Ransomware Attacks Hit Taiwan Hospitals and Dubai Firm
Two notable ransomware attacks targeted several hospitals in Taiwan and a contracting company in Dubai last week. The ransomware attack in Taiwan prevented several hospitals from accessing their information systems, while the attack in Dubai froze a company's systems.
The first report of a ransomware attack on hospitals in Taiwan started Thursday last week, followed by more reports on Friday. Taiwan’s Ministry of Health and Welfare issued a statement after seeing multiple ransomware attacks on hospitals since August 29. The ransomware affected ministry-affiliated hospitals, large regional hospitals, and clinics.
None of the hospitals paid the ransom demand (which demanded payments in bitcoin), as they were able to restore their systems within two hours, with no record lost or information stolen. However, the incident highlighted the password management problems these hospitals had, and the urgency of making improvements.
Meanwhile, the attack on the Dubai-based contracting company involved the Dharma ransomware, which encrypted all their files and paralyzed their systems. Since the attack’s discovery on August 28, the firm has been working on a solution to avoid having to pay the ransom of US$300 (in bitcoin). No update has been released on whether or not the firm was able to restore their systems.
The Dharma ransomware has been around since 2016, and continues to be used and developed by cybercriminals. Dharma was used to attack a hospital in Texas in late 2018, and only a few months ago, Trend Micro reported on how a Dharma sample used software installation to distract users from its malicious activities.
Defending against ransomware
These two cases — and several cases before them — show that, despite the decline in ransomware attacks, the malware type has not disappeared from the cybercriminal arsenal. In fact, we saw an overall increase in ransomware detections during the first half of 2019 compared to the previous quarter. Ransomware campaigns this year appear to have been more selective, aiming for targets that are more likely to yield high value payouts.
Ransomware is a versatile threat that cybercriminals are likely to continue using. In the event of a ransomware attack, organizations are advised not to pay the ransom. Keeping backups would help mitigate ransomware attacks and allow affected organizations to restore their systems quicker. To prevent attacks, organizations must continue to follow security best practices, some of which are listed below:
- Secure email gateways to prevent threats that arrive through spam and phishing.
- Restrict access to critical tools like administration tools and files to authorized personnel.
- Update systems and deploy patches as soon as they are available, or use virtual patching for unpatchable systems or software.
- Foster a culture of security within the organization.
Trend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report