Project Work Answers | Analysis of Ransomware Attacks: COMP7017

Analysis of Ransomware Attacks in Practice in Health Care Industry
Name of the Student

Preview text

Analysis of Ransomware Attacks in Practice in Health Care Industry
Name of the Student
Name of the University
Author ’sNote:
Table of Contents
1. Introduction ………………………………………………………………………………………………………………… 2
2. Security Vulnerabilities and Threats ………………………………………………………………………………. 2
3. Techniques to Attack ……………………………………………………………………………………………………. 5
4. Critical Analysis of the Existing Solutions for aThreat ……………………………………………………. 7
5. Challenges in the Future ……………………………………………………………………………………………… 10
References ……………………………………………………………………………………………………………………. 13
1. Introduction
Ransomware refers to as aspecific kind of malware attack, where the respective attacker
locks as well as encodes the data and important files of the victims and then eventually demands
for apayment for unlocking and decoding the data. In most of the cases, the ransom demand
comes with adistinct deadline and when the victim does not pay in time, the data would be gone
forever or the ransom increases for the victim (Mohurle and Patil 2017 ). These attacks are quite
common recently and several companies in different parts of the world have fallen victim. It is
being observed that the cyber criminals would be attacking any customer or business and the
victims would be from various industries.
One of the most impacted industries for these ransomware attacks is the health care
industry. These attackers have grown highly creative by requiring payments, which are almost
impossible to track and it helps cyber criminals to remain completely anonymous. The health
care equipment and data get impacted with the attacks and there had been several cases, in which
the organizations had to make payments for getting back their confidential information
accordingly (Aidan, Verma and Awasthi 2017 ). A popular example is for Presbyterian Memorial
Hospital and the attack has highlighted the potential damage as well as risks of ransomware.
Several laboratories, emergency rooms and pharmacies were hit with the attack. This report
provides abrief discussion on the analysis of the ransomware attack in the health care industry
with security vulnerabilities and future challenges.
2. Security Vulnerabilities and Threats
There are a few security vulnerabilities and threats that are present in the system and
ransomware attacks are extremely common for the entire health care sector. The subsequent risk
of falling victim to this type of an attack can be termed as highly vulnerable. For the subsequent
responsibility of addressing the vulnerabilities, the information is being shared within the third
party device or software manufacturer and even the business, which utilizes them. It could be
difficult for the businesses to adequately secure themselves against the threats (Ransomware
attacks. 2021 ). Different vendors would involve proper validation of the software in the overall
product development cycle and also comprise of clear procedures to address anewly discovered
vulnerabilities, which bring out threat to the clients.
As per the analysis, there are afew distinct vulnerabilities for ransomware attacks and
these distinct security vulnerabilities are remote code execution and privilege escalation. These
are the most distinctive vulnerabilities, which the attackers often weaponize as well as exploit.
More than 266 security vulnerabilities are related to ransomware and the attackers are
increasingly exploiting all of these weaknesses for launching the attacks on the health care sector.
Hence, a proper identification and remediation of the vulnerabilities requires to be a main
priority for the businesses for getting security from the ransomware attacks (Tandon and Nayyar
2019 ). All of these attacks highlight the requirement for the continuous evaluation of different
vulnerabilities and even the subsequent prioritization of their remediation successfully.
There could be a major variations in the code, functionalities and targets of the
ransomware and the major innovation in the ransomware attacks have been incremental. A few
popular examples of the ransomware attacks are WannaCry, Crypto Locker, NotPetya, Ryuk,
Bad Rabbit, Revil and many more. It has been checked in the last years ’analysis, almost 35% of
the attacks are categorized as remote code execution and privilege escalation exploit types. This
particular exploit is eventually associated with the Conti ransomware (Alqahtani and Sheldon
2022 ). Moreover, 40% of the vulnerabilities are tied to the ransomware and these are classified
as the remote code execution and privilege escalation exploitation.
