Healthcare was a top target for ransomware families in 2017

Cylance research suggests that ransomware has opened the floodgates to a barrage of attacks against healthcare providers.
Written by Charlie Osborne, Contributing Writer

The healthcare industry has become one of the most popular targets for ransomware operators, new research suggests.

According to Cylance's 2018 Threat Report, the cyberattacks of the last few years have become more ruthless and sophisticated, and in many cases, reported but unpatched vulnerabilities are to blame.

However, ransomware is one of the primary causes for concern, especially with the rise of ransomware-as-a-service (RaaS), which allows anyone to purchase ransomware pre-packed and coded for use against targets without the need for specialized knowledge.

Ransomware is a particularly virulent family of malware which can cause heartbreak for individual victims, as well as severe disruption in the enterprise. Often spread through phishing campaigns and malicious executables, ransomware will lock up and encrypt systems, preventing access to programs and content.

The malware then often throws up a blackmail page, requesting a ransom payment in cryptocurrency in return for a key to decrypt files -- which may or may not work.

Ransomware can be extremely lucrative for cyberattackers, especially when large organizations fall victim. As blackmail payments can reach thousands for each successful infection, RaaS has now also become an industry in its own right.

Some RaaS packages operate as a licensing scheme, taking a percentage of the profits made from successful blackmail. Others, according to Heimdal Security, are being offered in the web's underground scene for as little as $39 for a lifetime license.

The report, which utilizes data collected from 1 Jan 2016 to 31 December 2017, suggests that WannaCry is amongst the 10 worst threats facing the enterprise in this time period.

WannaCry is ransomware linked to debilitating attacks on the UK National Health Service (NHS). Upatre, Cerber, Emotet, Locky, Petya, Ramnit, Fareit, PolyRansom, and Terdot are also members of the major 10 ransomware threats to the enterprise today.

Healthcare was most impacted by ransomware as an industry in 2016 and 2017. Only two ransomware families out of the ten were not continually linked to attacks against the healthcare industry in recent years.


In one interesting Cylance case study, a company appealed to the firm after their work environment was locked down and encrypted due to a ransomware infection. The threat actors demanded $3.2 million in cryptocurrency and threatened to leak the firm's information into the Dark Web unless payment was made.

The unnamed company in question had no backups and no way to meet the ransom. Cylance acted on their behalf, discovering that security vulnerabilities in the firm's infrastructure were to blame.

However, with no backup, the only recourse was to negotiate the ransom down to 25 percent of the original demand.

The payment was still made and the ransomware industry continues to thrive even in an environment where both law enforcement and cybersecurity firms at large are fighting against the malware family's use.

See also: Fortinet Security Fabric merges with IBM Threat Management system

This should serve as a stark reminder that failure to maintain good standards of computer hygiene and patch processes can cost businesses dearly, and there are no signs that the ransomware industry is in any way slowing down.

"Ransomware is not a new or novel phenomenon. What has evolved rapidly in the last two to three years is the sheer velocity of the attacks," Cylance says. "The past year served as a stark reminder of the innovative prowess and destructive capabilities of global threat actors. Their tireless dedication to technical theft, inventive exploits, and creative methodology paid big dividends in 2017."

10 things you didn't know about the Dark Web

Previous and related coverage

Editorial standards