Nowadays, tech and ransomware go hand in hand. Hackers look for two characteristics when they scope out their next target: first, an organization or individual with valuable information and assets; and second, someone who is fairly easy to attack. Hackers and ransomware gangs attack sans discrimination. From the tech sector to the food sector to the agriculture sector, cybercriminals have hit all known industries. However, ransomware targets education and healthcare sectors more often than other industries. Why?
Attacks on these two specific sectors can be attributed to the surprising fact that healthcare and education entities do not equip their systems with the proper protection to defend themselves against ransomware. They also have no resiliency, meaning that their recovery times are much slower. In addition, their risk rates are much higher since institutions within these two sectors handle and store a great deal of highly sensitive information.
One cybercrime group has shown much interest in these two sectors, Vice Society. The Vice Society ransomware gang made their debut at the end of 2020 and is a Russian-based group that does not utilize their own unique ransomware variant. Rather, this gang takes advantage of other existing strains such as HelloKitty, Zeppelin, and Five Hands. Within the academia sector, Vice Society favors targeting kindergarten out of all the K-12 levels, and various colleges/universities. This results in canceled school days or postponed exams, as well as missing files and data containing sensitive information.
A noteworthy victim of Vice Society is one of the largest school districts in America, the LAUSD (Los Angeles Unified School District). Following the attack on LAUSD, a joint advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The warning stated that Vice Society initially breaks into school networks through compromised accounts from programs that are accessible from the internet, also known as Internet-facing applications. Once they have gained access, they employ a double extortion tactic; they encrypt sensitive data, display their ransom demands on the screen, and threaten to release the stolen data to the dark web if a ransom is not paid. The joint advisory also urged “…organizations to implement the recommendations in the Mitigations section of [the] CSA (Compliance, Safety, Accountability) to reduce the likelihood and impact of ransomware incidents…”
In recent years, ransomware gangs have also shown a keen interest in attacking public health and healthcare entities. In August of 2022, Practice Resources, a New York based healthcare billing provider, disclosed the details of an attack on their facilities. Various names, health plan numbers, addresses, and treatment dates were stolen and exposed. However, medical records and financial information were not. Similarly, Lamoille Health Partners based in Vermont disclosed in early 2022 that patient information including social security numbers, medical treatment information, health insurance plans, and billing information were all compromised. Another recent victim of Vice Society is the Medical University of Innsbruck located in Austria. The school was subjected to a network disruption and stolen data, which resulted in a total of 5,600 account passwords needing to be reset.
These constant superfluous attacks on critical infrastructures have thrown states and governments into a state of urgency. An analyst at Emsisoft, an anti-malware software company, stated that within a year, ransomware gangs had managed to attack over 1,000 academia facilities and about 730 healthcare entities. As technology and media become more integrated into our lives, the more at risk we are for attacks. Ransomware gangs and their barrage of attacks are inevitable, and protection against these cyberterrorists are now mandatory rather than optional.