A few low scoring vulnerabilities that have been responsible for impacting on the health
care industry for bringing ransomware attacks are also needed to be analyzed and eradicated. The
respective security teams tend to sideline low scoring vulnerabilities as well as patch these
security vulnerabilities, on the basis of the CVSS or common vulnerability scoring system
(Collier 2017 ). There are afew companies, which would be highly vulnerable to the ransomware
attacks as almost 59% of the security vulnerabilities are related to the ransomware that are of low
score. As the security teams might overlook all of these vulnerabilities, the risk based platforms
would be flagging the vulnerabilities as higher risks, in spite of the low score that is provided
Several companies do not utilize or remain completely unaware of the tools that are
leaving their low scoring vulnerabilities unpatched and even their network that is open to the
ransomware attacks. Apart from these vulnerabilities, the actively exploited vulnerabilities of
ransomware are considered as of high risk and should be prioritized for complete remediation
(Malecki 2019 ). At present, more than 130 vulnerabilities to the top of their patching list as all of
these weaknesses are compromised for launching the respective damaging ransomware attacks
and hence creating major issues and complexities. It is being observed that the increase in the
APT group attacks are distinctive from the initial phase. APT groups are the newest
vulnerabilities for ransomware and these have targeted critical industries like the health care
sector and have also included ransomware to the disruptive attacks.
The new ransomware families are Crypwall ransomware that has almost 66 CVEs in the
fold. The Cerber strain has overtaken the ransomware vulnerability of Locky that had 65 CVEs
tied to the ransomware. These ransomware exploits are Apostle, Dark Radiation, Five Hands and
Qlocker. Apart from the security vulnerabilities, there are afew threats related to the ransomware
and these have been responsible for ensuring that the health care sector is getting security, under
every circumstance (Ransomware. 2022 ). The codes are being changed by the attackers into new
variants for avoiding detection of the threats. Anti malware developers and administrators should
keep up with the newer methodologies, so that the successful detection of various threats that
occur quickly, even before it could propagate across the network. These security threats
associated with the ransomware attacks in the existing systems and processes are DLL side
loading, web servers becoming targets, spear phishing and ransomware as aservice or RaaS.
3. Techniques to Attack
The attackers take up various distinctive techniques for attacking the systems and
processes. As aresult, new aspects and attributes are required to be considered for better results
and efficiency (Davies, Macfarlane and Buchanan 2020 ). The major techniques to attack and
conduct ransomware attacks are provided in the following paragraphs:
i) Phishing : The first and the foremost technique that is extremely common for
ransomware attack is phishing attack. All of these attacks are the practices to end fraud
communications, which appear to come from ahighly reputed source. It is being done with the
emails and the main objective is to steal confidential information, such as credit card as well as
login information or even installing malware to the machine of the victim (Zhang-Kennedy et al.
2018 ). The cyber criminals often utilize the technique of phishing attack for considering their
credentials and creating issues.
As per the data of 2020, phishing is the most utilized ransomware attacking technique or
vendor. With the help of links and attachments, an email phishing attack seeks to eventually trick
the users into taking aspecific type of action. These phishing emails comprise of different links
that might appear to come from aknown contact and it can ask auser to enter credentials for a
vague purpose. All of these credentials are then stolen and utilized for accessing the key systems
on which the ransomware could be installed (Davies, Macfarlane and Buchanan 2021 ). There are
various other tactics, which involve asking the user for clicking on afake attachment, after which
the ransomware would initiate automatic downloading.
ii) Remote Desktop Protocol :The second distinct and noteworthy technique that is
extremely common for ransomware attack is remote desktop protocol or RDP. These ports are
often poorly secured as well as easily compromised. Furthermore, RDP security is dependent
heavily on the proper password protocol that could be ignored by the users. The lower skilled
cyber criminals could eventually infiltrate poorly protected RDPs for harvesting the credentials
(Bhagwat and Patil 2020 ). Hence, it is being observed that there had been several scenarios, in
which RDP ports have been utilized. As soon as the malicious actors obtain credentials, they
could eventually bypass end point protection and initiate havoc on the enterprise systems like
encoding the data backups. For the businesses to obtain accessibility to their own data or retrieve
it, they should transfer ransom to the bitcoin account or even any other crypto currency attribute.
HSE or Health Service Executive of Ireland has faced amajor ransomware attack in 2021
and remote desktop protocol was used by the attackers. The HSE is the publicly funded health
care system of Ireland that comprises of more than 54 public hospitals directly under the
authority of HSE and even voluntary hospitals that use the national IT infrastructure. In the
ransomware attack of HSE, all the IT systems were impacted in the entire nation and these
systems were shut down (HSE Ransomware. 2022 ). It had become the most significant cyber
threat and attack on the subsequent state agency of Ireland and even the largest known attack
against the health service computer system.
