Healthcare networks targeted in ransomware assaults

Healthcare groups in the US are under attack by criminals carrying out ransomware attacks, according to Cisco.

Ransomware infects computers and networks and encrypts data, with the perpetrators extorting money out of victims before restoring access. A Reuters report suggests the FBI has appealed for help from US companies affected by the attacks in a bid to identify those responsible.

Cisco's Talos unit said earlier this month that it had encountered a "widespread campaign" in which a ransomware variant - known as Samas/Samsam/MSIL.B/C (SamSam) - which works in a different way to more commonly-encountered attacks.

While most ransomware rely on focused attacks using vehicles such as phishing campaigns, the SamSam attacks are more insidious and are distributed across networks via remote execution techniques to compromise additional machines.

"A particular focus appears to have been placed on the healthcare industry," says Cisco Talos, with hospital networks seemingly being targeted. It adds that the amount extorted from victims has risen from 1 bitcoin (around $415) for each infected PC to 1.5 bitcoins or more, or 22 bitcoins for bulk decryption.

"Ransomware continues to persist as a successful cybercrime business model," says Talos. "This technique is proving to be a profitable affair for criminals and will continue to be a threat to the Internet at large until a more profitable technique is discovered."

While it is important to invest in defense software, one of the most effective ways companies can protect themselves is to ensure they have robust data back-up systems in place.