Ransomware network chalked up $121M in 1H2016

A ransomware network appears to have chalked up US$121 million in payments over the first half of 2016 alone, as healthcare companies become hot targets due to their reliance on legacy systems.

A spate of ransomware attacks had been unleashed on hospitals early this year, with victims forking out some US$100,000 in payments to specific bitcoin accounts. While they still accounted for a comparatively small portion of overall ransomware targets, hospitals were among new verticals targeted by attack networks, according to Intel Security's latest McAfee Labs Threat Report.

Researchers from the security vendor tracked a ransomware network that appeared to have receive bitcoin payments worth US$121 million from ransomware activities targeting several sectors. The distributor seemed to have chalked up profits of US$94 million in the first half of 2016 alone, the report stated.

Hackers split on 'ethics' of ransomware attacks on hospitals

Pointing to the increased focus on the healthcare sector, it noted that this industry's dependence on legacy IT systems and medical devices with weak or no security as key reasons that made such companies targets. Furthermore, these organisations tapped third-party services that might be commonly used in the sector and needed immediate access to information to support patient care. These also made them hot targets for malicious attacks.

"Hospitals represent an attractive combination of relatively weak data security, complex environments, and the urgent need for access to data sources, sometimes in life or death situations," said Vincent Weafer, vice president for Intel Security's McAfee Labs. "The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors."

He added that in addition to the manufacturing sector, the two industries provided significant opportunities for cybercriminals due to their weak defense mechanisms and complex environments. "Cybercriminals' motive is ease of monetisation, with less risk," Weafer said. "Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered, but you can't change your most personal data or easily replace business plans, contracts, and product designs."

The apparent compliance among healthcare and manufacturing companies might be due to the low frequency of attacks these sector experienced in the past, according to the McAfee survey. This, however, also meant the organisations made fewer investments in cybersecurity and had the least comprehensive data protection capabilities.

The report determined that retail and financial services companies had the most extensive protection against data loss, which was likely the result of the frequency of attacks targeting these sectors as well as the value of the data they held.

Across the board, more than 25 percent of respondents did not monitor data sharing and access involving sensitive employee or customer information. Some 37 percent did so, and this figure was a higher 50 percent where the largest organisations were concerned.

And while 90 percent had cloud security strategies, only 12 percent said they had visibility of data activities in the cloud.

Almost 40 percent had experience data loss involving physical media such as thumb drives, the report found, but only 37 percent used endpoint monitoring of user activities and physical media connections.

For the second quarter, McAfee Labs identified 316 new threats a minute with significant spikes in ransomware, mobile malware, and macro malware. Some 1.3 million new ransomware samples were recorded, the highest ever registered since the security vendor began tracking such threats.

Total ransomware climbed 128 percent in the quarter over the previous year, while macro malware increased 106 percent. New mobile malware reached a record high in the quarter, growing 151 percent year-on-year to hit nearly 2 million new samples.

New Trojans such as Necurs and Dridex fuelled more than 200 percent increase in new macro malware in the quarter.