A newer criminal hacker group is using high pressure tactics and making large ransom demands against healthcare organizations.
The ransomware group known as Lorenz poses a threat to the healthcare sector, particularly larger high-profile organizations. A recent warning from the Health Sector Cybersecurity Coordination Center (HC3) explains that the Lorenz ransomware group has been known to focus on “big-game hunting” targeting larger enterprise entities, rather than private users. They’ve been operational for about two years, and have gone after both healthcare and public sector targets.
The Lorenz hackers will apply pressure quickly by publishing data on the Dark Web while they continue to extort organizations for money. The hackers have demanded big ransoms, ranging from $500,000 to $700,000.
The Hc3: analyst note says:
“Lorenz is human-operated ransomware, run by operators known to be (sic) customize their executable code, tailoring it for their targets. This implies that they may maintain persistent access for reconnaissance purposes for some extended period of time prior to ransomware deployment. They often follow the pattern of initial access, followed by reconnaissance and lateral movement, ultimately seeking a Windows domain controller in search of administrator credentials.”
Although HC3 admits that less is known about Lorenz compared to other ransomware actors, the analysis indicates that its methods of attack include:
- Phishing
- Compromise of known vulnerabilities
- Compromise of remote-access technologies, especially VPNs (virtual private networks) and RDPs (remote desktop protocols)
- Distributed attacks, especially supply chain and Managed Service Provider compromise
Fight Ransomware with HIPAA Risk Management
The single most important action that healthcare organizations can take is a HIPAA Risk Analysis. Not only is it required by HIPAA, but it is the best defense against cybercrime. Step by step a risk analysis will uncover vulnerabilities and show how to mitigate risks and improve security.
Workforce Training Supports Risk Management
The strongest ransomware attackers still use unsophisticated methods of attack, including phishing. Cybersecurity awareness training will strengthen the staff’s ability to pause, to not click on links or attachments that may contain dangerous malware that infects the network allowing entry by criminal thieves.
An annual risk analysis, ongoing risk management, and training are far less expensive than responding to a six figure ransom demand and the aftermath of a healthcare data breach.