The latest U.S. Federal Bureau of Investigation’s (FBI) flash alert warns about Cuba ransomware. Making its debut in November 2021, Cuba ransomware joins numerous other ransomware hitting U.S. organizations almost daily.
RELATED: Ransomware is more common in healthcare than you think
And the uptick in cyberattacks, particularly on critical infrastructures, has federal agencies and researchers fighting back. This alert follows several others reminding organizations to be vigilant and to protect themselves.
When organizations do not utilize strong cybersecurity (such as HIPAA compliant email), a data breach and ransom demand seem inevitable. Something that should be worrisome for healthcare covered entities committed to securing patients’ protected health information (PHI).
A new year, new ransomware
Ransomware is malware (or malicious software) that essentially holds data hostage until a victim pays a ransom to have it released. Victims normally download malware in phishing emails that include malicious attachments or fraudulent links. The idea is to entice a victim to click and/or share user information, opening a door to allow a cyberattack.
Last year saw many high-profile ransomware attacks, such as that against Colonial Pipeline in May as well as numerous others against healthcare organizations.
And statistics show that there are over 500,000 new pieces of malware detected every day. Every minute, four companies fall victim to ransomware attacks.
Ransomware attacks have caused such widespread disruption that the U.S. government has joined the fight and gone on the offensive.
The federal government has amped up its intervention efforts over the past year. The Justice Department recently formed a new task force to address the rise in ransomware. The Department of Homeland Security launched a multi-phase cybersecurity initiative. And the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have ramped up information campaigns.
RELATED: FBI investigating recent ransomware attacks against healthcare providers
Moreover, over 30 nations worldwide recently met to discuss a collaborative effort to block ransomware operations.
The idea is to attack first by cutting sources of funding, indicting extortionists, and sanctioning cryptocurrency accused of laundering money. And to release information about new cyberattack methods such as the Cuba ransomware.
The FBI flash alert
The FBI flash alert is the first about Cuba ransomware. The ransomware is distributed through Hancitor malware, a loader used to drop Remote Access Trojans and other types of ransomware.
SEE ALSO: What is a Trojan and how can you protect your healthcare business?
Hancitor typically uses Microsoft Exchange vulnerabilities, compromised credentials, phishing emails, or remote desktop protocol tools. Once inside the actors install and execute a Cobalt Strike beacon to create a connection. They also use MimiKatz malware to steal credentials.
RELATED: HC3 warns of Cobalt Strike threat to healthcare sector
Thus far, Cuba ransomware actors compromised 49 entities in five critical infrastructures: healthcare, government, financial, manufacturing, and information technology. They have demanded at least $74 million in ransom payments and received around $43.9 million.
The FBI advises against paying ransoms since it does not guarantee that files will be unencrypted.
“However,” the alert states, “the FBI understands that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees and customers.”
The FBI flash alert: recommended mitigations
To avoid this scenario and having to make such decisions, the FBI flash alert also includes mitigation techniques. Strong cybersecurity is key to keeping ransomware, such as Cuba, from entering any system.
RELATED: Why health systems must take ransomware protection seriously
First, the alert suggests utilizing the following cybersecurity features to reduce risks:
- Strengthened login passwords
- Multifactor authentication
- Up to date operating systems and software
- Privileged access management
- A host-based firewall
Second, the FBI also recommends time-based access, disabled permissions, segmented networks, and offline backups.
Furthermore, organizations should use network monitoring tools that search for indicators of compromise, such as those listed in the alert for Cuba ransomware.
Finally, the alert also mentions that data encryption ( in transit and at rest) is essential.
We at Paubox would strongly add email security to the list as well to stop employees from responding to phishing and other malware.
The ultimate lesson for healthcare organizations, from this and similar alerts: stop ransomware from causing stress. Stay on top of cyber information at all times. Protect yourself, your employees, and your patients before, not after, a cyberattack.