In Japan, not even a hospital escapes a virtual kidnapping

by

Handa Municipal Hospital in Tsurugi, Japan, is a somber, modestly built building in a sleepy corner of the island of Shikoku. Facing a river and backing a hill, it serves an aging local population of 8,048.

The perfect place, therefore, for the world’s most ruthless cyber bands to expand their attacks on everyday life, shift the global ransomware warfront into the heart of Asia, and confront new victims with one of the most dire issues of the modern economy.

At this point, Handa Hospital is almost back to normal, save for apologies and incident reports. But for two months late last year he was paralyzed, unable to accept new patients and perform other basic functions after a ransomware attack. [invasão de computadores e pedido de resgate] against the soft spot of medical records.

The attack on a rural Japanese hospital during a pandemic would, under any circumstances, be a chilling reminder of how unrepentant hacker gangs are after easy money. As seen during a decade of rapidly increasing attacks (reported incidents more than doubled in the UK between 2020 and 2021), no company or institution is out of reach, no soft spot is unexploitable, no collateral damage is too merciless.

The medical, educational, infrastructure, legal and financial industries are favorite targets precisely because the stakes are so high and the threats so painful. They are also getting more sophisticated. The average time they spend within a company’s network before they make a ransom demand is increasing. The extra time, say former GCHQ officials [Quartel-general de Comunicações do Governo britânico] in obscure briefings on the subject, it is spent honing the toughest threat.

The scale of the financial carnage also continues to increase. In its 2021 report, IBM Security calculated that, globally, the average cost of a ransomware breach hit a record $4.62 million — not including the ransom payment, which some experts estimate to be done in at least a third of cases.

But the Handa incident, according to cyber rescue negotiators at Nihon Cyber ​​Defense (NCD) – an agency that advises the Japanese government and whose staff includes the head and founder of the UK’s National Cyber ​​Security Center – underscores an important trend.

The most powerful criminal groups — large, feature-rich, highly professional ransomware teams that operate primarily in Russia, Belarus and other parts of Eastern Europe — now have Japan squarely in their sights as the next easiest victim. Their defenses and attack expectations are generally low, and the willingness of Japanese companies and institutions to pay ransom at this time is high.

For some years now, the United States and Europe have been the main camps for ransomware attackers, but even as the gangs adopt new strategies and hide their expansion through “affiliated” structures, business in these countries is becoming less attractive. . As these markets became saturated with criminal activity, victims’ experience and resilience increased. The cost-reward ratio of each attack is much lower. New vulnerabilities created by Covid lockdowns and remote working have provided a windfall, but those benefits are now waning.

Conveniently for the gangs, there are fresh grasslands in Asia that have so far been comparatively under-protected, and one of Japan’s strongest natural defenses – the tongue – is rapidly evaporating.

Ransomware attacks and systems breaches rely on an initial access point. This often depends on a person in a company or institution falling into some carefully crafted trap. Once, emails and other communications that constituted traps were in such clumsy Japanese that potential victims could smell fraud.

Now, with the help of AI translation software, local criminal gangs and, experts say, professional translators who may not know how their work will be used, the bait is presented in dangerously plausible language.

The effect, NCD executives say, has been a sharp increase in attacks in Japan and the operations of Japanese companies around the world. The number of reported incidents remains low – just 146 in 2021 – but likely represents a fraction of the actual number.

Japan will therefore face the grim risk-reward dilemma known in other parts of the world.

Should companies and organizations pay the ransom? And, crucially, should governments make payment legal, as in the UK, or illegal as in the US? As Japan will discover at its own cost, the criminals’ ability to increase the threat’s value is only limited by their desire for the incident to end with them getting paid.

What is not at stake, as Handa’s hospital and its patients have discovered, is the hope that the obscurity, size and line of work will serve as protection.

Translated by Luiz Roberto M. Gonçalves

You May Also Like

Recommended for you

Immediate Peak