Report: Cyber Criminals Targeting Healthcare Industry with Off-The-Shelf Ransomware

April 10, 2017
Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware, according to security researchers at Forcepoint Security Labs.

Amateur cybercriminals may be shifting towards targeting the healthcare sector using an off-the-shelf ransomware, according to security researchers at Forcepoint Security Labs.

Forcepoint is an Austin, Texas-based cybersecurity software company and Roland Dela Paz, a senior security researcher at the company, detailed in a blog post that Forcepoint Security Labs has identified a ransomware-as-a-service (RaaS) platform, called Philadelphia, used in a cyber attack on a healthcare organization.

“In that attack, a shortened URL, which we believe was sent through a spear-phishing email, was used as a lure to infect a hospital from Oregon and Southwest Washington. Once a user clicks on the link, the site redirects to a personal storage site to download a malicious DOCX file,” Dela Paz wrote.

He noted that the document contained the targeted healthcare organization’s logo and a signature of a medical practitioner from that organization. Three document icons pertaining to patient information also were present in the file and, when the user double-clicks, a malicious Javascript is triggered which downloads and executes a variant of the Philadelphia ransomware.

“Believed to be a new version of the Stampado ransomware, Philadelphia is an unsophisticated ransomware kit sold for a few hundred dollars to anyone who can afford it. Recently, a video advertisement of Philadelphia surfaced on Youtube,” he wrote.

Dela Paz further wrote in the blog post, “A few things in the malware captured our interest. Aside from the tailored bait against a specific healthcare organization, the encrypted JavaScript above contained a string “hospitalspam” in its directory path. Likewise, the ransomware C2 also contained “hospital/spam” in its path. Such wordings would imply that this is not an isolated case; but that the actor behind the campaign is specifically targeting hospitals using spam (spear phishing emails) as a distribution method.”

He also noted that ransomware-as-a-service platforms such as Philadelphia continue to attract would-be cybercriminals to take part in the ransomware business. And, while this example represents only one healthcare organization that was targeted, the researcher noted that it could signify the beginning of a trend with smaller ransomware operators, using RaaS platforms, aiming for the healthcare sector, “ultimately leading to even bigger and diversified ransomware attacks” against the sector, he wrote.

Sponsored Recommendations

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...