The attackers had waited 2months, even before launching additional attacks for actively
attempting to compromise the network of HSE. Hence, encryption technique was being used by
the attacker, which was almost impossible to decode the message and other systems accordingly
(Min et al. 2018 ). The RDP technique was successful and the malware used in the attack was
Conti ransomware that was being analyzed for gaining significance in the process. Security
solutions and processes were not appropriate for the organization and as aresult, the data of the
health care sector was impacted.
iii) Patchy Protection :Another significant and noteworthy technique that is extremely
common for ransomware attack for the health care industry is patchy protection. There are
software vulnerabilities that often come with the third parties for the ransomware attacks. The
respective unpatched software can open the door for different malware intrusions and hence
management would be difficult (Zhao et al. 2018 ). When the software is not properly upgraded
or patched and the attackers could access the networks without having to include the credentials
in the health care industry. As soon as these are included in the system, they initiate attacking the
key programs as well as viewing or exfiltration of the confidential information. Furthermore,
different variations of ransomware have evolved for new formats, which are quite difficult for
detection and also extending their overall time for causing huge destruction. Hence, proper
security factors are required to be considered for gaining maximum success.
4. Critical Analysis of the Existing Solutions for aThreat
When it comes to the mitigation of the risk for compromising through phishing, proper
knowledge is required to be considered. It is needed to provide training to the staff regarding the
dangers of these phishing emails, so that they could be the organizational defenses (Kumar and
Ramlie 2021 ). It could be properly done via aprofessional employee security awareness program
that involves several steps for the purpose of determining comprehension. All of these programs
can improve employee awareness regarding several potential security issues like email phishing
and even the best practices, such as password protocol and proper cyber hygiene would be
focused accordingly. The organizational management should consider various existing solutions
for the threat of ransomware attack.
Several companies have implemented anti malware and anti phishing software in their
business processes and operations and proper detection should be implemented to gain success
and efficiency (Quinkert et al. 2018 ). A cyber security audit would be performed for better
results and outcomes with adequate cyber security software, trained personnel and resources.
Hence, a completely innovative recovery action plan would be ensured with better threat
intelligence and account take overs. However, these are not completely compliant with the
strategies and plans of cyber security and hence, ransomware attacks cannot be successfully
avoided. Proper scope, plan and impact for the business continuity requirements would be
developed for ensuring that various concepts of threat modeling and methods would be
understood (Hsiao and Kao 2018 ). Security architecture as well as engineering would be
considered for proper capability management and assessment.
A proper prevention for the ransomware attack mainly includes setting up and even
testing for different backups and even applying proper ransomware security in the respective
tools and techniques. The most distinctive security tools like email protection gateways are the
main line for defense and the end points are the secondary defense. The involvement of intrusion
detection systems can be termed as extremely vital for detecting the ransomware command and
control as well as alerting against the respective ransomware system to the control server (Kok et
al. 2019 ). Since the health care sector has to protect the patient ’sdata like medical history and
other attributes, IDS can be quite beneficial for the business processes and systems, so that these
attacks can be reduced.
Users ’training is vital and proper defense should be considered for protecting against the
ransomware attack, so that email phishing is significant (Sahi 2017 ). The consideration of CISSP
or certified information systems security professional certification is one of the most valued
information technology and information security certification of the world. With aproven track
record for more than 25 years, this specific involvement of CISSP can demonstrate that
maximum security and safety is obtained and the negative impacts are reduced. There are eight
domains of CISSP that are required to be considered for better results and efficiency and these
domains are security and risk management, asset security, proper security architecture and
engineering, communications and network security, identity and access management, security
evaluation and testing, security operations and finally software development security (Domains
of CISSP. 2022 ).
As aresult, the consideration of the CISSP certification would be extremely distinctive
for the organizational management in the health care sector, so that such ransomware attacks are
reduced and maximum safety and security is obtained, under every circumstance. It validates the
respective professionals for the information and even share their experiences for building and
managing security architects for the company (Domains of CISSP. 2022 ). The overall
application of security governance principles is needed to be considered with major aspects of
integrity, availability and confidentiality. A major evaluation of different compliance
requirements with the overall integration of professional ethics. Moreover, the organizational
management should also consider various legal and regulatory issues, which are completely
relevant to the information security on aglobalized perspective. Personnel security policies and
procedures would be established with proper application of risk management fundamentals.
