GuidePoint Security researchers report Mount Locker Ransomware Steps up Counter-IR Capabilities, Hindering Efforts for Detection, Response, and Investigation. The group is using more sophisticated scripting, maybe rebranding as “Astro Locker,” and has added new security evasion features. GuidePoint indicates that campaigns may be targeting biotech and healthcare-adjacent industries. An expert with Veridium offers perspective.
<p>There has been a 72% increase in ransomware over the past year that can be correlated with the COVID19 related shift to remote work and the increased use of non-company-provided computers and smartphones. Complex passwords that are often written down are quite common across the Healthcare sector making the environment especially vulnerable to credential theft. Password reuse also facilitates easier lateral movement of such attacks between various IT systems as ransomware groups seek out Personally Identifiable Information (PII). Biotech firms and healthcare institutions should look at adopting passwordless authentication methods such as “phone as a token” and /or FIDO2 in order to strengthen the digital identity of all users. This could reduce the incidence of credential theft and ransomware thereby keeping patient data safe as well as improving user experience and productivity for both providers and staff.</p>