The NCC Group, a global security advising organization, recently revealed that ransomware has increased at an unprecedented rate over the last month.
NCC Group’s Global Threat Intelligence Team monitors ransomware attacks occurring around the world on a monthly basis. Their recently released data revealed March experienced an all-time high number of ransomware attacks.
NCC Group’s analysis found 459 recorded attacks, an increase of 91% from February. According to their report, nearly half of the attacks (48%) occurred in North America, with sectors like industrial, consumer cyclicals, and technology most heavily affected.
Related: Ransomware is targeting vulnerable, smaller clinics
Why it matters
Ransomware is a type of malware that prevents systems and files from being accessed until a ransom is paid. According to the Center for Internet Security, ransomware is particularly challenging for healthcare organizations because it can slow down critical processes. It can also prevent hospitals from using digital tools, which, according to a recent Salesforce report, many healthcare organizations have grown reliant on.
It can also result in costly operating losses. According to a report released by ThreatConnect, healthcare organizations victimized by ransomware can expect to lose anywhere between 4.92% and 30.86% of their operating income.
Ransomware attacks typically occur through phishing emails with malicious attachments or links or viewing malicious advertisements. Tactics continue to evolve, requiring healthcare workers and IT departments to frequently update their response measures and practices.
What was said
According to Matt Hull, Global Head of Threat Intelligence at NCC Group, “In March we observed an unprecedented surge in ransomware attacks, the highest number the NCC Group’s Global Threat Intelligence Team has ever seen.” Hull elaborated, “It is more important than ever for organizations to remain vigilant and practice good security hygiene, including making sure systems are patched and correctly backed up.”
According to the NCC Group’s report, the uptick in attacks may be associated with a large software vendor, GoAnywhere MFT, that became vulnerable for a week in early February. Since then, several large companies have experienced exploitation, including Proctor & Gamble, Community Health Systems, and others.
Still, Hull believes that “this is an indication of the continually evolving threat landscape and the pattern of attacks that we can expect to emerge throughout 2023.”
The most prolific actors in March’s ransomware attacks appear to be Cl0p, which accounted for 129 victims, and LockBit 3.0, which accounted for 97 attacks. While some ransomware entities claim they won’t attack healthcare entities due to the risks to patients, there is an increased incentive because hospitals generally have monetary assets on hand and will act quickly to save patients.
The bottom line
Ransomware attacks appear to be increasing as hackers continue to innovate and take advantage of digital vulnerabilities. Companies should ensure that workers with access to sensitive data are aware of phishing and ransomware schemes. These organizations should also regularly train and inform healthcare workers on best practices and the significance of ransomware attacks.