The emails are needed to be defended against the ransomware attack and different email
gateways should be secured with targeted attack protection. Hence, malicious emails would be
detected and blocked, which deliver ransomware and all of these solutions would protect against
malicious attachments and documents, delivered to the users ’ systems (Aidan, Verma and
Awasthi 2017 ).
Mobile attack protection products would be considered against ransomware for better
analysis of the applications over the user ’s device and immediately alerting the user and
information technology to an application, which can compromise the entire environment.
Various tools of monitoring could identify unusual files could access major activities and viruses
for blocking ransomware from activation. As a result, ransomware attacks would be reduced,
without any kind of complexity or issue.
5. Challenges in the Future
Hence, it can be concluded that ransomware attacks have been increased in the health
care industry majorly, in the last few years. One of the main reasons for the increase of these
attacks is the growing popularity of crypto currencies like Bitcoin. Crypto current is aspecific
digitalized currency, which utilizes encryption techniques for verifying and securing transaction
and controlling the creation of the new units (Tandon and Nayyar 2019 ). The other popular
crypto currencies are Ethereum, Ripple and Litecoin. Apart from the helping control of the
impacts of COVID19, it has been amain target for ransomware and as per asurvey in 2021 on
597 health care institutions, almost 42% of the organizations have faced two ransomware attacks
in the last few years.
These issues would be increasing in the future or in the upcoming years and hence,
suitable strategies are needed to be undertaken to focus on better efficiency and effectiveness. It
has been observed that the hackers would be targeting the respective software, including remote
monitoring and management software and these attacks would be increasing by 92.7% in 2021 as
compared to the levels of 2020 with almost 1389 reported attacks in 2020 and 2690 attacks in
2021. There had been different cyber security events that have been occurred in the last year like
enterprise data breaches in ransomware attacks as well as cyber threats and attacks (Future of
Ransomware. 2022 ). Hence, the global health care systems and the industry is impacted and
crippled accordingly. Moreover, the health care infrastructure is impacted and the supply chains
are interfered.
Moreover, ransomware attacks do not require to be specifically sophisticated for causing
major damage and eventually resulting in the lucrative ransom payments for the cyber criminals.
As aresult, all of these attacks would continue to increase at ahigher speed. These attacks have
become extremely dangerous as well as disruptive in the future and the health care companies
would require to focus on new aspects for protecting themselves against these attacks (Harrison
et al. 2022 ). As a result, the organizational management requires a complete visibility of the
issues and threats to reduce the negative impacts of these threats and also focus on the most
effective methods for ensuring that the ransomware attacks would be reduced.
A popular management of the costs and expenses would be amajor issue in the future as
after COVID 19, there had been major economic down turn for all organizations in the health
care industry. Proper actions would be undertaken, such as changing the default settings like
passwords and even disabling the additional services for protecting themselves against the most
common vulnerabilities (Kumari et al. 2019 ). The health care companies would be facing
ransomware attacks as network segmentation would be difficult. The major actors could not
exploit the vulnerabilities of any specific device for causing major losses in the business. As a
result, cost management would be quite difficult for the business processes and operations in the
health care sector and these challenges would be significant.
Aidan, J.S., Verma, H.K. and Awasthi, L.K., 2017, December. Comprehensive survey on petya
ransomware attack. In 2017 International Conference on Next Generation Computing and
Information Systems (ICNGCIS) (pp. 122-125). IEEE.
Alqahtani, A. and Sheldon, F.T., 2022. A Survey of Crypto Ransomware Attack Detection
Methodologies: An Evolving Outlook. Sensors ,22 (5), p.1837.
Bhagwat, L.B. and Patil, B.M., 2020. Detection of ransomware attack: A review. In Proceeding
of International Conference on Computational Science and Applications (pp. 15-22). Springer,
Collier, R., 2017. NHS ransomware attack spreads worldwide.
