Blockchain Consultants

Blockchain Transformations Done Here

ransomware

Why is Blockchain Booming in the Healthcare Industry Despite Challenges?

by

If you are curious to know how Blockchain can transform the healthcare industry, you have landed at the right page. 

Table of Contents

  • Blockchain More Than A Bitcoin
  • How Blockchain is Revamping Healthcare Industry
  • Cyberattacks Encourage Blockchain Implementation in Healthcare  
  • Challenges that Need to Addressed
  • The Verdict

Blockchain More Than A Bitcoin

Blockchain technology is a P2P decentralized distributed public ledger that mitigates the dependence on a centralized authority while enabling secure and pseudo-anonymous transactions between the participating parties. Many aspects of Blockchain, such as decentralization, transparency, and immutability, are potentially drawing attention in the healthcare industry. Technology is addressing two of the most pressing issues that are: difficult access to health-related information by patients and incomplete records at the point of care. 


Technology emerged in 2009 as the foundation for trading the digital currency bitcoin, and since then, it has taken the world by storm. Blockchain developers, technocrats, and healthcare industry players believe that technology has the potential to provide a measure of data protection against hacker attacks as well.

Want to become a Certified Blockchain Developer? Sign up to the Blockchain Council now!

How Blockchain is Revamping Healthcare Industry

Initially, Blockchain had its implications in the finance domain, but today as it is much matured; therefore, it is expanding its use cases in the healthcare sector as well. Presently, healthcare suffers from fragmented data, delayed communications between the participating parties, and lack of interoperability. Blockchain helps in facilitating access to medical records stored in fragmented systems. Technology has the potential to enhance medical record management and the insurance claim process, along with accelerating clinical and biomedical research. With smart contract functionality, technology can create a secure, transparent, and effective technical infrastructure to revamp existing healthcare departments, promoting individuals’ and communities’ wellbeing. 

Blockchain can potentially help keep a decentralized, transparent, and incorruptible log of all records without involving central authority/third-party intermediaries. Although it offers transparency, it ensures that all logs of records are kept private. Its decentralized nature allows everyone in the healthcare department, including patients, doctors, and healthcare providers, to safely and quickly share the information. Most importantly, it empowers patients by giving rights in their hands while deciding who gets access to their medical records.

Apart from that, in the drug production and distribution supply chain, it benefits multiple players, including manufacturers, distributors, wholesalers, and pharmacies, by allowing everyone on the supply chain to know the true source and track its distribution whenever they want. 

Cyberattacks Encourage Blockchain Implementation in Healthcare  

As Blockchain indicates no sign of stopping, US healthcare officials believe that Blockchain can provide data security against cybercriminals and hackers since technology does not suffer from a central failure point. 

Reports suggest that in 2018, healthcare institutions were subjected to multiple cyber-attacks, which resulted in the penetration of more than 15 million patient records in 503 violations. Further, in 2019, such breaches increased by 60%.

Unlike traditional systems, the blockchain network is secured through cryptography. Only the intended users can access data using their own private keys, thus eliminating the chances of ransomware and other kinds of attacks. 

According to the DevPro Journal, “Blockchain, with its instantaneous exchange of medical and financial information, could allow insurance claims to be instantly filled and fulfilled as all data will be verified and coming from trusted partners.”

Want to know more about Blockchain technology? Become a Certified Blockchain Exert today! 

Challenges that Need to Addressed 

Blockchain is constantly improving rather than completed, and it has a few potential challenges that must be considered for it to be adopted in the healthcare industry. Few challenges are as follows:

  • Despite its popularity across multiple sectors, the perception that it only links best with Bitcoin has hindered its acceptance within the medical research communities. All entities involved in the healthcare department must accept and embrace this new model for its mass adoption. 
  • The complexity of processing large amounts of data in a single transaction, such as an MRI image, a CAT scan, is the other significant issue that needs to be addressed. 
  • Blockchain is incapable of removing deleted or replaced modified records. Instead, it adds additional blocks to represent such deletions and modifications, which indicates this process results in the need for ever-increasing storage. 

The Verdict 

Top pharmaceutical conglomerates, including blockchain developers and technocrats, are working to figure out the most productive ways to utilize blockchain technology. Blockchain is no more an emerging technology; rather, it is a mature concept that is creating unique opportunities with its decentralized approach, leading to secure and immutable information. In the giant field of the medical field, we can say Blockchain is here to stay. 

To get instant updates about blockchain certifications and become a blockchain expert, check out Blockchain Council

Why is Blockchain Booming in the Healthcare Industry Despite Challenges?

