Ransomware delivery slowed in the first quarter of 2017, indicating hackers are retooling and rapidly improving delivery techniques, according to a PhishMe report released Tuesday morning.

‘Ransomware-as-a-business’ saw significant reduction in volume, but that doesn’t mean ransomware is going away. In fact, it means hackers are looking for the next stage of profitable malware, as there was a resurgence of Locky ransomware, an introduction of Jaff ransomware distributed via botnet and worming ransomware like WannaCry at the start of the second quarter.

The most popular distribution method was through JavaScript or JScript applications or Office documents.

[Also: Not-remotely-subtle brute force ransomware attacks are on the rise]

Researchers also saw a 69.2 percent increase in botnet activity in the first part of the year. The highly-adaptable and multifunctional malware are capable of initiating longer-term intrusions that include espionage and surveillance of the infected network.

For example, the successful Dridex malware surged during the first quarter with new distribution tactics.

Further, of the 11 new malware strains found in the first quarter that wasn't present in 2016, five were new ransomware tools or tools not before used for widespread phishing emails. Locky and Cerber are the only long-standing ransomware strains that were used in the first quarter.

As threats rise, what can be done?

“After the initial shock of ransomware’s rapid growth and the popularity of its usage, threat actors have begun to settle in for the long-term deployment of this category of destructive malware tools,” the report authors wrote. “All indications point to a new wave of innovation in the distribution and tactics used for ransomware attacks in the future.”

For Kurt Hagerman, CISO of security firm Armor, it’s clear “the healthcare industry is pretty behind the curve from a security standpoint.”

Hagerman used the banking sector as an example of an industry that saw its weaknesses and moved toward security standards, enforcement and education. The impact over time has been less fraud. While the risk can never be eliminated, the total number of records stolen is going down.

“When you get to healthcare, whose primary business is taking care of people, there’s no standard in terms of service. They all do security in a slightly different way,” said Hagerman.

Managed detection response can help these organizations struggling to combat these major security vulnerabilities. The service provides hospitals with security people who understand the tools and can effectively compile valuable information to better protect these networks.

“The service helps hospitals get the right tools, integrate and automate security and cut through the raw data,” said Hagerman. “There’s no way to sift through the massive amount of data without a strong degree of correlation.”

The U.S. Department of Health and Human Services on Monday released its own guidance for those hospitals running on outdated, vulnerable systems, in the wake of the WannaCry attacks. Among the initiatives, officials suggested providers work with IT vendors to make sure systems are detecting and blocking viruses like WannaCry – especially to pinpoint systems with network-scanning capabilities consistent with worm ransomware.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn