Microsoft Warning: Human-Operated Ransomware Targeting Healthcare Industry Right Now

As if the healthcare industry didn't have enough to deal with right now.

As COVID-19 pushes the world to work remotely, home network devices and VPNs are at the front lines of protecting corporate networks. And ransomware criminals are jumping on the opportunity.

And the organizations most at risk are also those working the hardest to battle this pandemic: the healthcare industry.

Microsoft issues alert about human-operated ransomware

VPNs and home networking devices are critical for maintaining productivity and social distancing. Unfortunately, they're also critical for hackers.

According to an alert from the Microsoft Threat Protection Intelligence Team, ransomware threats have been on the rise as a result of this remote shift. And they say human-operated ransomware deserves particular attention right now.

Microsoft explains what makes this threat different:

"Human-operated ransomware attacks are a cut above run-of-the-mill commodity ransomware campaigns. Adversaries behind these attacks exhibit extensive knowledge of systems administration and common network security misconfigurations, which are often lower on the list of 'fix now' priorities.

Once attackers have infiltrated a network, they perform thorough reconnaissance and adapt privilege escalation and lateral movement activities based on security weaknesses and vulnerable services they discover in the network."

While these attacks can effect any organization, Microsoft is placing a particular attention on hospitals. Facing COVID-19 head-on, the healthcare industry is more vulnerable than ever and needs cybersecurity support:

"As part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.

To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others."

How to reduce your risk for human-operated ransomware

Remember, everyone could be at risk for these attacks.

It's not just hospitals. So every organization and even individuals can take steps to secure themselves.

Microsoft has these recommendations to safeguard against vulnerabilities:

• Apply all available security updates for VPN and firewall configurations.
• Monitor and pay special attention to your remote access infrastructure. Any detections from security products or anomalies found in event logs should be investigated immediately. In the event of a compromise, ensure that any account used on these devices has a password reset, as the credentials could have been exfiltrated.
• Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. To address malicious activity initiated through weaponized Office documents, use rules that block advanced macro activity, executable content, process creation, and process injection initiated by Office applications. To assess the impact of these rules, deploy them in audit mode.
• Turn on AMSI for Office VBA if you have Office 365.

In uncertain times like these, where the shift to remote work has been so rapid and wide-scale, protecting your digital health is just as important as your physical health.

Interested in Microsoft's efforts to help hospitals with ransomware? Check out the report here.