This time, Hospitals in the UK were crippled by a “large-scale” cyber attack that forced operations to be canceled and ambulances to be diverted. Health workers reported being locked out of their systems and seeing messages demanding ransom payments to regain access (the very definition of a “ransomware” attack).
Ransomware Attack SpreadsAt least 16 organizations connected to the National Health Service (NHS) in England reported being affected. NHS Digital is said to be working with the government’s National Cyber Security Centre, the Dept of Health and NHS England to help organizations affected “to manage the incident swiftly and decisively”.
There is little question that ransomware attacks and their severity are increasing rapidly. The FBI recently issued an alert about the broader category of rogueware, which include ransomware and fake antivirus scareware scams. According to the FBI, criminals are netting an estimated $150 million a year through these scams.
In the wake of these kinds of attacks, with the risks escalating, security leaders in the private and public sectors are forced to ask themselves what more they could be doing. With the acceptance that these attacks are consistently going to happen, how do we arm organizations and their security teams to respond when they are already strained under the weight of alerts? Adding to the challenge, detection systems can generate a large volume of false positives, making it difficult for analyst teams to triage and respond to these kinds of threats. As we are seeing in real time today, once devices within your environment are infected, regaining control over ransomware can be tedious and time consuming.