Fresenius Hit By Ransomware – Expert Insight

Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber-attack on its technology systems. The company said the incident had limited some of its operations, but that patient care continues.

Experts Comments

May 07, 2020
Jamie Akhtar
CEO and Co-founder
CyberSmart
There has been an enormous spike in cyber-attacks since the beginning of the coronavirus epidemic. And the healthcare industry, already stretched and now even more overwhelmed and distracted, is a prime target. The World Health Organisation has reported a five-fold increase in attacks over the last two months. It is critical that healthcare organisations prioritise security right now as a breach could have huge impacts. That means keeping all software up-to-date and making sure firewalls and.....Read More
There has been an enormous spike in cyber-attacks since the beginning of the coronavirus epidemic. And the healthcare industry, already stretched and now even more overwhelmed and distracted, is a prime target. The World Health Organisation has reported a five-fold increase in attacks over the last two months. It is critical that healthcare organisations prioritise security right now as a breach could have huge impacts. That means keeping all software up-to-date and making sure firewalls and security features are enabled at all times.  Read Less
May 07, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
It's unfortunate that even during times of the pandemic, criminals are attacking and crippling systems belonging to hospitals and other medical facilities. The attack serves as a reminder that criminals are not slowing down their attacks despite being in the midst of a global pandemic. In many cases, some are ramping up their activities. Therefore it's important for organisations to not slow down in their cybersecurity efforts. This includes a layered approach to make it difficult for.....Read More
It's unfortunate that even during times of the pandemic, criminals are attacking and crippling systems belonging to hospitals and other medical facilities. The attack serves as a reminder that criminals are not slowing down their attacks despite being in the midst of a global pandemic. In many cases, some are ramping up their activities. Therefore it's important for organisations to not slow down in their cybersecurity efforts. This includes a layered approach to make it difficult for attackers to target systems, providing security awareness and training to employees to identify phishing emails, and having robust threat detection and response capabilities.  Read Less
May 07, 2020
David Jemmett
CEO
Cerberus Sentinel
As expected, the purported ceasefire on healthcare providers by ransomware operators has proven short-lived. Rather than being rooted in any sort of altruism, the attackers were simply waiting for the optimum time to strike: when Fresenius was under immense strain as it attempted to meet the demands onset by the COVID-19 pandemic. This should act as a lesson to other healthcare providers and industries. In this climate of increased threat volume, it’s imperative healthcare organizations have .....Read More
As expected, the purported ceasefire on healthcare providers by ransomware operators has proven short-lived. Rather than being rooted in any sort of altruism, the attackers were simply waiting for the optimum time to strike: when Fresenius was under immense strain as it attempted to meet the demands onset by the COVID-19 pandemic. This should act as a lesson to other healthcare providers and industries. In this climate of increased threat volume, it’s imperative healthcare organizations have a cyber resiliency strategy in place, so they can continue to operate effectively and support and provide diagnoses for their patients. Hallmarks of resilient environments include redundant componentry, rapid (or automated) response to changes in threat conditions, and an organization-wide awareness of this unpredictable and unprecedented threat landscape.  Read Less
May 07, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
This outrageous incident is a colorful validation of the FBI’s warning not to pay ransom. Reportedly, Fresenius has already paid a 7-digit ransom in the past to recover from a similar attack. Obviously, such a generous payment did not leave unscrupulous cybercriminals indifferent. Instead they quickly exploited the windfall and perfidiously re-raided this susceptible victim amid the crisis. Being mindful of Covid-19 social challenges, some cyber gangs decisively called to abstain from any.....Read More
This outrageous incident is a colorful validation of the FBI’s warning not to pay ransom. Reportedly, Fresenius has already paid a 7-digit ransom in the past to recover from a similar attack. Obviously, such a generous payment did not leave unscrupulous cybercriminals indifferent. Instead they quickly exploited the windfall and perfidiously re-raided this susceptible victim amid the crisis. Being mindful of Covid-19 social challenges, some cyber gangs decisively called to abstain from any attacks against medical and healthcare organizations, but unsurprisingly not everyone follows this Robin Hood code of ethics. Unless the details of the attack investigation are disclosed, it would be premature to make any definitive conclusions. There are, however, more questions than answers given this is a second successful and large-scale attack, as some sources report. It is unclear whether foundational security processes were and are in place, such as holistic patch management and network segregation, but it seem that even if the answer is affirmative the latter are largely insufficient. For the moment, there is likewise no visibility whether any medical records and PHI were stolen during the attack. The worst-case scenario is if the data was extracted and now may be published in case of eventual refusal to pay ransom. Cybercriminals now took their ransomware campaigns to the next level by threatening not just to delete the data but to disclose it thereby unleashing a parade of horrors from severe regulatory sanction to lawsuits by the victims.  Read Less
May 07, 2020
Professor Oleg Kolesnikov
VP of threat research
Securonix
In our experience, one of the things that sets the "snake/ekans" malicious threat actor reportedly involved in the Fresenius ransomware attack apart is a relatively high amount of manual effort/targeting typically involved in the operator placement activity, which can sometimes enable them to have a bigger impact on the victims. With some of the recent attacks observed, it appears that the malicious threat actors are expanding the list of targets. While the attack behaviours used by the.....Read More