Source

The Covid-19 Pandemic Reveals Ransomware’s Long Game

by

The novel coronavirus pandemic has stretched the world's health care systems to their limits, creating a global crisis. New research from Microsoft shows that ransomware attackers are actively making that crisis worse, forcing health care and critical infrastructure organizations to pay up when they can least afford downtime. In many cases, hackers are reaping the rewards of groundwork they laid months ago, before Covid-19 fully hit.

Hackers have known for years that hospitals and other health care providers make perfect targets for ransomware attacks, since there's life-or-death urgency in getting back up and running quickly. During the pandemic, though, the risk has become even more dire. After a hospital in the Czech Republic was hit by a debilitating ransomware attack in March, the country's cybersecurity oversight agency warned two weeks ago that it was bracing for widespread cyberattacks against critical services in the country. Two Czech hospitals reported attempted attacks a day later, and the US State Department threatened consequences if the antagonism continued.

The Czech incidents reflect just one corner of a worrying global trend of opportunistic ransomware activations.

"The attackers are definitely being what I’ll call rational economic actors, which unfortunately also means vicious," says Rob Lefferts, corporate vice president of Microsoft 365 security. "We see behavior where they will break into organizations and actually lie dormant, both because they’re doing reconnaissance but also because they are apparently estimating what is the moment in time when that organization will be most vulnerable and most likely to pay."

An initial attack might give hackers access to a victim's network. But they'll then wait weeks or months for a particularly opportune moment to actually infect the system with ransomware. Microsoft has been tracking such behavior from groups using a number of prominent strains of ransomware, like Robbinhood, Maze, and REvil. While some ransomware groups had pledged not to attack hospitals during the coronavirus crisis, in practice hackers are increasingly attempting to cash in.

The Microsoft researchers often observed attackers getting their initial network access by exploiting unpatched vulnerabilities in victims' web infrastructure. They saw some hackers taking advantage of a widely publicized flaw in the Pulse Secure VPN and others exploiting flaws in remote management features like remote desktop systems. Attackers also targeted vulnerabilities and insecure configurations of Microsoft's own products. Attackers could guess passwords of organizations using Remote Desktop Protocol without multifactor authentication or exploit known bugs in Microsoft SharePoint and Microsoft Exchange servers that victims had neglected to patch.

Attackers even took advantage of tools used in security to proactively find and plug network holes, including the attack emulation platform Cobalt Strike and malicious techniques in Microsoft's remote management framework PowerShell. This activity often looks legitimate and can sneak past scanners, allowing attackers to lie in wait and do reconnaissance undetected on the network until they choose the moment to actually strike.

While attackers wait for the right conditions to release the ransomware, they often exfiltrate data from their victims' networks. The motive of this activity isn't always clear, though, Microsoft says. It can be difficult to tell the difference between attackers who have IP theft or other intelligence gathering as their main goal and those that just collect what they can as a secondary benefit of positioning themselves for ransomware attacks.

"That dwell time can vary between days, weeks or even months," says Jérôme Segura, head of threat intelligence at the monitoring firm Malwarebytes. "When the time has come for ransomware deployment, threat actors will typically choose weekends, and preferably the wee hours of Sunday morning. This made sense pre-pandemic as staff would typically return to work on Mondays to witness the damage. Now many businesses have their resources stretched far more than before and as a result may be in a tougher position to respond to a compromise."

Advertisement

Microsoft's Lefferts emphasizes that attack groups can't be reliably traced by the tools or type of ransomware they're using, because so many groups copy each other or use different techniques against different targets. And he says that while most of the activity simply capitalizes on known vulnerabilities, ransomware groups are generally smart about rotating their infrastructure like IP addresses to make it harder to trace them.

"It does point to a real need for organizations to think about posture and hygiene and how they do detection and monitoring," Lefferts says. "In many ways organizations have been catapulted five years into the future by the pandemic continuing remote work trends we were already on. It presents moments to ensure that you are thinking about these kinds of attacks—crisis moments like this do create opportunities to make things happen and take action."

Microsoft's findings are mostly based on ransomware attacks during the first two weeks of April that began as intrusions during the prior months, and the researchers say they saw a small increase in ransomware attacks during this time. But this doesn't necessarily mean that attackers always succeeded in collecting a ransom. The cryptocurrency firm Chainalysis said two weeks ago that it has seen a decrease in traceable ransomware payments throughout the pandemic. The company notes that it can only track certain payments, though, and that many organizations pay ransoms quietly to avoid bad publicity.

At the beginning of April, Interpol issued a global warning about the threat of ransomware to health care providers. "As hospitals and medical organizations around the world are working nonstop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” Interpol secretary general Jürgen Stock said in the notification.

The best defenses against ransomware have largely remained the same over the years, and the pandemic may serve as special motivation to finally get old vulnerabilities patched, change easily guessable default passwords, and expand system monitoring capabilities. But the spread of Covid-19 presents unique challenges—just as ransomware is at its most threatening.

Updated Tuesday April 28, 2020 at 3:30pm ET to include comment from Malwarebytes researcher Jérôme Segura.

More From WIRED on Covid-19

Read more: https://www.wired.com/story/covid-19-pandemic-ransomware-long-game/

Hackers publish ExecuPharm internal data after ransomware attack

by

U.S. pharmaceutical giant ExecuPharm has become the latest victim of data-stealing ransomware.

ExecuPharm said in a letter to the Vermont attorney general’s office that it was hit by a ransomware attack on March 13, and warned that Social Security numbers, financial information, driver’s licenses and passport numbers, and other sensitive data may have been accessed.

But TechCrunch has now learned that the ransomware group behind the attack has published the data stolen from the company’s servers.

It’s an increasingly popular tactic used by ransomware groups, which not only encrypts a victim’s files but also exfiltrates the data and threatens to publish the data if a ransom isn’t paid. This new technique was first used by Maze, a ransomware group that first started hitting targets in December. Since then, a number of new and emerging groups, including DoppelPaymer and Sodinokibi have adopted the same approach.

The data was posted to a site on the dark web associated with the CLOP ransomware group. The site contains a vast cache of data, including thousands of emails, financial and accounting records, user documents and database backups, stolen from ExecuPharm’s systems.

When reached, a company executive confirmed to TechCrunch that CLOP was behind the attack.

“ExecuPharm immediately launched an investigation, alerted federal and local law enforcement authorities, retained leading cybersecurity firms to investigate the nature and scope of the incident, and notified all potentially impacted parties,” said ExecuPharm operations chief David Granese.

Since the outbreak of COVID-19, some of the ransomware groups have shown mercy on medical facilities that they have pledged not to attack during the pandemic. CLOP said it too would not attack hospitals, nursing homes or charities, but said ExecuPharm would not qualify, saying that commercial pharmaceutical companies “are the only ones who benefit from the current pandemic.”

Unlike some strains of ransomware, there is no known decryption tool for CLOP. Maastricht University found out the hard way after it was attacked last year. The Dutch university paid out close to $220,000 worth of cryptocurrency to decrypt its hundreds of servers.

The FBI has previously warned against paying the ransom.

The sinkhole that saved the internet

Read more: https://techcrunch.com/2020/04/27/execupharm-clop-ransomware/

A set of new tools can decrypt files locked by Stop, a highly active ransomware

by

Thousands of ransomware victims may finally get some long-awaited relief.

New Zealand-based security company Emsisoft has built a set of decryption tools for Stop, a family of ransomware that includes Djvu and Puma, which they say could help victims recover some of their files.

Stop is believed to be the most active ransomware in the world, accounting for more than half of all ransomware infections, according to figures from ID-Ransomware, a free site that helps identify infections. But Emsisoft said that figure is likely to be far higher.

If you’ve never had ransomware, you’re one of the lucky ones. Ransomware is one of the more common ways nowadays for some criminals to make money by infecting computers with malware that locks files using encryption. Once the Stop ransomware infects, it renames a user’s files with one of any number of extensions, replacing .jpg and .png files with .radman, .djvu and .puma, for example. Victims can unlock their files in exchange for a ransom demand — usually a few hundred dollars in cryptocurrency.

Not all ransomware is created equally. Some security experts have been able to unlock some victims’ files without paying up by finding vulnerabilities in the code that powers the ransomware, allowing them in some cases to reverse the encryption and return a victim’s files back to normal.

Stop is the latest ransomware that researchers at Emsisoft have been able to crack.

“The latest known victim count is about 116,000. It’s estimated that’s about one-quarter of the total number of victims.”
Emsisoft

“It’s more of a complicated decryption tool than you would normally get,” said Michael Gillespie, the tools’ developer and a researcher at Emsisoft. “It is a very complicated ransomware,” he said.

In Stop’s case, it encrypts user files with either an online key that’s pulled from the attacker’s server, or an offline key, which encrypts users’ files when it can’t communicate with the server. Gillespie said many victims have been infected with offline keys because the attackers’ web infrastructure was often down or inaccessible to the infected computer.

Here are how the tools work.

