Read more about ransomware attacks on healthcare in 2024:
- Millions of Americans' Data Potentially Exposed in Change Healthcare Hack
- Nearly 13 Million Australians Affected by MediSecure Attack
- Ascension Ransomware Attack Diverts Ambulances, Delays Appointments
More than a fifth (21%) of ransomware attacks targeted healthcare in the past 12 months, up from 18% in the previous year.
Many of these attacks have made global headlines due to the significant impact on patient care, such as cancelled operations.
This according to new research by Barracuda Networks, which analyzed 200 reported ransomware incidents from August 2023 to July 2024.
The network security provider also found that local government municipalities also a highly targeted sector, at 17%.
Numerous local authorities in the US have been impacted by ransomware attacks in the first half of 2024, including Jackson County in Missouri, Clay County in Indiana, and Coffee County in Georgia. These incidents have impacted critical services such as tax payments and Court services.
Ransomware incidents affecting the education sector fell from 18% in 2022-23 to 9% in 2023-24. Attacks against financial services rose from less than 1% to 6% in the same period.
Other heavily targeted industries were manufacturing (15%) and technology firms (13%).
The analysis covered 37 countries. The researchers acknowledged that different regulations around the world mean some organizations or sectors have legal obligations to report cyber incidents, potentially distorting industry-related results.
Ransomware-as-a-Service Remains Prevalent
The report highlighted the prevalence of ransomware-as-a-service (RaaS) models in the incidents analyzed.
LockBit was behind 18% of attacks where the identity of the attacker was known. Of these incidents, 28% targeted healthcare organizations, 21% municipalities and 14% education.
LockBit has been observed resuming its ransomware operations following the takedown of much of the group’s infrastructure by law enforcement in February 2024.
ALPHV/BlackCat accounted for 14% of attacks in 2023-24. A third of these incidents targeted healthcare, while 17% hit financial services.
The Rhysida gang was responsible for 8% of attacks, with 38% of them hitting healthcare.
Adam Khan, VP, Global Security Operations at Barracuda Networks, commented: “Ransomware-for-rent attacks can be hard to detect and contain. Different cybercriminal customers can use different tools and tactics to deploy the same payload, resulting in considerable variation.”
Opportunities to Detect and Prevent Ransomware
Ransomware groups’ prioritization on data exfiltration over encryption to extort victims has resulted in an increased focus on defense evasion tactics to increase dwell time in victim networks.
The Barracuda researchers noted that this extensive post-compromise activity prior to the execution of the ransomware component of the attack offer security teams several opportunities to detect, contain and mitigate the incident before it fully unfolds.
The report found that 44% of unfolding ransomware attacks were detected during the lateral movement stage. This was followed by detection of file modifications (25%) and off-pattern behavior (14%).
Read now: Post-Compromise Security: What to do When the Hackers Get in