Microsoft has issued a frightening warning that many hospitals in the US are at risk of being attacked by bitcoin ransomware right now, amid the coronavirus pandemic.
07 April, 2020 | AtoZ Markets – Microsoft is warning hospitals that bitcoin ransomware is trying to exploit remote workers to access their networks. The software giant has said that “dozens” of hospitals are using vulnerable gateways. However, this makes them easy targets for the REvil ransomware, which is currently scanning the Internet for such vulnerabilities.
The company has sent targeted notifications to these hospitals with information about the vulnerabilities, how attackers can take advantage of them. It also gives a strong recommendation to apply security updates that will protect them against the exploits of these particular vulnerabilities and others.
How to Protect and Prevent This Type of Ransomware
Cyber attackers are known to exploit vulnerabilities in network devices. More and more ransom campaigns see the opportunity and jump, said Microsoft. To immediately reduce the risk of a ransom attack, Microsoft also recommends that hospitals take the following steps:
- Apply available security updates for VPN and firewall configurations.
- Monitor and pay particular attention to the remote access infrastructure. Any detection from security products or anomalies noted in the event logs must investigate immediately. In case of compromise, make sure that any account used on these devices has a reset password, as the credentials may have been exfiltrated.
- Activate the attack surface reduction rules, including the rules that block the theft of credentials and the activity of ransomware. To combat malicious activity initiated by weaponized Office documents, use rules that block advanced macro activity, process creation, and process injection initiated by Office applications. Deploy them in audit mode to assess the impact of these rules.
- Activate AMSI for Office VBA if the organization uses Office 365.
Microsoft Warns About Increasing Cyber Threats
We already saw an increase in cyber threats during the COVID-19 crisis in the form of social engineering. Many unfortunate victims have downloaded applications claiming to provide information about the virus and have instead stolen their personal data.
However, Microsoft has highlighted evidence that a more dangerous and sophisticated threat is lurking. It could plunge hospitals into chaos when they need it. A Microsoft spokesperson said:
We are witnessing an increase in typical COVID-theme phishing emails and malware. We are also witnessing an increase in attempts to compromise legitimate services, such as healthcare and technology providers. Attackers impersonate these trusted entities who use their services as a relay to reach users. We have seen attackers with multiple motivations use these human ransom vulnerabilities, in particular to target hospitals.
Think we missed something? Let us know in the comment section below.