The Health Industry Cybersecurity Coordination Center said in its latest analysis that the Clop ransomware group has changed tactics, directly impacting the health industry and public health.
New decoy tactics for ransomware gangs
Although the Clop ransomware has been around since 2019 and has gone through several arrests, ransomware as a service has struggled to get victims to pay the ransom.
HC3, which issued a number of ransomware warnings in 2022, including about the particularly aggressive Hive ransomware that sought to delete backups of healthcare data, saying that Clop had infected infect files and disguise them as medical documents that need to be reviewed.
They “send them to facilities, then request a medical appointment in the hope that those malicious documents will be opened and reviewed first,” the agency said in the analysis.
“These attacks have a higher chance of working due to conditions from the expansion of COVID-19 in telehealth settings.”
The agency also points out that Clop, or CLOp, targets Windows and sends phishing emails to gain access, and is known to be resistant to VM analysis.
Once the files are encrypted, they send a ransom note stating that the stolen files will be deleted after two weeks.
Targeting telehealth
Healthcare providers continue to expand telehealth to increase accessibility, improve care, and reach more patients – and high revenue.
Last month, KrebsOnSecurity reported on Clop after seeing a intercepted communication in which the team said it succeeded in infiltrating new victims by disguising ultrasound images and medical documents. other economy.
In the report, Alex Holden, founder of Hold Security, a Milwaukee-based cybersecurity firm, said the group is strategically targeting the types of medical conditions it deems easier to diagnose. via telehealth.
“Essentially, they’re relying on doctors or nurses to review patient charts and scans right before the appointment,” says Holden.
“They initially discussed cardiovascular issues, but the decision of cirrhosis or cirrhosis would be more likely to be diagnosed remotely from existing scans and test results.”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
