The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and Department of Health and Human Services (HHS) released a joint cybersecurity advisory regarding an imminent ransomware attack, specifically targeting the healthcare and public health sector. While these agencies have credible intelligence suggesting a possible attack on these industries soon, we urge all organizations to prepare for these kinds of threats.
According to the advisory, these attacks are with TrickBot and BazarLoader malware, which cause data theft and the disruption of services. Depending on your industry, an outage could cause a threat to lives or wellbeing or loss of revenue. Data theft could cause serious legal ramifications and fines.
No one is immune to these threats. Large cybersecurity firm CrowdStrike just confirmed being targeted with a trojan virus, quick off the heels of software firm SolarWinds identifying it in its code. Organizations large and small of all industries are being brought to their knees daily by malicious attacks like these.
Educate your staff on recognizing phishing emails and other signs of cybersecurity events like strange browser or search engine activity. You’re only as strong as your weakest link.
Additionally, IT teams should schedule lock-down drills, validate backups are good (do this by restoring and testing) and disconnected from the domain, and continue to patch systems regularly. We urge organizations to have contingency plans should the network be compromised and/or systems go down, like failing over to backups, sending staff to work remotely, or safely moving patients, etc.
For a threat like this, best practices include:
- Multi-factor authentication wherever possible, particularly for administrator access.
- Complex passwords.
- Automatically updating antivirus and antivirus protocols.
- Network segmentation.
- Close any open listening ports that are no longer needed.
We do not condone paying the ransoms. Payment never guarantees anything, and likely emboldens and provides necessary funding for these criminals, who incidentally are often part of or funding terrorist organizations. Additionally, paying a ransom tells these bad actors you should be targeted again because they know you’ll pay. The US Treasury Department discourages this behavior.