We know that ransomware is a big issue for veterinary hospitals. If things weren’t bad enough, we are seeing ransomware attackers adding a 3rd attack to their tool chest.
At first they started with:
“If you don’t pay, you won’t get your data back.”
This is the original ransomware tactic. It’s a denial of service against your veterinary practice data. You pay, and you (sometimes) get your data back.
Then, within the last year or two, they started adding a second technique, which is stealing the data before they encrypt it—and then if you don’t pay they threaten to release that data and embarrass your business.
They then added Blackmail to ‘sweeten’ the deal
“If you don’t pay, we’ll release this data to the public.”
Now we will take your business offline if you don’t pay
And now they’re adding a third tactic, which is a denial of service again, but at the business/network level. They threaten to DDoS your company so customers can’t use your service. For most veterinary hospitals this means you won’t have access to anything that is on the web, phones or credit card processing.
“If you don’t pay, we’ll knock your business offline.”
This is a brilliant set of options for an attacker, and they seem to be moving from left to right, which is the order in which they became popular. They start by asking practice owners if they want their data back. If they have good backups, or don’t need the data, they threaten to release that data to the public, and if that doesn’t work they now seem to be pivoting to a threat to take the business offline using a DDoS attack.
All three cases target the veterinary practices ability to make money. The first and third are direct hits to the ability to do business itself, and in the case of embarrassment, it’s an attack on reputation, finances, and resources via lost customers, fines, etc.
The thing that makes these groups so dangerous is their ability to evolve their attack techniques. And that’s not just the quality of their malware (unwanted software), but the effectiveness of their approaches to victims.
Some groups play the sympathy card, and apologize for asking for the ransom. Others pretend their threats are “findings” that are part of a bug bounty program, which gives the company the out of paying security researchers instead of hackers.
Whatever the tactic, the problem is that the attackers are evolving a lot faster than defender defenses. And we should expect that gap to continue and even widen in the coming months and years.