In our experience, one of the things that sets the "snake/ekans" malicious threat actor reportedly involved in the Fresenius ransomware attack apart is a relatively high amount of manual effort/targeting typically involved in the operator placement activity, which can sometimes enable them to have a bigger impact on the victims. With some of the recent attacks observed, it appears that the malicious threat actors are expanding the list of targets. While the attack behaviours used by the malicious ransomware payload itself are fairly trivial, the golang-based payload encryption process, and also the list of processes that are terminated to maximize the ability of the ransomware to encrypt sensitive data and impact the targets appear to be longer that some of the other ransomware instances observed, and some of the past instances of the malware family also included impacting processes from the ICS/SCADA/OT environments, which is uncommon for ransomware.  Read Less
May 07, 2020
Bob Rudis
Chief Data Scientist
Rapid7
With Covid-19 pressing down upon us, we are again reminded of how critically important it is to secure our devices and networks so we can avoid impacting our currently over-strained hospital care environments further. These types of ransomware campaigns prey upon the fear, generosity and curiosity of the chosen victims to gain access to something of value, be it banking credentials or your device or laptop to launch further campaigns or to gain access to your network. Organisations should.....Read More
With Covid-19 pressing down upon us, we are again reminded of how critically important it is to secure our devices and networks so we can avoid impacting our currently over-strained hospital care environments further. These types of ransomware campaigns prey upon the fear, generosity and curiosity of the chosen victims to gain access to something of value, be it banking credentials or your device or laptop to launch further campaigns or to gain access to your network. Organisations should apply the same logic they would to any incoming request for link clicking, document downloading, or charitable giving. Do not trust at all initially, consider deleting outright, and use every means as your disposal to validate the legitimacy of any mail. Do not accept any pandemic-related communication at face value until you perform this validation. IT and security teams should reach out to their trusted information-sharing communities to gain access to trusted lists of malicious pandemic-related domains and ensure the defence technologies are configured to use them. To help resolve these issues, healthcare organisations should look to mitigate risk via network. To accomplish this, hospitals and medical care environments should consider segmenting their network into three general categories: medical business operations networks (run the hospital network), medical care network (general medical care appliances), life-critical care (ICU, appliances used to sustain life or administer drugs). By following these network segmentation principles, the risk to patients’ health and safety would be greatly reduced allowing more time for properly validate, update and patch devices.  Read Less
May 08, 2020
Carl Wearn
Head of E-Crime
Mimecast
Our recent research shows a surge in cyberattacks against many sectors, including healthcare. With medical staff working at fully capacity to treat patients effected by Covid-19, cybercriminals are banking on them being less wary of cyber threats, which makes them an excellent target. This attack against a hospital at the forefront of recovery efforts further demonstrates that such criminals will not discriminate in their pursuit to acquire money – and potentially also trade secrets. In.....Read More
Our recent research shows a surge in cyberattacks against many sectors, including healthcare. With medical staff working at fully capacity to treat patients effected by Covid-19, cybercriminals are banking on them being less wary of cyber threats, which makes them an excellent target. This attack against a hospital at the forefront of recovery efforts further demonstrates that such criminals will not discriminate in their pursuit to acquire money – and potentially also trade secrets. In what is an incredibly testing time for our healthcare system, poor cyber hygiene that can result in major disruption is not something the industry can afford. To avoid this, organisations must take heed of the latest NCSC advice to healthcare organisations: update their passwords with three random letters and implement multi-factor authentication to provide that extra layer of security. I would also recommend that hospitals actively look into contingency plans and that they incorporate non-network backups and fallback email and archiving. This will help significantly reduce the potential losses of a ransomware attack, should the worst still happen.  Read Less
May 07, 2020
Kelvin Murray
Senior Threat Research Analyst
Webroot
An increase in attacks targeting healthcare organisations suggests that hospitals are definitely one of the top targets for cyber-attacks at the moment. Clearly, COVID-19 is allowing cybercriminals to gain a higher rate of return by targeting healthcare providers because they firmly believe that organisations will pay their way out of an attack when under high-pressure factors. As the services that medical facilities provide are essential and often cannot be disrupted without severe risk to.....Read More
An increase in attacks targeting healthcare organisations suggests that hospitals are definitely one of the top targets for cyber-attacks at the moment. Clearly, COVID-19 is allowing cybercriminals to gain a higher rate of return by targeting healthcare providers because they firmly believe that organisations will pay their way out of an attack when under high-pressure factors. As the services that medical facilities provide are essential and often cannot be disrupted without severe risk to patients, ransomware is a weapon of choice. While healthcare companies may be prepared for such attacks, it is essential for hospitals to exercise best IT practice during a crisis because staff will be under pressure, potentially outside of their standard working spaces (remote, off-site, travelling) and likely to be dealing with a high volume of inbound messages concerning the outbreak. All healthcare practices must have antivirus and other cybersecurity solutions in place as well as access to security teams who can investigate any breaches to identify and address vulnerabilities. COVID-19 will not stop hackers, but now is a good time for all organisations to review their incident plans and to update them as needed.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.