The ransomware attackers give each victim a “master key,” said Gillespie. That master key is combined with the first five bytes of each file that the ransomware encrypts. Some filetypes, like .png image files, share the same five bytes in every .png file. By comparing an original file with an encrypted file and applying some mathematical computations, he can decrypt not only that .png file but other .png of the same filetype.

Some filetypes share the same initial five bytes. Most modern Microsoft Office documents, like .docx and .pptx, share the same five bytes as .zip files. With any before and after file, any one of these filetypes can decrypt the others.

There’s a catch. The decryption tool is “not a cure-all” for your infected computer, said Gillespie.

“The victim has to find a good before and after of basically every format that they want to recover,” he said.

Once the system is clean of the ransomware, he said victims should try to look for any files that were backed up. That could be default Windows wallpapers, or it can mean going through your email and finding an original file that you sent and matching it with the now-encrypted file.

When the user uploads a “before and after” pair of files to the submission portal, the server will do the math and figure out if the pair of files are compatible and will spit back which extensions can be decrypted.

But there are pitfalls, said Gillespie.

“Any infections after the end of August 2019, unfortunately there’s not much we can do unless it was encrypted with the offline key,” he said. If an online key was pulled from the attacker’s server, victims are out of luck. He added that files submitted to the portal have to be above 150 kilobytes in size or the decryption tools won’t work, because that’s how much of the file the ransomware encrypts. And some file extensions will be difficult if not impossible to recover because each file extension handles the first five bytes of the file differently.

“The victim really needs to put in some effort,” he said.

top

The current share of worldwide ransomware infections (Image: Emsisoft)

This isn’t Gillespie’s first rodeo. For a time, he was manually processing decryption keys for victims whose files had been encrypted with an offline key. He built a rudimentary decryption tool, the aptly named STOPDecrypter, which decrypted some victims’ files. But keeping the tool up to date was a cat and mouse game he was playing with the ransomware attackers. Every time he found a workaround, the attackers would push out new encrypted file extensions in an effort to outwit him.

“They were keeping me on my toes constantly,” he said.

Since the launch of STOPDecrypter, Gillespie has received thousands of messages from people whose systems have been encrypted by the Stop ransomware. By posting on the Bleeping Computer forums, he has been able to keep victims up to date with his findings and updates to his decryption tool.

But as some victims became more desperate to get their files back, Gillespie has faced the brunt of their frustrations.

“The site’s moderators were patiently responding. They’ve kept the peace,” he said. “A couple of other volunteers on the forums have also been helping explain things to victims.”

“There’s been a lot of community support trying to help in every little small bit,” he said.

Gillespie said the tool will also be fed into Europol’s No More Ransom Project so that future victims will be notified that a decryption tool is available.

The sinkhole that saved the internet

Read more: https://techcrunch.com/2019/10/18/stop-djvu-puma-decryption-tools/

Police hijack a botnet and remotely kill 850,000 malware infections

by

In a rare feat, French police have hijacked and neutralized a massive cryptocurrency mining botnet controlling close to a million infected computers.

The notorious Retadup malware infects computers and starts mining cryptocurrency by sapping power from a computer’s processor. Although the malware was used to generate money, the malware operators easily could have run other malicious code, like spyware or ransomware. The malware also has wormable properties, allowing it to spread from computer to computer.

Since its first appearance, the cryptocurrency mining malware has spread across the world, including the U.S., Russia, and Central and South America.

According to a blog post announcing the bust, security firm Avast confirmed the operation was successful.

The security firm got involved after it discovered a design flaw in the malware’s command and control server. That flaw, if properly exploited, would have “allowed us to remove the malware from its victims’ computers” without pushing any code to victims’ computers, the researchers said.

The exploit would have dismantled the operation, but the researchers lacked the legal authority to push ahead. Because most of the malware’s infrastructure was located in France, Avast contacted French police. After receiving the go-ahead from prosecutors in July, the police went ahead with the operation to take control of the server and disinfect affected computers.

The French police called the botnet “one of the largest networks” of hijacked computers in the world.

The operation worked by secretly obtaining a snapshot of the malware’s command and control server with cooperation from its web host. The researchers said they had to work carefully as to not be noticed by the malware operators, fearing the malware operators could retaliate.

“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”

With a copy of the malicious command and control server in hand, the researchers built their own replica, which disinfected victim computers instead of causing infections.

“[The police] replaced the malicious [command and control] server with a prepared disinfection server that made connected instances of Retadup self-destruct,” said Avast in a blog post. “In the very first second of its activity, several thousand bots connected to it in order to fetch commands from the server. The disinfection server responded to them and disinfected them, abusing the protocol design flaw.”

