by Kapua Iao
Article filed in
Cerber ransomware returns targeting healthcare
by Kapua Iao
In 2017, the Cerber ransomware family dominated cyberattacks until it more or less disappeared by the next year. Unluckily, Cerber returned in 2020, this time targeting the healthcare industry.
Let’s explore Cerber ransomware further as well as the use of ransomware against CEs and how those in the healthcare industry should protect themselves.
What is Cerber ransomware?
Ransomware encrypts data to deny a victim access to a system until the victim pays a ransom. Victims typically download the malware through phishing emails, as in Cerber, that include malicious attachments or fraudulent links.
And in the RaaS model, other hackers pay a commission to a malware developer for use of the software. Such a model has proven lucrative for both the developer and the user who may even be a nontechnical hacker looking for an easy payday.
Once infected, Cerber renders a system unusable due to the type of files it encrypts. And unfortunately, paying a ransom does not always mean receiving a decryption key.
RELATED: To Pay or to Not Pay for Stolen Data
Cerber first appeared in 2016 and became popular in 2017. Its use grew because of the RaaS model and because its creators constantly upgrade the coding to evade detection.
By April 2017, Cerber attacks accounted for over 90% of ransomware Windows attacks. Then by 2018, it looked as if Cerber all but disappeared; at the very least, threat actors did not continuously utilize Cerber.
Recent research has identified that Cerber made a comeback in 2020 and has started targeting healthcare. Cerber accounted for 58% of 2020 ransomware attacks, followed by the well-known Sodinokibi, VBCrypt, Cryxos, and VBKrypt.
Healthcare and ransomware attacks
Over the past year, there has been an alarming uptick in ransomware attacks on CEs.
The healthcare industry is particularly susceptible because of its valuable data (i.e., protected health information (PHI)) combined with overworked employees, a reliance on smart devices, and the continual use of outdated computer systems.
The Paubox HIPAA Breach Report for January 2021 shows that email breaches affected over two million individuals in December. And the top three breach types—network server, email, and paper/films—affected over four million individuals total.
How can Paubox help?
Cerber’s resurgence should push all CEs to ensure that they are prepared for possible ransomware by utilizing stringent email security along with other necessary cybersecurity measures.
Moreover, the RaaS model increases the number of attacks that can occur; CEs must protect themselves and their patients from a breach.
This means using a layered cybersecurity program that includes regular recovery tests, offline backups, and a business continuity plan. Furthermore, it is important to utilize up-to-date employee awareness training.
And as for CE email security, this means using a HIPAA compliant email such as Paubox Email Suite Plus. Paubox utilizes strong inbound security that blocks malicious emails from ever reaching an employee’s inbox.
Furthermore, all messages are sent and received with NSA-recommended TLS email encryption 1.2 or 1.3.
A combination of strong email security with other layered approaches is necessary to halt Cerber’s (and other ransomware) attacks on healthcare.