Nowadays, tech and ransomware go hand in hand. Hackers look for two characteristics when they scope out their next target: first, an organization or individual with valuable information and assets; and second, someone who is fairly easy to attack. Hackers and ransomware gangs attack sans discrimination. From the tech sector to the food sector to the agriculture sector, cybercriminals have hit all known industries. However, ransomware targets education and healthcare sectors more often than other industries. Why?
Attacks on these two specific sectors can be attributed to the surprising fact that healthcare and education entities do not equip their systems with the proper protection to defend themselves against ransomware. They also have no resiliency, meaning that their recovery times are much slower. In addition, their risk rates are much higher since institutions within these two sectors handle and store a great deal of highly sensitive information.
One cybercrime group has shown much interest in these two sectors, Vice Society. The Vice Society ransomware gang made their debut at the end of 2020 and is a Russian-based group that does not utilize their own unique ransomware variant. Rather, this gang takes advantage of other existing strains such as HelloKitty, Zeppelin, and Five Hands. Within the academia sector, Vice Society favors targeting kindergarten out of all the K-12 levels, and various colleges/universities. This results in canceled school days or postponed exams, as well as missing files and data containing sensitive information.
Ransomware Attacks on Education Sector
A noteworthy victim of Vice Society is one of the largest school districts in America, the LAUSD (Los Angeles Unified School District). Following the attack on LAUSD, a joint advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The warning stated that Vice Society initially breaks into school networks through compromised accounts from programs that are accessible from the internet, also known as Internet-facing applications. Once they have gained access, they employ a double extortion tactic; they encrypt sensitive data, display their ransom demands on the screen, and threaten to release the stolen data to the dark web if a ransom is not paid. The joint advisory also urged “…organizations to implement the recommendations in the Mitigations section of [the] CSA (Compliance, Safety, Accountability) to reduce the likelihood and impact of ransomware incidents…”
Ransomware attacks on education systems tend to increase in late summer and early fall when school is back in session. The Kenosha Unified School District in Wisconsin fell victim to attack in September when the school year started but didn’t know of the attack until late October when the ransomware group, Snatch, came forward claiming their kill. Data on the school district and their 19,000 students were leaked on a public data website in early October and an investigation with law enforcement is still ongoing. Hartnell Community College in California was also attacked at the beginning of October and their internet systems, along with all 2,000 devices connected to the network, were compromised.
Ransomware Attacks on Healthcare Sector
In recent years, ransomware gangs have also shown a keen interest in attacking public health and healthcare entities. In August of 2022, Practice Resources, a New York based healthcare billing provider, disclosed the details of an attack on their facilities. Various names, health plan numbers, addresses, and treatment dates were stolen and exposed. However, medical records and financial information were not. Similarly, Lamoille Health Partners based in Vermont disclosed in early 2022 that patient information including social security numbers, medical treatment information, health insurance plans, and billing information were all compromised. Another recent victim of Vice Society is the Medical University of Innsbruck located in Austria. The school was subjected to a network disruption and stolen data, which resulted in a total of 5,600 account passwords needing to be reset.
In early October, CISA released an advisory warning healthcare entities about a new ransomware variant called Daixin Team. CommonSpirit Health, one of the largest nonprofit health systems in the United States, serves 20 million patients and has more than 1,000 care sites in 21 states across the U.S. On October 2nd, CommonSpirit found ransomware activity in its network and took its systems offline. It was later confirmed that the personal data of over 623K patients was accessed by threat actors.
These constant superfluous attacks on critical infrastructures have thrown states and governments into a state of urgency. An analyst at Emsisoft, an anti-malware software company, stated that within a year, ransomware gangs had managed to attack over 1,000 academia facilities and about 730 healthcare entities. As technology and media become more integrated into our lives, the more at risk we are for attacks. Ransomware gangs and their barrage of attacks are inevitable, and protection against these cyberterrorists are now mandatory rather than optional.