Ransomware Attack - ZADIG Smart

Ransomware Attack

Having the ability to both break down a corporation’s IT system and exfiltrate sensitive data, ransomware are one of the most lethal malware existing in the wild.
Their operation principle is really simple: do you want your data back? Pay us the ransom.

See how SMART can easily protect you against this type of attack.

The Stage

This leading healthcare institution provides a wide range of medical services to its patients. As the hospital’s digital infrastructure and reliance on technology continue to grow, ensuring robust cybersecurity measures has become a top priority.

This hospital operates in a highly interconnected environment, with an extensive network of medical devices, electronic health records (EHR) systems, and communication platforms.
The hospital handles a significant volume of personal health information (PHI), making it an attractive target for cyber threats such as ransomware attacks, data breaches, and unauthorized access attempts.

Morning
07:23		Morning 07:23 A targeted phishing email is sent to an unsuspecting employee. The email contains a link to download a malware that allows the attacker to establish a foothold within the hospital's systems
08:12		08:12 The phishing link is clicked and the malware downloaded. The malware immediately starts scanning the network for relevant devices, such as NAS, Servers and other relevant targets.
09:15		09:15 Exploiting a public vulnerability on an outdated software, the malware moves himself on the central NAS. Here, transparently replacing the content of all Office Documents with himself, it starts moving on every connected computer. Since the docs are still readable and editables, no-one notice its presence
Afternoon
16:18		Afternoon 16:18 The propagated malware has established on nearly every computer. An automated backrgound scan starts looking for useful files, such as credentials or patients data.
17:17		17:17 The malware starts a coordinated attack on every infected computer, starting a ransomware. Nearly every file on the hospital, ranging from invoices to prescriptions and patients record, is now fully encrypted and unrecoverable.
17:31		17:31 The news of the attack is received by the IT department, that starts, immediately, the backup restoring procedure.
Evening
23:58		Evening 23:58 Due to a bad backup management strategy, and facing a lasting, complete halt in operations, the hostpital has no other option than pay the ransom.

The Consequencies

Disruption of Operation

6 hours of data inaccessibility, 43 operations delayed, 721 canceled scheduled medical checks. Luckly, no deaths.

Financial Consequences

Over 1M$ ransom is expensive, even for a big hospital. All this without considering collateral costs from the attack, or legal consequences.

Reputational Damage

Hospitals are designed to withstand every type of disaster, however in this case if was knocked down by a simple phishing attack. Safety concerns are obviously rising.

ZADIG Smart
provides at least three solutions to stop this attacks

A strong url filter, a battle-tested backup solution and a proprietary Targeted Malware Defense.

Those are the three main requirements for this hospital, to guard himself from similar attacks.

Do you wish to prevent and eliminate these threats?

Url Filtering

Stopping many malware from even arriving to your computer is quite simple, no matter how hard it seems. The same URL filter you already trust for blocking phishing pages can easily block access to known malware-related domains, even when accessed from unstrusted or uncontrolled software or devices. In ZADIG Smart there is no way you can skip this filter, so there is no way you could have downloaded this ransomware...

Backup Solution

3-2-1 rule is old, very old. With the introduction of the cloud, there is no more a separation between online backup and offsite backup. In addition, many ransomware, today, doesn't show their action till a later date, to prevent backups from being restorable. Our backup solution is different. It provides live backup, with per-file version history and notification when an abnormal activity is detected. We love creating the rules, not adapting to them!

Targeted Malware Defense

Breaking Ransomware from the inside. It seems impossible, but we can do it. We have collected a wide range of known network fingerprint that in many cases allows us to stop the ransomware from acting without any interaction with the host, just by intercepting his network traffic. And it doesn't matter if the ransomware was installed from an offline USB stick, we can stop it anyway!