Ransomware-Related Death in Germany

23/09/2020 14:19:18


Ransomware has thus far been a frightening prospect for business owners and IT professionals, but the first ransomware-related death, which occurred in Germany this week, has the public fascinated and frightened.

A woman in need of life-saving treatment died after a ransomware attack struck Duesseldorf University Clinic in Germany, “crippled the entire IT network of the hospital" and forcing them to evacuate patients to other hospitals and treatment centers. Although the IT systems are being recovered, there has been no ransom demand issued as of yet, and no word on what patient and hospital data was lost in the attack. Last week, 30 hospital servers were encrypted with a vague note left, encouraging the hospital to reach out to the attacks, but without a ransom amount or time limit included. Luckily, when the attackers were contacted by the police who informed them that the hospital was crippled, not the University, the hackers abandoned the attack and provided the digital key to decrypt the stolen files.

Mohit Tiwari, Symmetry Systems Co-Founder and CEO says of the recent spate of hospital and healthcare ransomware attacks, "Perhaps the shift in mindset that hospital executives have to get to is that compute infrastructure in hospitals is key to healthcare, and computing failures are healthcare failures. Further, computing flaws are highly correlated and can spread quickly -- ransomware or breach of large data stores or compromise of medical equipment on a network. With the right investments, there is recent technology that can lift and shift certified workloads into safer virtual machines and put defences around it, and better identity and authorization methods that prevent small errors from scaling out organization wide.”

Rick Holland, CISO and VP of Strategy at Digital Shadows said that “In the early days of COVID-19, we saw actors stating that they wouldn't target healthcare, so at least some criminal element is publicly against these sorts of attacks….Still, any attacks that result in the loss of life will only increase the criminals'  risk of indictments and arrests. It will be interesting to see how targeting evolves in the future due to this tragic event, but I wouldn't place bets on all criminals avoiding healthcare institutions. There is no honor among thieves.”

Health IT Security reports that 41 healthcare providers have reported attacks in the first half of 2020, but predicts that the number could potentially be higher, as some facilities are choosing not to report attacks, if at all possible. While it has been widely reported that healthcare providers are investing in IT security measures, it would be a fair assumption that many more will be looking to secure their networks after this death, which was directly attributed to a ransomware attack.

Some of the solutions healthcare facilities are deploying to protect their networks from infiltration include next generation firewall, endpoint protections, cloud-based virtual desktops & servers as well as secure web gateways, designed to secure mobile and remote connections to the internal network and cloud resources to provide vital access in emergency situations.

For example, Shifa International Hospital, in Islamabad, Pakistan is a JCI (Joint Commission International) accredited 550-bed healthcare facility, with a history of supplying quality healthcare services for over 25 years. Shifa International Hospital is one of the most technologically progressive hospitals in Pakistan, with advanced facilities. Shifa approached Sangfor searching for comprehensive security protection for their Health Management Information Systems (HMIS), a demilitarized zone (DMZ) setup where user groups can directly access the server group and a simplified way to read and report on millions of raw security logs to determine complex data centre security status. In addition, Shifa lacked the ability to identify vulnerabilities and risk to their existing production servers requiring more comprehensive control of gateway devices.

Sangfor deployed their Web Application Firewall (WAF) for layer 7 application protection for Health Management, Information Systems (HMIS) and Oracle Databases and a demilitarized zone (DMZ) setup, to protect against malicious threats and attacks from outside and inside. Sangfor’s NGAF application firewall with its integrated WAF provided an easy & graphical overview of data center security status, automated risk assessment and web vulnerability scanning and automated high availability of gateway devices (active-standby).

The Mariano Marcos Memorial Hospital and Medical Center (MMMH & MC) is the biggest public hospital in Locos Norte province of the Philippines, in the city of Laoag. MMMH & MC is the only level-3 hospital (the highest level) in the region that offer CT. In 2012, MMMH & MC started their digital transformation, with iHomis (hospital information system) & MedSys supported by the DOH (Department of Health). With more and more systems being digitalized and patient quantity increasing, the IT infrastructure had become critically challenged being plagued with performance issues, potential high risk of failure without a high availability option, and maintaining a lagging legacy system monopolizing IT resources and time.

Sangfor deployed their HCI cloud solution which improved efficiency for hospital IT, and thus all staff, protected their data by providing Continuous Data Protection (CDP) which allowed them to recover faster from ransomware attacks, and improved business continuity for their iHomis system, all with quick deployment and live migration, meaning no downtime for Mariano Marcos Hospital.

Many healthcare providers are choosing to deploy Sangfor NGAF, the world's first AI-enabled and fully integrated Next Generation Firewall  with integrated Web Application Firewall providing all-around protection from all threats and powered by innovations like Neural-X and Engine Zero. A truly secured, integrated and simplified firewall solution, it provides a holistic overview of the entire organizational security network, with ease of management for administration, operation & maintenance, making protection from ransomware fast, simple and automated.

Sangfor NGAF includes integrated Sangfor Endpoint Secure, the future of endpoint protection.  Working with NGAF, the Endpoint Secure Ransomware Honeypot and One-Click Kill for malicious files across the network can respond to and mitigate ransomware encryption faster than any other solution available today.

Sangfor Incident Response & Compromise Assessment Services

In the event of an attack, Sangfor Incident Response (IR) starts with an  investigation service which will inevitably locate the malware, which can then be contained. After identification of the malware/ransomware family, which determines what steps need to be taken to stop the attack, Sangfor IR professionals trace and block the attack source and provide recommendations on improving security and strengthening network defences to mitigate risk for further attack.

Sangfor also provides a network threat identification, analysis, and risk assessment (Compromise Assessment) service as well. This service is for customers who have suffered an attack by malware and now fear that residual and unnoticed malwares have bypassed existing security protection mechanisms. This service could uncover any hidden malware or backdoor event, data leakage event, exploitation event, brute force attack event, reconnaissance event, east-west attack event, anomalous UEBA (User and Event Behavioral Analytics) event as well as many others.

Sangfor IR is currently free of charge for all public healthcare institutions located in Southeast Asia. Contact Sangfor now for more information!


Why Sangfor?
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.