Is ransomware unstoppable? No, it isn't

ransomware 2321665 1280Chances are you've been hearing a lot about cyberattacks and specifically ransomware in healthcare lately. Attackers take over systems and encrypt files, demanding payment in Bitcoin. They often get away with it.Attacks like the recent ones on Universal Health Services and ERT that make the papers are just the tip of the iceberg. No one wants to report that something like this happened to them.Until recently, I had assumed that such attacks were really hard to stop. Some are. But it turns out there are often many ways to thwart ransomware, and often hours or even days in which to do so.I asked security experts at Gamayan to analyze the UHS attack and was amazed that they found at least 28 ways it could be stopped. Check out the UHS ransomware case study that breaks down the attack and potential response step by step.If you want to learn how to prevent such attacks at your organization, contact me.Here's the timeline of the attack:

Day 116:37 Bazar Malware Executed (Remote IP)16:48 Domain discovery commands17:06 Registry discovery commands17:28 More domain discovery and network checks to domain controllers17:41 AdFind used to map active directoryDay 218:49 checks again for domain trusts and AdFind using Bazar (FTP exfiltration to remote IP)20:12 First lateral movement attempt with WMIC (SMB transfer, Multiple payloads tried)20:23 P64.exe Cobalt Strike beacon run on beachhead host (Remote IP)21:04 Second P64.exe Cobalt Strike beacon dropped on beachhead host (New remote IP)21:09 Next lateral movement attempt via a service and PowerShell (First Successful Lateral Movement)21:10-22:06 Continual lateral movement using Cobalt Strike beacons via SMB across the environment21:43 Windows Defender begins to be disabled using Powershell commands21:45 First RYUK ransomware executable transferred to the backup system (Ryuk Executed)21:50-22:10 RYUK ransomware deployed enterprise-wide (Transferred via SMB, executed RDP commands)

—–By healthcare business consultant David E. Williams, president of Health Business Group

Previous
Previous

Friends do business together: Podcast interview with Clerio Vision’s Totterman and Zapesochny

Next
Next

The 30 Years’ War for value-based care: Podcast with Archway’s Dave Terry