Ransomware attacks on healthcare and other organizations “will wreak havoc on America’s critical infrastructure community”
Ransomware attacks on healthcare and other organizations is a major threat on America’s critical infrastructure community. A new report found that this type of malware is now very prevalent and creating its own economy.
The institute for Critical Infrastructure Technology published a report and said; “New attacks will become common while unattended vulnerabilities that were silently exploited in 2015 will enable invisible adversaries to capitalize upon positions that they have previously laid claim,”
In the ransomware economy, criminals are using pricing calculations to target victims based on the most efficient ways to rake in money and, what’s more, criminals understand and engineer the pressures to put on victims.
The report said ransomware hackers are discovering the right price to charge for targeted industries and individuals, citing Symantec research that lists the average ransom paid by businesses at about $10,000.
“Healthcare organizations were not a primary target for ransomware attacks prior to 2016,” the report stated. “But, the success of the Hollywood Presbyterian attack and the media coverage will ensure that attackers focus on the healthcare sector in the future.”
Indeed, Ransomware is responsible for over 406K attempted infections and accounts for a total of approximately $325 million in damages, according to a November, 2015 report by the Cyber Threat Alliance.
And the market for ransomware may very well keep growing, in large part because of the low cost and ease in perfecting it. In the case of the major ransomware variant Crypotwall, CTU researchers estimated that in 2014, about 1.1 percent of the Cryptowall ransomware victims paid the ransom (at an average of $500), which might not look like a lot but the FBI said that 992 complaints Crytpowall netted more than $18 million between 2014 and 2015.
“The lesson is that ransomware, while less sophisticated than APT (advanced persistent threat) groups and other cyber criminals, is still significantly profitable, even when only a miniscule number of user fall for its scheme.” ICIT authors wrote. And “who knows how many infections were not reported?”
More Here [medicalpracticeinsider]