Ransomware attacks against critical infrastructures and hospitals

Alert ID: 
JMCIRT-AL-2020.002
Alert Date: 
Tuesday, March 24, 2020
Threat Level: 
High

Ransomware attacks against critical infrastructures and hospitals
Original release date: March 24, 2020

The Jamaica Cyber Incident Response Team (JaCIRT)is aware of attempts to compromise and execute ransomware against key organizations and infrastructure required to assist in the response to the COVID-19 pandemic.
Overview
Ransomware attacks have multiple attack vectors which includes:

  • Compromised user credentials
  • Malicious email attachments
  • Exploiting system vulnerabilities

Once a system has been infected, the ransomware may allow attackers to gain privileges and access the system then try to modify user accounts, change passwords, log out users and detect vulnerabilities and targets for the deployment of ransomware. Once deployed, all system documents and files within the computer and other connected systems may be encrypted or deleted. It may also propagate to the infected systems Wi-Fi and Ethernet network adapters to disable them and connection from outside.

Recommendations

  • Ensure regular back up procedures are maintained both online and offline.
  • Ensure all systems and applications are updated to their latest patch level, especially anti-virus applications.
  • Secure email gateways to thwart threats via spam.
  • Do Not open suspicious emails or links or download attachments from unknown senders.
  • Implement network segmentation and data categorization to minimize further exposure of mission critical and sensitive data.
  • Disable third-party, outdated or unused components that could be used as entry points.