Image: © AFP
Costa Rica’s public health service, known as the Costa Rican Social Security Fund (CCSS), has been forced to take its systems offline after being hit by Hive ransomware. Hive is an affiliate-based ransomware variant used by cybercriminals to conduct ransomware attacks, part of the so-termed ‘ransomware-as-a-service’ threat offering.
Hive ransomware is a data encryption malware that has recently come to the public’s attention through its attacks targeting the Memorial Health System, in the U.S. Here, employees had to use paper charts to go on working as their computers got encrypted.
Now another health system has been impacted. In a statement on Twitter, the CCSS said the attack started early on Tuesday morning and that an investigation was being conducted. The health service did indicate that its databases containing information on payroll and pensions had not been affected.
Looking into this latest and impactful attack for Digital Journal is Keith Neilson, Technical Evangelist at CloudSphere.
According to Neilson the attack is part of a series of incidents, ones that are al too commonplace: “Ransomware gangs are increasingly targeting government organizations, and with Russian leaders refusing to prosecute the REvil gang following the largest ever U.S. ransomware attack on Kaseya last year, cybercrime isn’t expected to let up any time soon.”
The threat levels means that organizations need to put appropriate measures in place, as Neilson opines: “Now more than ever, government organizations entrusted with the collection and storage of highly sensitive data have a responsibility to be hypervigilant in their security and governance practices.”
With the most recent incident, Neilson finds: “This attack on Costa Rica’s public health agency serves as a reminder that a comprehensive cybersecurity strategy begins with cyber asset management.”
In terms of what needs to be done, Neilson recommends: “To properly secure sensitive data, organizations must take the first step of cyber asset management by discovering all cyber assets hosted within the IT environment.”
Without such measures, the risk is: “Without a comprehensive inventory of these cyber assets, organizations have no way of detecting potential risk points for a ransomware attack (let alone remediating them) until it is too late.”
The advantages of such an approach, according to Neilson, are: “Once all cyber assets are accounted for, IT leaders can establish clear, real-time visibility of the attack surface and effectively implement security guardrails across the entire IT landscape.”