Download the all-new Republic app:

Published 13:13 IST, July 7th 2022

North Korea's hackers targeting multiple health organisations with ransomware, warns US

FBI and other investigation agencies have warned that the North Korean government-backed hackers could increase the cyberattack on health services.

Reported by: Ajeet Kumar
Follow: Google News Icon
  • share
Image: AP/Pixabay | Image: self
Advertisement

The US Federal Bureau of Investigation (FBI) and other investigation agencies have warned that the North Korean government-backed hackers could increase the cyberattacks like last year and added the health service providers to upgrade their security to avert such a situation. According to the intelligence agencies, the Korean hackers targetted a number of health service providers, resulting in the disruption in their operations. In some cases, it said the operations were affected for quite a long time. In an updated advisory released on Wednesday, the FBI, Department of Treasury and US Cybersecurity and Infrastructure Security Agency (CISA), appealed to the hospitals to upgrade their system security in order to avert any possible attacks by North Korean hackers.

Explaining last year's incident, the intelligence agencies claimed that North Korea used ransomware to encrypt computer systems hosting electronic health records and diagnostics and imaging services which resulted in disruption in hospital operations. In a statement released on July 6, it said the FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks.

Advertisement

"Specifically, the updated advisory encourages U.S. entities to adopt and improve cybersecurity practices and report ransomware attacks to, and fully cooperate with, law enforcement. The updated advisory states that when affected parties take these proactive steps, the Treasury’s Office of Foreign Assets Control (OFAC) would be more likely to resolve apparent sanctions violations involving ransomware attacks with a non-public enforcement response," it added. 

It has also released points for the health services sector to prevent ransomware attacks: 

  • Install updates for operating systems, software, and firmware as soon as they are released. 
  • Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.
  • Regularly check for software updates and end-of-life notifications and prioritize patching known exploited vulnerabilities. 
  • If you use Remote Desktop Protocol (RDP), or other potentially risky services, secure and monitor them closely.
  • Limit access to resources over internal networks, especially by restricting RDP and using virtual desktop infrastructure.
  • Monitor remote access/RDP logs, enforce account lockouts after a specified number of attempts to block brute force campaigns, log RDP login attempts, and disable unused remote access/RDP ports.
  • Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
  • Require administrator credentials to install the software.
  • Audit user accounts with administrative or elevated privileges and configures access controls with the least privilege in mind.
  • Install and regularly update antivirus and antimalware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
  • Consider adding an email banner to messages coming from outside your organization.
  • Disable hyperlinks in received emails.

Image: AP/Pixabay

13:13 IST, July 7th 2022