Ransomware Dominated Healthcare and Small Businesses in 2018

Ransomware wreaked havoc on businesses across the globe throughout 2018 with no signs of slowing down. Which sector was hit the hardest? A recent report from Beazley Breach Response Services found that the healthcare industry suffered from the most ransomware attacks last year.

Why was healthcare the hardest hit?

Healthcare data is valuable, and hackers who exploit it on the dark web bring in the big bucks. Healthcare organizations also see frequent turnover, consistently bringing in new employees who are often untrained on cybersecurity. Many times, healthcare organizations also spend less on information security than what is necessary for proper protection, making a hacker’s job much easier than larger firms with robust security practices.

Beazley’s ransomware research

The research conducted by Beazley looked at 3,300 ransomware attacks that hit their clients in 2018.

The findings showed that not only is the healthcare sector the most targeted but that 71 percent of ransomware attacks that occurred last year targeted small businesses.

The Small and Medium-sized Businesses (SMBs) at the highest risk of a cyber attack were found to be those who failed to lock down their Remote Desktop Protocol (RDP).

The report states, “attackers will scan the internet for open RDP ports, and then attempt to brute force a weak password to get access. Businesses that do not change the default RDP port, or who do not use strong passwords, are susceptible to this attack.”

The ransom demands

Beazley found the average ransom demanded in a 2018 attack was over $116, 000 (slightly inflated due to seven-figure demands). The median ransomware was $10,310. The largest demand? $8.5 million, with the highest demand Beazley paid just shy of $1 million.

These ransom demands are a reminder that while SMBs are the prime target, large corporations are not out of woods.

What can we learn?

Although there are sophisticated forms of ransomware, the majority of attacks reported are the result of a vulnerability that could have been addressed and prevented. The Beazley report highlights five ways to prevent ransomware from striking your organization.

1. Training. Train employees on cybersecurity regularly and include regular phishing simulations to test their ability to spot a phishing email.
2. Backups. Ensure your organization has backups available. It’s important to verify that those backups are properly segmented so that malware doesn’t spread to them in the event of an attack.
3. Lock down RDP. If possible, RDP ports should be closed. If closed ports are not an option, enable multi-factor authentication. You should also ensure you have changed from the default RDP port and that you are using a strong password.
4. Multi-factor authentication. Requiring a password and an additional security measure, such as a passcode makes it more difficult for unauthorized access to the network or business applications.
5. Patching and anti-virus. Ensure patching of your operating system and internet browsers is occurring. It is also critical to keep anti-virus software up-to-date to detect the latest threats that may otherwise go unnoticed.