During the past couple of years, ransomware was preferably targeting medical institutions and hospitals. Multiple health organizations were hit and were left with no choice but to pay the demanded ransom. With the shift of malicious trends to cryptocurrency miners, we are now beginning to see health institutions compromised by crypto mining.
Cryptocurrency Miners Now Targeting Hospitals
One such case was registered in Parsons, Tennessee, USA, where the Decatur Country General Hospital was hit by a miner. Few days ago the hospital released a statement where it explained that an incident has happened.
“On November 27, 2017, we received a security incident report from our EMR system vendor indicating that unauthorized software had been installed on the server the vendor supports on our behalf. The unauthorized software was installed to generate digital currency, more commonly known as cryptocurrency,” the hospital wrote.
More than 20,000 patients are currently being notified that their health information has been compromised due to mining software found on an electronic medical records server.
After the institution received the incident report, it began its own investigation which is currently ongoing. The experts believe that an unauthorized individual remotely accessed the server where the EMR system stores patient information to install the unauthorized software, as stated in the official announcement. Apparently, the mining software was installed in September, 2017.
Unfortunately, the official statement doesn’t give any explanation as to why the EMR vendor took so long to notify the hospital about the discovery of the cryptocurrency miner.
This incident serves to indicate a new, increasing threat trend that once again chooses to target hospitals and health institutions. In other words, institutions should not only fear a ransomware attack anymore but also a cryptocurrency miner being secretly installed on their servers.
More and More Botnets Being Deployed for Cryptocurrency Mining
According to research by Talos, botnets distributing miners could generate up to $100 million a year. Furthermore, a simple botnet of about 200,000 nodes can make $500 a day in Monero which amounts to $182,500 in a year.
More and more botnets are currently being deployed for mining. Let’s take the DDG.Mining.Botnet which was recently discovered by researchers. The botnet was quickly proclaimed the second biggest mining botnet ever, targeting Redis and OrientDB servers.
Another example is the Smominru botnet which is capable of manipulating the configuration of the compromised hosts and has been found to install a Monero cryptocurrency miner. The miner itself takes advantage of the available resources and uses them to generate income for the botnet operators.