In doing so, the company was able to stop the malware from operating and remove the malicious code to over 850,000 infected computers.

Jean-Dominique Nollet, head of the French police’s cyber unit, said the malware operators generated several million euros worth of cryptocurrency.

Remotely shutting down a malware botnet is a rare achievement — but difficult to carry out.

Several years ago the U.S. government revoked Rule 41, which now allows judges to issue search and seizure warrants outside of their jurisdiction. Many saw the move as an effort by the FBI to conduct remote hacking operations without being hindered by the locality of a judge’s jurisdiction. Critics argued it would set a dangerous precedent to hack into countless number of computers on a single warrant from a friendly judge.

Since then the amended rule has been used to dismantle at least one major malware operation, the so-called Joanap botnet, linked to hackers working for the North Korean regime.

The sinkhole that saved the internet

Read more: https://techcrunch.com/2019/09/01/police-botnet-takedown-infections/

Security News This Week: Hackers Used Two Firefox Zero Days to Hit a Crypto Exchange

by

The week began with a tricky Google Calendar phishing scam, and ended with Iran ramping up its cyberattacks against the US, as talk of war with that nation mounts. That, as they say, escalated quickly.

Before things took a turn for the geopolitical, we walked you through a dead simple way to stop data breaches with… database encryption. We explained why Google is getting retro when it comes to ways to encrypt data sets. We reported that a Minnesota cop who spied on his colleague’s private DMV data was fined $585,000. And we implored you to switch to a private browser, finally.

But back to war. Tensions with Iran’s ally Russia are also worryingly high, and we explained why it appears the US is doing the exact wrong thing if the goal is to avoid a cyberwar. We went in-depth on the message the US is sending Russia about its nuclear experiments: Do as we say, not as we do. And then, just as the week was ending, Iran went and shot a $220 million US surveillance drone out of the sky, which didn’t really help alleviate tensions.

Of course, that’s not all that happened in the privacy and security world this week. Every Saturday we round up the stories we didn’t break or report on in-depth, but which you should know about nonetheless. Click on the headlines to read the full articles, and be safe out there.

Coinbase Narrowly Escapes Hacking Attempt Using Two Firefox Zero-Days

Cryptocurrency exchanges are a juicy target for hackers, for at least one obvious reason: They’re full of money that can be drained remotely. This week, it came out that currency exchange Coinbase successfully fought off an attack that targeted its employees in an apparent attempt to do just that. The attack, according to ZDNet, exploited two zero-day bugs in Firefox. The first zero-day made headlines midweek when Mozilla confirmed that it had patched a bug which would allowed hackers to gain remote access to a Firefox browser and execute code. In order for that first bug to work, though, hackers needed a second bug to let it execute the code. Turns out, before Mozilla’s patch, the hackers had both, and had attempted to compromise Coinbase employees so they could breach their network and steal money. Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.

That Customs and Border Hack Revealed Much More Than the Government Admitteded

When Customs and Border Protection confirmed last week that one of its biometric surveillance contractors had been breached, it apparently underplayed how bad the situation was. And to be honest, it already sounded bad. At the time, the agency said that 100,000 images of faces and license plates of immigrants, citizens, and asylum seekers had been stolen and leaked online, but that none had shown up on the dark web. Now The Washington Post says there is actually far more sensitive information from the breach spreading across the internet. “So much material, totaling hundreds of gigabytes, that The Washington Post required several days of computer time to capture it all,” the Post writes. Rather than showing the product of a single government surveillance contractor, the Post reports that the documents reveal a vast surveillance network the government is hoping to keep under wraps. The data includes details of ongoing surveillance—including nondisclosure agreements with Microsoft and Northrop Grumman, Homeland Security handbooks, surveillance budgets, hardware blueprints, and schematics—as well as future plans for expanding facial recognition programs. All told, the data reveals the inner workings of a vast surveillance network at the border, and how it relies on a small group of private companies and contractors.

Ransomware Hackers Got a Big Payday in Florida

Baltimore is fighting the good fight. Since ransomware attackers took over its networks on May 8, the Maryland metropolis has vowed not to pay them, struggling to provide city services as its networks remain frozen. Not so in Florida, where the city of Riviera Beach opted instead to pay the hackers who have held their computers hostage for the past three weeks the $600,000 they’d demanded. The Palm Beach suburb’s leaders said they felt they had no choice but to pay.

Read more: https://www.wired.com/story/firefox-vulnerability-coinbase-ransomware-border-hack/