Receive News Alerts, Special Info and other offers!
We Respect your Privacy. Your Information will not be shared.
With the constant focus to eliminate the COVID-19 pandemic, cyber researchers have seen that cyber attackers have become more active during this time. Palo Alto Network has recently found that the Health and Human Services (HHS) U.S. was hit by cyber attackers.
Researchers shared that this issue started with malicious emails that were sent from a spoofed address imitating the World Health Organization (WHO) which was sent to a number of individuals who are associated with the healthcare organizations involved in this pandemic.
The medical staff and the cybersecurity professional could not anticipate this because the mails came under the name of "20200323-sitrep-63-covid-19.doc". Which initiated a ransomware attack as soon as it was opened by individuals.
The most interesting thing is that the file shows that it was made on 23rd March 2020 and wasn’t even updated. In fact, the malware authors didn’t even attempt to attract made people assume it to be the right document from the right source.
Once this file is opened ransomware binary contacts the command-and-control (C2) server. That downloads in the image which acts as the main ransomware infection on the device of the victims and shares the details with the host and also creates a custom key to encrypt the file that is on victim’s systems. In fact, the host also uses HTTP Post requesting the victim to send a decryption key this is coded as AES, to the C2 server.
Palo Alto Networks shared that the ransomware was EDA2. That was based on the code structure of binary and the host-based and network-based behaviors. Where the EDA2. and Hidden Tear is examined as one of the first open-source ransomware which was created for educational purposes however, this has only been exploited by cyber attackers.
Ransomware attacks showcase the increase in other cyberattacks that are related to this pandemic this also includes incidents like phishing emails, fake domain registrations of Zoom, etc. Recent reports confirm that the ransomware attack has increased by 35% from 2016 to 2020. Where on an average the ransom demand has been $59, 000 in 127 incidents. In such attacks, the cyber attackers have majorly focused on small hospitals and healthcare centers because small healthcare institutions are lean on security support.
However, this has resulted in raising warning by the Interpol when ransomware attackers acted against the medical sector. Interpol believes that Cybercriminals are using ransomware to make the hospitals and health care institutes digitally hostage, where they intend to prevent them from accessing vital files and systems until the payment for the ransom is made.
Interpol has spread the word amongst organizations to stay cautioned and look out for encrypting sensitive data, phishing attempts, and requested to take periodic backups of the data, instead of storing them offline or on a different network to thwart cybercriminals.
Top 40 Ethical Hacking Tools for your Business
13 Ways to Protect Cloud Applications in an Organization
How much do professionals earn across AWS and Azure certifications in 2023?
5 Reasons of opting for Azure-900 certification
What does a Project Manager do in 2022
So many information security courses, which one do I pursue first?
A decade of re:Invent for AWS Cloud Solutions Architects & Tech Enthusiasts
Is it worth getting CISM training?
How to become a CCISO?
Know About CISA Certification
OR