Cybercrime Locking Networks and Demanding Ransom
Recent Surge in Ransomware Targeting 'Medical Facilities'
"Healthcare and Medical Services Are Attractive Targets for Criminals"
Ransomware is a type of hacking where attackers take control of computer networks, encrypt data so that no one can use it, and then demand payment in exchange for the 'decryption key' to unlock the data. Since the rise of non-face-to-face services after COVID-19, ransomware crimes have also surged.
Recently, ransomware has become more malicious and unethical. Attackers have begun deliberately targeting medical facilities such as hospitals and clinics. This is because medical institutions, which are directly linked to human lives, are more likely to pay ransom to hacker groups.
Blood Donation and Transfusion Data Locked from Outside
![Hospitals Locked Down and 'Ransom' Demanded... Hackers Turn Ruthless Like Terrorists [Tech Talk]](https://cphoto.asiae.co.kr/listimglink/1/2024071214313849867_1720762299.jpg)
On the 3rd of last month (local time), Synnovis, a small IT company providing patient-related information to the UK's National Health Service (NHS), was hit by a ransomware attack from a hacker group. As a result, the computer systems of several hospitals using Synnovis's IT platform were paralyzed.
The biggest problem was the blood test and transfusion data provided by Synnovis. To perform a transfusion, the blood information of both donors and recipients must be known in advance.
Today, most hospitals store this information in computerized data banks, but hackers deliberately encrypted the blood donation data, locking it so that no one could access it. Although there were sufficient blood packs stored, an ironic situation arose where blood could not be provided to critically ill patients who needed transfusions immediately.
Ransomware Groups Directly Targeting 'Life'
![Hospitals Locked Down and 'Ransom' Demanded... Hackers Turn Ruthless Like Terrorists [Tech Talk]](https://cphoto.asiae.co.kr/listimglink/1/2023060210084151428_1685668121.jpg)
Ransomware is a crime that implants malicious code into computer networks to 'lock' important data or control privileges. Typically, attackers demand payment in exchange for the password or electronic 'key' that can unlock the locked system. Experienced hacker groups often use cryptocurrencies, which are difficult for authorities to trace, as their primary transaction method.
Ransomware attacks have been active for some time, but they have become more rampant since COVID-19. The main targets of attackers have always been places that can have the greatest impact on citizens' lives, such as government offices, power plants, and banks?essential infrastructure.
However, recently, cases like Synnovis show an increase in attacks exploiting security vulnerabilities in medical institutions and healthcare service companies. This is because hospitals are more likely to pay higher ransoms.
The Medical Sector Is More Willing to Pay Higher 'Ransom'
Currently, government intelligence agencies and law enforcement worldwide adhere to the principle of 'no negotiation' with ransomware attackers. If victims pay as much as attackers demand, cybercriminals will be encouraged to focus more on ransomware attacks, which could lead to even larger-scale attacks. The basic strategy is to avoid negotiating with criminals, even if it means abandoning locked systems and rebuilding them from scratch.
According to blockchain analysis firm Chainalysis, the amount paid by victims to ransomware attackers began to decrease from 2022. That year, ransomware damages amounted to $456.8 million (approximately 630 billion KRW), down about 40% from the previous year ($765.6 million, approximately 1 trillion KRW).
![Hospitals Locked Down and 'Ransom' Demanded... Hackers Turn Ruthless Like Terrorists [Tech Talk]](https://cphoto.asiae.co.kr/listimglink/1/2024071214322149868_1720762342.jpg)
Ransomware is a crime that blocks access to data and demands money in exchange for the encryption key. [Image source=Pixabay]
However, ransomware attackers have recently become more vicious. They now prioritize attacks on hospital facilities over other essential infrastructure.
The Royal United Services Institute (RUSI) in the UK analyzed this behavior of attackers in detail in a report published on the 25th of last month. Most ransomware attackers operate based on a pure cost-benefit analysis. In other words, they move toward targets with low risk and high rewards. The medical sector, by its nature, is more likely to negotiate with attackers and is willing to pay higher ransoms.
RUSI pointed out, "Some ransomware groups like BlackCat are increasingly focusing their attacks on healthcare providers. Healthcare services, which operate under life-or-death conditions, are vulnerable to operational disruptions, making them attractive targets."
"The Medical Field Is High-Risk Infrastructure That Must Be Prioritized for Protection"
RUSI recommends that medical and healthcare facilities and companies be newly classified as 'high-risk critical national infrastructure' with priority over other sectors. Since ransomware attackers are deliberately concentrating attacks on medical facilities, national cyber defense capabilities should be allocated to medical facilities first.
RUSI emphasized, "Healthcare is especially vulnerable when terrorists or criminal groups launch simultaneous attacks on critical infrastructure. It is time to implement defense measures against systematic attacks, beyond simply responding to one-off criminal threats."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
