the test on a free trial to see for yourself the difference they make.