VMware Carbon Black released 2020 data that paints a holistic view of the threats healthcare organizations face and should be prepared for in 2021.

Researchers found that there were 239.4 million attempted attacks targeting healthcare alone in 2020. VMware Carbon Black was also able to identify the top five ransomware families plaguing the healthcare industry including:

  • Cerber: 58% -- Cerber ransomware is a type of malware (malicious software) that encrypts your files and then holds them hostage, demanding a ransom payment in exchange for returning them to you.
  • Sodinokibi: 16% -- Sobinokibi ransomware is highly evasive and takes many measures to prevent its detection by antivirus and other means. 
  • VBCrypt: 14% -- VBCrypt is a malicious program that is unable to spread on its own accord. It may perform a number of actions of an attacker's choice on an affected computer. This virus targets Windows programs.  
  • Cryxos: 8% -- Cryxos Trojans display deceptive alerts/notifications on compromised or malicious websites. The notifications claim that the user's computer is infected with a virus (or viruses), is blocked, and some personal details have been stolen.
  • VBKrypt: 4% -- The VBKrypt malware family is written in the Visual Basic programming language, which is its main distinguishing trait from other malware families. Based on the specific variant, the trojan may drop files, write to the registry and perform other unauthorized actions on the affected computer system.

“Amid the pandemic, cybercriminals now have limitless attack methods,” said Rick McElroy, Principal Cybersecurity Strategist at VMware Carbon Black. “Whether it’s using tried and true malware like EMOTET or using BitLocker to ransom systems, malicious actors continue to gain ground. The FBI, Department of Homeland Security (DHS), and other federal agencies have all issued warnings about the surge in cyberattacks against healthcare organizations.” 

“It’s critical to note that the most commonly used ransomware family, Cerber, is classified as a RaaS. For a percentage of the profits, cybercriminals can sign-up as a Cerber affiliate and deliver all the Cerber ransomware they desire," said McElroy. “This is alarming as it accounts for nearly 60% of the ransomware attacks on healthcare organizations, demonstrating the rapid rate at which this strain can be licensed and utilized to infect victims.”

VMware Carbon Black observed "secondary infections," leveraged to facilitate long-term cyberattack campaigns, happening across the digital healthcare supply chain, leading to a surge of extortions. 

For the blog and detailed findings, please visit https://www.carbonblack.com/blog/the-state-of-healthcare-cybersecurity/