MARCH 2021 - The global COVID-19 pandemic has disrupted the cybersecurity landscape, with ransomware seeing some of the largest pivots in attacker strategy, leaving organizations across sectors - including healthcare - vulnerable.

Data from CrowdStrike Intelligence services reveals a surge in ransomware attacks during the pandemic, with data extortion becoming the most used attack method – with 1,430 incidents reported globally in 2020.

The healthcare sector ranks in the top five most targeted by ransomware data extortion last year, reporting 97 incidents:

This is up 580% compared to pre-pandemic times (Q1 2020), despite Despite Big Game Hunters – threat actors who target bigger, more secure targets for larger ransoms – such as TWISTED SPIDER claiming they would refrain from infecting medical organizations until the pandemic had stabilized

But in reality, TWISTED SPIDER was responsible for at least 26 successful healthcare ransomware infections with their Maze and Egregor families. This is the highest out of any Big Game Hunter. In total, 18 Big Game Hunters infected 104 healthcare organizations last year.

In early 2020, as countries worldwide declared public health emergencies, a growing trend in ransomware actors targeting countries' healthcare organizations began to form. Hackers aimed to gain access to sensitive information relating to COVID-19 positive cases and scientific research into possible treatments.

North Korea and Russia both reported staggeringly low COVID-19 cases early on in the pandemic, fuelling ransomware attackers' interest in accessing personal healthcare information. In August 2020, it was also revealed by a data leak that Iran had covered up virus-related deaths.

This was followed by the race to get vaccines developed, approved and administered to patients – a vital project of both ethical and political paramount, but one which was equally as valuable to ransomware actors.

Looking at some of the other worst-affected industries, the industrials & engineering sector reported the highest number of data extortion ransomware attacks in 2020 (229 incidents). This is closely followed by manufacturing (228 attacks), technology (145 attacks) and retail (142 attacks).

It's clear data extortion has become the most lucrative ransomware method used by cybercriminals worldwide and the COVID-19 pandemic has certainly accelerated this shift.

The data also highlights that healthcare organizations have become one of the main targets for ransomware attacks, meaning now, more so than ever, organizations need to invest in and strengthen their cybersecurity defenses with products including cloud-delivered endpoint protection.

To explore the data in full, click here.


About CrowdStrike 
CrowdStrike is a global cybersecurity technology company based in Sunnyvale, California. It provides endpoint security, threat intelligence, and cyberattack response. 

Health IT Homepage