As ransomware attacks surge and increasingly target vulnerable sectors like healthcare, the federal government’s financial crimefighting team is raising the alarm.
The U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence on Thursday (Oct. 1) issued a pair of ransomware alerts.
The advisories come amid an upsurge in attacks, with hackers increasingly targeting smaller healthcare organizations and municipalities “due to the victims’ weaker cybersecurity controls, such as inadequate system backups and ineffective incident response capabilities,” according to a press release issued by the Treasury Department.
Ransomware attacks jumped 37 percent in 2019, with losses from these scams surging 46 percent, according to FBI statistics.
That said, even larger healthcare companies are not immune, with Universal Health Services, one of the nation’s largest hospital chains, hit over the weekend with a “crippling ransomware attack,” The Wall Street Journal reports.
Universal Health was forced to divert ambulances from some hospitals, while medical records, pharmacies and labs went offline at 250 different facilities, according to WSJ.
“Cybercriminals have deployed ransomware attacks against our schools, hospitals and businesses of all sizes,” said Deputy Secretary Justin G. Muzinich. “Treasury will continue to use its powerful tools to counter these malicious cyber actors and their facilitators.”
An advisory issued by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) details a number of financial red flags, and also details ransomware trends and typologies and how to report information on ransomware attacks.
According to FinCEN, common tactics include “wide-scale phishing and targeted spear-phishing campaigns that induce victims to download a malicious file or go to a malicious site” as well as “‘drive-by’ malware attacks that host malicious code on legitimate websites.”
Meanwhile, the Treasury’s Office of Foreign Assets Control, or OFAC, issued a separate advisory highlighting the “sanctions risks associated with facilitating ransomware payments on behalf of victims targeted by malicious cyber-enabled activities.”