Philadelphia is not only the City of Brotherly Love, but it’s also the name of a new variance of ransomware that is wreaking havoc in the healthcare industry by crippling computer operating systems.
“As with all ransomware, Philadelphia is generally associated with phishing and spear-phishing campaigns,” says Matt Anthony, vice president of Incident Response at the Herjavec Group, a global managed security service company, based in Los Angeles.
“Philadelphia is mostly distinguished by being part of a family that we would call 'ransomware-as-a-service',” Mr. Anthony tells Cosmetic Surgery Times. “This means that anyone can go to a website on the ‘dark’ web, which is the alternate, more private and secretive set of sites on the internet, usually accessed through a specialized browser. Once there, you can pay a fee to the authors of this service to download software. Then, as an amateur or extremely low-skilled person, you have access to the ransomware software.”
Such ransomware is “insidious in a way,” according to Mr. Anthony, “because it magnifies the capability of ransomware distributors and creates a profit stream on the back-end for creating the infrastructure to collect and distribute payments and reduces the need to author, or create your own, ransomware to enter the game.”
The ransomware usually infiltrates a healthcare organization through an email to an employee. The email typically looks legitimate and trustworthy, along with a link to click. “In healthcare, the link might be to a patient’s healthcare records associated with a patient transfer or an inquiry to a doctor with a link to a pharmaceutical company,” Mr. Anthony says.
Once the employee clicks the link, a piece of software is downloaded to their computer. The software will encrypt files on the user’s local drive and any network drive that can be gleaned from the computer.
Next, a notice appears on the computer screen that encryption has occurred and that the files are no longer available to the healthcare organization. Instructions are also provided on how to pay a ransom to recover all compromised files and operating systems.
Mr. Anthony says ransom amounts typically range from $500 to $3,000.
Healthcare is being targeted because it is viewed as a “high willingness to pay, due to the urgency of access to the records,” Mr. Anthony says. “There is also a suggestion that healthcare as a sector is more vulnerable than other sectors at this time. There may be weaker training or weaker protocols concerning information sharing, so there is a higher than usual likelihood that those employees will click.”
Fortunately, it is unlikely that any information will be exported or taken away from the organization, such as electronic medical records (EMRs) or a health information management system. Encryption is normally limited to user files like Word documents, Excel spreadsheets and databases.
Also, Philadelphia ransomware appears to have an effective, free decryptor tool. “It is nice when ransomware is engineered poorly enough that free decryptors are available,” Mr. Anthony says.
Denise Anderson, president of the National Health Information Sharing and Analysis Center, says that ransomware hackers seek out entities that have a particular vulnerability or set of vulnerabilities in their environment. “These hackers detect vulnerable systems by scanning the internet; or by using the search engine Shodan, which reveals devices connected to the internet,” she says.