The Evolution of Ransomware
Ransomware began as a way to extort money from people. Therefore, by encrypting files, the criminals could demand whatever price they wanted. In response, we evolved our security plans. We now include back-ups and reboot options. This left many attackers in a tough spot. They no longer had the leverage to make victims pay.
Then ransomware evolved. The newest attacks still lock down your data. However, these evolved attacks also copy your info and send it off to your attackers. If you don’t pay, they publish the stolen files online. This is exactly what happened to a research facility in Vermont.
Who’s Been Hit
ExecuPharm, who provides clinical research support services for the pharmaceutical industry, reported an attack on March 13th. Their April 17th letter to the Vermont Attorney General’s Office outlines the extent of personal information stolen. Passport and social security numbers, financial information, and driver’s licenses are listed among the tally of infiltrated data.
In addition to the stolen data, the website TechCrunch discovered that it was published on the dark web. The dark web site, which is associated with the ransomware group CLOP, contains thousands of files with personal information.
ExecuPharm’s operations chief, David Granese, said that the proper authorities were contacted, investigations launched, and the affected parties notified. Most importantly though, is that the data is still out there for sale.
Not Alone
ExecuPharm isn’t alone. Likewise, Parkview Medical Center in Puebo, CO reported on April 23rd about it’s own IT incident. The largest medical facility in their county, Parkview has promised that there will be no change in quality of care received.
Reported by Fox News, the facility said that patient records were hacked and rendered inoperable. The hospital has transitioned to using paper files, however those take longer to access and digest. Moreover, the paper system slows down the ability to provide time sensitive care.
Parkview hired investigators and third-party forensic experts to handle the hack. Unfortunately, there are patients who require critical care now.
Moving Forward
There doesn’t appear to be an end to the COVID-19 crisis in sight. Therefore, we need to make sure our security plan is solid. This is especially important for medical facilities. We keep hearing that we’re all in this together, but it appears that some people are still out for themselves.
Stay safe everyone.
