2,400 Nursing Homes Immobilized in Ransomware Attack

Ostra’s Intrusion Detection Layers Prevent Advanced Persistent Attacks

Cyber criminals found a vulnerable target when they attacked Virtual Care Provider Inc (VCPI). This classic advanced persistent threat began with a breach over a year ago, and in the 14 months after VCPI was first compromised, the groundwork was laid for a full-fledged ransomware infestation. Businesses that don’t have intrusion detection as a part of their cybersecurity strategy are particularly vulnerable to this type of attack.

VCPI faces the long road to recovery when (and if) the attack is brought under control.

The Wisconsin-based company that provides cloud data hosting, security and access management to more than 100 nursing home management companies across the United States is currently crippled by an infection of a ransomware strain known as Ryuk. All data the company hosts for its clients was encrypted on November 17, and core offerings such as Internet service and email, access to patient records, client billing and phone systems across the 2,400 facilities served have all been impacted. VCPI is unable to pay the nearly $14 million ransom demand, and is focused on restoring services to the 80,000 computers and servers that assist those facilities.

While an advanced persistent attack typically stems from an email attachment that is used to download malware, it differs from a traditional attack in a number of ways. Targeted attacks such as these may go undetected because they are specifically designed to avoid detection by signature-based antivirus solutions. The malware in these types of attacks is designed to keep installing itself, establishing persistence and furthering its ability to spread. This type of sophisticated malware also stays in contact with its “command center” (the cyber-criminal masterminding the attack) to receive instructions. This ongoing undetected contact with the infected system allows cybercriminals to slowly compromise the entire network, map out the target’s internal networks, undermine key resources and data backup systems, disable antivirus, run customized scripts, and deploy ransomware. Because the infection is persistent, if the criminals don’t succeed on the first they can just keep trying.

An effective cybersecurity solution can combat an advanced persistent threat because it combines layers of intrusion prevention and intrusion detection. Partner with Ostra’s to protect your business with an Enterprise Grade security solution that detects and halts reconnaissance activity associated with a ransomeware infestation.