Davies, S.R., Macfarlane, R. and Buchanan, W.J., 2020. Evaluation of live forensic techniques in
ransomware attack mitigation. Forensic Science International: Digital Investigation , 33 ,
Davies, S.R., Macfarlane, R. and Buchanan, W.J., 2021. Differential area analysis for
ransomware attack detection within mixed file datasets. Computers & Security ,108 ,p.102377.
Domains of CISSP. 2022. [online]. Accessed from
domains-article [Accessed on 12 thMay 2022].
Future of Ransomware. 2022. [online]. Accessed from
future-of-ransomware-2022-and-beyond/ [Accessed on 12 thMay 2022].
Harrison, A.S., Sullivan, P., Kubli, A., Wilson, K.M., Taylor, A., DeGregorio, N., Riggs, J.,
Werner-Wasik, M., Dicker, A. and Vinogradskiy, Y., 2022. How to Respond to aRansomware
Attack? One Radiation Oncology Department’s Response to aCyber-Attack on Their Record and
Verify System. Practical Radiation Oncology ,12 (2), pp.170-174.
HSE Ransomware. 2022. [online]. Accessed from
study-ransomware-locks-up-80-of-54-hospital-health-system/ [Accessed on 12 thMay 2022].
Hsiao, S.C. and Kao, D.Y., 2018, February. The static analysis of WannaCry ransomware.
In 2018 20th International Conference on Advanced Communication Technology (ICACT) (pp.
153-158). IEEE.
Kok, S., Abdullah, A., Jhanjhi, N. and Supramaniam, M., 2019. Ransomware, threat and
detection techniques: A review. Int. J. Comput. Sci. Netw. Secur ,19 (2), p.136.
Kumar, P.R. and Ramlie, H.R.E.B.H., 2021, January. Anatomy of Ransomware: Attack Stages,
Patterns and Handling Techniques. In International Conference on Computational Intelligence in
Information System (pp. 205-214). Springer, Cham.
Kumari, A., Bhuiyan, M.Z.A., Namdeo, J., Kanaujia, S., Amin, R. and Vollala, S., 2019, July.
Ransomware attack protection: A cryptographic approach. In International Conference on
Security, Privacy and Anonymity in Computation, Communication and Storage (pp. 15-25).
Springer, Cham.
Malecki, F., 2019. Best practices for preventing and recovering from a ransomware
attack. Computer Fraud & Security ,2019 (3), pp.8-10.
Min, D., Park, D., Ahn, J., Walker, R., Lee, J., Park, S. and Kim, Y., 2018. Amoeba: an
autonomous backup and recovery SSD for ransomware attack defense. IEEE Computer
Architecture Letters ,17 (2), pp.245-248.
Mohurle, S. and Patil, M., 2017. A brief study of wannacry threat: Ransomware attack
2017. International Journal of Advanced Research in Computer Science ,8(5), pp.1938-1940.
Quinkert, F., Holz, T., Hossain, K.S.M., Ferrara, E. and Lerman, K., 2018. RAPTOR:
ransomware attack predictor. arXiv preprint arXiv:1803.01598 .
Ransomware attacks. 2021. [online]. Accessed from
vulnerabilities-that-could-bring-down-your-organization/ [Accessed on 12 thMay 2022].
Ransomware. 2022. [online]. Accessed from
reference/ransomware [Accessed on 12 thMay 2022].
Sahi, S.K., 2017. A study of wannacry ransomware attack. International Journal of Engineering
Research in Computer Science and Engineering (IJERCSE) ,4(9), pp.5-7.
Tandon, A. and Nayyar, A., 2019. A comprehensive survey on ransomware attack: A growing
havoc cyberthreat. Data Management, Analytics and Innovation ,pp.403-420.
Zhang-Kennedy, L., Assal, H., Rocheleau, J., Mohamed, R., Baig, K. and Chiasson, S., 2018.
The aftermath of acrypto-ransomware attack at alarge academic institution. In 27th USENIX
Security Symposium (USENIX Security 18) (pp. 1061-1078).
Zhao, J.Y., Kessler, E.G., Yu, J., Jalal, K., Cooper, C.A., Brewer, J.J., Schwaitzberg, S.D. and
Guo, W.A., 2018. Impact of trauma hospital ransomware attack on surgical residency
training. Journal of Surgical Research ,232 ,pp.389-397.


Leave a Reply

Your email address will not be published.