88 Percent of All Ransomware Targets the Healthcare Sector

According to the Solutionary SERT Quarterly Threat Report for Q2 2016, companies in the healthcare industry were hit by the vast majority of ransomware in the second quarter of this year, accounting for 88 percent of all ransomware detections. Other affected industries included education (6 percent) and finance (4 percent).

The report also notes that Cryptowall ransomware accounted for almost 94 percent of all detections in Q2 2016 — other leading ransomware variants included Locky and Cerber. Ransomware detections decreased between January and February 2016, but increased by an average of 11 percent per month from March through May.

“Healthcare has been a target for ransomware campaigns because the industry has often paid ransom to retrieve vital customer data quickly,” Solutionary SERT director of research Rob Kraus said in a statement. “Furthermore, healthcare organizations use an abundance of systems and devices that are crucial pivot points for an attacker, and they can even be victims of ransomware themselves.”

“The most important steps in protecting your company’s and your customers’ data from the growing malicious ransomware onslaught are ensuring that you have a robust backup and recovery process, and that your security software is up-to-date and able to detect the most recent ransomware variants,” Kraus added. “As the threat continues to evolve, it will be crucial for organizations to have defined incident-response procedures and proper detective and preventive controls in place to reduce ransomware’s impact.”

Separately, PhishMe recently published its Q2 2016 Malware Review, which states that the second quarter of 2016 saw ransomware establish itself with a mature business model, with no signs of diminishing — encryption ransomware now accounts for 50 percent of all malware configurations.

In March of this year, PhishMe noted a strong diversification of ransomware strains, responsible for fully 93 percent of all malware payloads delivered that month. Ransomware then began to consolidate in May and June, with Cerber and Locky strongly dominating the ransomware scene.

“Barely a year ago, ransomware was a concerning trend on the rise,” PhishMe CEO and co-founder Rohyt Belani said in a statement. “Now, ransomware is a fully established business model and a reliable profit engine for cybercriminals, as threat actors involved treat it as a legitimate industry by selling information, tools and resources to peers based all around the world.”

“Empowering the human element to detect and report these campaigns needs to be a top priority for organizations if they are to protect themselves from a threat that is here for the long term,” Belani added.

A recent eSecurity Planet article offered advice on how to deter ransomware attacks.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles