Hackers vs Businesses Leaders XX Battle of Cyber Interruption XX

Show Notes

This conversation delves into Hackers vs Businesses Leaders. Battle of Cyber Interruption. It delves into the alarming rise of ransomware attacks, their impact on businesses and healthcare, and the evolving landscape of cybercrime. It highlights the staggering financial costs, the organized nature of cybercriminal operations, and the legal implications for companies. 

The discussion also emphasizes the urgent need for robust cybersecurity measures and the importance of preparedness in the face of these threats.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Chapters

• 0:00: The Rising Threat of Ransomware
• 4:56: Understanding the Cybercrime Landscape
• 10:26: Legal and Regulatory Implications
• 12:19: Successes in Combating Ransomware
• 15:15: The Impact on Healthcare
• 20:10: Conclusion and Call to Action

Transcript

Topics: hackers and business interruption, business interruption what hacker do, how hackers disrupt business, how to avoid business interruption, what business leaders need to know about cyber attacks, when ransomware kills, how ransomware kills business growth, healthcare cyber attacks. what to know., how cyber attacks interrupt business, what small business needs to know about ransomware, business interruption. how to avoid it today, 

This conversation delves into the alarming rise of ransomware attacks, their impact on businesses and healthcare, and the evolving landscape of cybercrime. It highlights the staggering financial costs, the organized nature of cybercriminal operations, and the legal implications for companies. The discussion also emphasizes the urgent need for robust cybersecurity measures and the importance of preparedness in the face of these threats.

 

takeaways

• ·       Ransomware is predicted to cost organizations $265 billion annually by 2031.
• ·       The average ransomware payment has doubled to over $1.5 million in 2023.
• ·       More than 40% of smaller organizations that paid a ransom reported payments of $1 million or more.
• ·       Many cybercriminal operations are organized and operate with impunity.
• ·       The dwell time between initial access and ransomware deployment has shrunk dramatically.
• ·       Companies can face legal penalties even if they are victims of cyber attacks.
• ·       Law enforcement is improving in tracking and disrupting ransomware operations.
• ·       Ransomware attacks on healthcare can lead to life-threatening consequences for patients.
• ·       Cybercriminals target healthcare organizations because they are likely to pay ransoms.
• ·       Investing in cybersecurity measures is crucial for businesses of all sizes.

·       Chapters

• 00:00 The Rising Threat of Ransomware
• 05:16 Understanding the Cybercrime Landscape
• 10:31 Legal and Regulatory Implications
• 12:26 Successes in Combating Ransomware
• 15:16 The Impact on Healthcare
• 22:54 Conclusion and Call to Action

Dino Mauro (00:01.507)
you

Dino Mauro (00:06.198)
Join us as we go behind the scenes of today's most notorious cybercrime. Every time we get online, we enter their world. So we provide true storytelling to raise awareness, interviewing global leaders, making an impact and improving our world.

Translating cybersecurity into everyday language that's practical and easy to understand. We appreciate you making this an award-winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is cyber crime junkies and now the show.

Dino Mauro (00:56.044)
Ransomware attacks a minor inconvenience for businesses, far from it. Today we're discussing how these digital threats are costing small businesses millions this year and for larger companies, it is costing them billions. In short, it is reshaping the entire cybersecurity landscape. That's right. And it's a problem that's growing at an alarming rate.

Can you give us some perspective on just how big this issue has become? Well, the numbers are staggering. According to cybersecurity ventures, ransomware is predicted to cost victim organizations $265 billion annually by 2031. That's a massive jump from just 5 billion in 2017. And what's really concerning is that it's not just big corporations being targeted anymore.

Hmm. So smaller businesses are at risk too. How much are these attacks typically costing companies? The average ransomware payment doubled in just one year, reaching over $1.5 million in 2023. That translates to an average of $1.5 million for a small business with less than 500 employees. That's brutal. I'm Ann, come one.

That's enough to torpedo them and shutter their doors. What's more, the average number of days a small business is down during a cyber attack is 23 days. Most small businesses cannot survive being completely offline for 23 days. Sales will stop, growth will stop and go backwards. Production and payroll all will stop. And get this, more than 40 % of smaller organizations that paid

a ransom reported making payments of $1 million or more. We're talking about potentially business ending amounts of money here. That's huge. But I've heard that many attacks go unreported. Is that true? Absolutely. The FBI estimates that only about 20 % of attacks are actually reported to law enforcement. So the true scale of this problem

Dino Mauro (03:17.56)
could be much larger than we realize. It's a sobering thought, isn't it? It really is. So who's behind these attacks? Are we still dealing with loan hackers or has it become more organized? it's become incredibly organized. See, we're talking about sophisticated operations with ties to organized crime and even nation states. They are extremely well, well funded. What's not commonly known is that

Most of these crime gangs operate with complete impunity. They will not be prosecuted. So they operate like the Wild West in a massive gold rush. Bottom line is they will not face consequences for putting a small business out of business and bankrupting them. They run like well-oiled machines with different specialists handling various aspects of the attack. It's almost like they've adopted a business model. That's fascinating and terrifying.

Can you break down how that works? Sure thing. So you've got initial access brokers who specialize in penetrating networks and then sell that access to others. Then there are the ransomware as a service providers who offer the actual software platform and back end support. It's like a twisted version of software as a service. Wow. They've really industrialized the process. Are there any connections between these cyber criminal groups and state actors?

That's one of the most concerning developments. There's a growing overlap between cyber criminal groups and nation state actors. Some countries are even using ransomware gangs as proxies to maintain plausible deniability for their actions. It adds a whole new layer of complexity to the threat landscape. So with all these sophisticated actors involved, how are they actually getting into systems? What are the most common attack vectors?

Well, despite all the high tech aspects, one of the top methods is still good old fashioned phishing and other social engineering attacks. They're constantly refining their techniques to trick employees into clicking malicious links or opening infected attachments. I've seen some of these emails and they can be incredibly convincing. IT just goes to show that the human element is still a critical factor in cybersecurity.

Dino Mauro (05:45.346)
What other methods are they using? Exploiting vulnerabilities in remote desktop protocols and VPNs is another common tactic. They're also compromising legitimate websites to serve malware, exploiting software supply chains and taking advantage of unpatched vulnerabilities. It's like they're attacking from every angle. And once they're in, how quickly can these attacks unfold? That's one of the most alarming

The time between initial access and the deployment of ransomware, what's called the dwell time, has shrunk dramatically. It used to be weeks, but now it can be as little as a few hours in some cases. That's incredibly fast. It must make it much harder for organizations to react and mitigate the damage. Exactly. And that brings us to an important point.

the aftermath of these attacks. Beyond the immediate financial impact of the ransom itself, businesses are facing a whole host of other consequences. The legal and regulatory landscape has become increasingly complex and punitive. How so? Are companies being held responsible even when they're the victims of an attack? In many cases, yes.

Even if a company is the victim of an attack, they can face severe penalties if they found to have had inadequate security measures or if they mishandle the aftermath. Take the case of Uber, for example. After a data breach in 2016 that affected 57 million users, tried to cover it up and pay off the attackers. This led to a $148 million dollar settlement with state attorneys

general and criminal charges against their former chief security officer. That's a stark reminder that how you respond to an attack is just as important as trying to prevent one. So what can businesses do to protect themselves? Well, there are definitely steps companies can take to improve their security posture. Investing in dedicated anti-ransomware solutions is a good start. These use AI and machine learning to detect and stop attacks that might slip past traditional security tools. But more

Dino Mauro (08:11.618)
basic measures are still crucial too. Like what? Like preparing and testing your preparation. What I mean is this, less than 24 of small businesses have in place what is called an incident response plan and to practice it once or twice a year in a real life like simulation called tabletop exercises.

These have been proved to reduce the length of a cyber attack, reduce the cost and reduce the long-term impact. And yet small businesses do not usually have them. Now think of it like this. We all had fire drills in school, right? Why did we do them? Because if we did not practice them and have a plan in place, children would die in a real fire. Today we have these brilliant minds building these excellent multi-million

dollar brands and yet they fly completely blind and are totally unprepared. wow. That makes perfect sense. I'm totally shocked that more do not prepare as they should. Let me ask you this. It sounds like a multi-layered approach is necessary. Any thoughts on how companies should approach their overall security strategy? Great question.

Patch management is absolutely critical. According to a survey by the Poneman Institute, the average time from a patch becoming available to it being installed is 102 days. That's a huge window of opportunity for attackers. Regular backups, strong access controls, and network segmentation are also vital. And don't underestimate the importance of employee training. Human error is still a major factor.

in many successful attacks. I think the key is to not just focus on prevention, but also on resilience. Companies need to have robust incident response plans and regularly test them. This includes conducting tabletop exercises to simulate different types of incidents and how the team would respond. They should be prepared for worst case scenarios and have a clear plan for how to recover and communicate

Dino Mauro (10:31.882)
if an attack does occur. That makes a lot of sense. It's not just about trying to stop attacks, but being ready to handle them when they inevitably happen. Exactly. And part of that preparedness involves understanding the potential legal and regulatory consequences. We're seeing a shift in how authorities are approaching these incidents. For example, the S.J. recently

charged SolarWinds and its CISO with fraud and internal control failures related to a major cyber attack. The complaint alleges that they knew about security vulnerabilities but didn't disclose them to regulators or investors. that's a significant development. It sounds like executives could be personally liable for how their companies handle cybersecurity. That's right, and it's a trend we're likely to see more of. The SEC has made it clear that they expect

companies to be transparent about their cybersecurity risks and incidents. They've introduced new rules requiring publicly traded companies to disclose material cybersecurity incidents within four business days. Four days doesn't seem like a lot of time, especially when you're in the middle of dealing with an attack. Does that create any potential issues? It certainly can. There's a tension between the need for quick disclosure.

and the time it takes to fully understand the scope of an attack. Disclosing too early might mean providing incomplete or inaccurate information, which could cause unnecessary panic among investors. On the other hand, waiting too long could run afoul of the SEC's rules. Hmm. It sounds like companies are in a bit of a catch-22 situation. Are there any positive developments in the fight against ransomware? While the overall trend

is concerning, there are some reasons for optimism. Law enforcement agencies around the world are getting better at tracking and disrupting ransomware operations. For example, in January 2023, the FBI infiltrated the Hive ransomware groups networks and provided decryption keys to victims, preventing about $130 million in ransom payments. That's encouraging to hear. Any other success stories?

Dino Mauro (12:56.75)
There have been a few. In November, 2023, the US Department of Justice announced that it had seized websites and disrupted the infrastructure of the ALPHVE Black Cat Ransomware Group, one of the most prolific operators. They even developed a decryption tool that helped over 500 victims recover their data without paying a ransom. Those are significant victories.

It sounds like authorities are starting to catch up with these cyber criminals. They are making progress, but it's important to remember that this is an ongoing battle. As law enforcement improves its capabilities, the cyber criminals adapt and develop new techniques. It's a constant cat and mouse game. So what's the takeaway for businesses and individuals? How should they be thinking about this threat? I think the key is to get the right advice.

Most small business leaders get security advice from IT people rather than from security experts. Security engineering is not IT engineering. Two separate specialties, expertise and impact for a business. Small business leaders in order to sleep at night honestly need to have security experts with 24 seven eyes of glass hunting for threats.

that regular IT folks are not capable of detecting. There is a massive detection problem and education problem in small business today. They must learn, and this is not my opinion as this is based on widely known industry reports, that they need to recognize that ransomware and data extortion are threats that aren't going away anytime soon.

businesses of all sizes need to take this seriously and invest in both prevention and preparedness. This means not only implementing strong technical controls, but also training employees, developing incident response plans, and staying informed about the evolving threat landscape. That's excellent advice. It's clear that this is a complex issue with no easy solutions. So let's talk about healthcare a bit, okay?

Dino Mauro (15:16.438)
Okay. When ransomware attacks hit healthcare organizations, it puts lives at risk. And in the past few years, there are a ton of cases where injuries and death have resulted. I mean, it's scary. Ransomware attacks on healthcare organizations aren't just about stolen data or financial losses. They can result in life-threatening consequences for patients. These incidents often delay critical medical treatments, misdiagnosed conditions,

and in extreme cases lead to injury or death. Let's explore some details about how ransomware can kill through its devastating impact on healthcare systems. First, I want to address the critical connection between time and patient outcomes. Cool? Cool. Okay, well here's my take. Healthcare systems rely heavily on digital infrastructure for patient care. Electronic health records, EHRs,

diagnostic tools and communication systems are the lifelines of modern medicine. When ransomware encrypts this data or shuts down these systems, even momentary delays can have catastrophic outcomes. For example, Springhill Medical Center 2019, a ransomware attack on this Alabama hospital rendered vital fetal monitoring systems inaccessible during a birth. Tragically, this led to the death of a newborn from

complications that could have been detected earlier. The lawsuit filed by the baby's family underscores the critical role of uninterrupted systems during medical emergencies. Holy crap, I hadn't heard about that one. That is terrible. A newborn baby died? Yes. It's freaking horrible, I know. Yes, T, a newborn baby died from that ransomware attack. Here's another one. Universal Health Services, 2020.

A massive ransomware attack forced this healthcare giant to divert ambulances and cancel surgeries across its 400 facilities. Staff were locked out of EHR systems, which led to handwritten notes and significant delays in patient care. Patients could not get cancer treatment and operations had to be canceled. And in our ally country of Germany at Dusseldorf University Hospital 2020,

Dino Mauro (17:38.486)
A ransomware attack in Germany caused an IT system failure that forced emergency patients to be rerouted to other facilities. These were hours away in emergency medical care where every minute counts. These delays contributed to the death of a critically ill woman who could not receive treatment in time. Holy crap. I hadn't heard about that one either. That is just horrible. and it doesn't stop there.

Here at home in Indianapolis, there was one, Eskenazi Health 2021. This ransomware incident resulted in surgeries being delayed or canceled, leaving patients in limbo for essential and critical medical procedures. While the hospital didn't disclose specific patient outcomes, the disruption raised alarms about the consequences of delayed care. What about misdiagnoses and compromised medical judgment?

When ransomware hits, doctors and nurses are often forced to rely on outdated or incomplete medical records, increasing the risk of medical errors. In one case, a hospital subjected to a ransomware attack reported misdiagnosing a patient due to a lack of access to updated radiology results. And does that also result in delayed cancer treatments and chronic care? Yay.

Unfortunately, ransomware doesn't just affect emergency situations. It also disrupts ongoing treatments. For patients undergoing chemotherapy or dialysis, delayed appointments can worsen their prognosis. A Microsoft report noted that ransomware attacks often target critical systems like treatment scheduling and billing, directly impacting vulnerable patients.

Look, Chris, we used to have two different worlds years ago. Think about for a minute, 20 years ago, we used to have computers at an office and we also had our spirit physical world. If computers went down, it was inconvenient of course, but we were still able to function. Right? Absolutely. But today our business, including healthcare have undergone digital transformation. So everything we do, every task is now

Dino Mauro (20:04.472)
digital in nature. mean, when you see a doctor or nurse, they rarely are walking in with a huge stack of medical records or medical charts. They are on tablets, right? Right. So when the computer systems go down today, we simply cannot function. We cannot pay people, record things or pull up records without relying on technology. So today,

The impact of cybercrime is much, much catastrophic and damaging than it was years ago. It really has a real life impact and many organizations are odily asleep at the wheel. Exactly. All of this is a lot to digest. I can see this lead to burnout. What is the psychological toll? The chaos of ransomware attacks doesn't just harm patients. It also pushes healthcare workers to their limits.

Imagine nurses trying to care for ICU patients without access to critical records or physicians forced to make life or death decisions with incomplete information. This stress contributes to burnout, which indirectly compromises the quality of care across the board. Wow. Just wow. So why is healthcare a prime target? Cybercriminals target healthcare because it's lucrative. Hospitals often pay ransoms to avoid patient harm.

making them an attractive target. In 2024 alone, 389 healthcare organizations were hit by ransomware attacks in the US, leading to widespread system shutdowns, appointment cancellations, and patient data breaches. What needs to change? The healthcare industry's underinvestment in cybersecurity is a glaring issue. Many facilities lack dedicated IT staff or basic cybersecurity training.

for employees, leaving them vulnerable to phishing scams and other attacks. Experts suggest prioritizing robust cybersecurity measures, such as backup systems, network segmentation, and employee training, to mitigate the devastating impacts of ransomware. Seems like ransomware attacks on healthcare organizations highlight the intersection of cybersecurity and human lives.

Dino Mauro (22:25.282)
By treating this issue with the urgency it demands, we can prevent further loss of life and ensure that healthcare systems remain focused on what matters most, saving lives. Absolutely. The costs of not taking this seriously, both financial and reputational, are simply too high to ignore. But with the right approach, organizations can significantly reduce their risk and be better prepared to handle attacks if they do occur.

Well, that's all the time we have for today. Thanks for joining us for this eye-opening discussion on the evolving threat of ransomware and data extortion. And remember, stay vigilant out there. Until next time, this is Cyber Crime Junkies Podcast. Thank you all for listening.

Dino Mauro (23:16.59)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award-winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.