VMware Carbon Black's healthcare users faced 239M attempted cyberattacks in 2020

"In 2020, we saw ransomware go mainstream," said analysts in a new report released by the cybersecurity vendor, which identified the top five most prevalent strains.
By Kat Jercich
01:28 PM
A pair of hands on a computer

A retrospective report released this week by the cybersecurity software vendor VMware Carbon Black found that there were 239.4 million attempted cyberattacks targeting its healthcare customers in 2020.  

The company found an average of 816 attempted attacks per endpoint – an incredible 9,851% increase from 2019.   

"Amid the pandemic, cybercriminals now have limitless attack methods," said Rick McElroy, principal cybersecurity strategist at VMware Carbon Black.  

"The FBI, Department of Homeland Security, and other federal agencies have all issued warnings about the surge in cyberattacks against healthcare organizations," he said.  


The report and an accompanying blog post note that 2020 saw ransomware "go mainstream," with the wide-reaching impact exacerbated by affiliate programs.   

"With many ransomware groups offering ransomware-as-a-service (RaaS), [it makes] the deployment of ransomware easily accessible to millions of cybercriminals who previously didn’t have the tools to carry out these attacks," wrote Samantha Mayowa, head of global communications at VMware Carbon Black, in the post.   

The company is witnessing collaboration among hacker groups at an "unprecedented scale," with bad actors sharing stolen resources and even combining forces.  

"All it takes is a quick search on the dark web for someone to license out a ransomware payload to infect targets," said Greg Foss, senior cybersecurity strategist at VMware Carbon Black. "Today, it’s unfortunately just as easy to sign up for a grocery delivery service as it is to subscribe to ransomware." 

The top five ransomware families used to target healthcare customers last year were identified as:  

  1. Cerber, a type of malware that encrypts files and holds them hostage, which is classified as a RaaS.
  2. Sodinokibi, a highly evasive ransomware.
  3. VBCrypt, a malicious program targeting Windows programs that is unable to spread on its own accord.
  4. Cryxos, which displays deceptive alerts on compromised websites.
  5. VBKrypt, a trojan that can drop files, write to the registry and perform other unauthorized actions.

"What is old is new again. Attackers don’t always need a fancy new binary to achieve results. They just use what is effective. I believe this also speaks to how mature RaaS businesses have become," McElroy said in a statement to Healthcare IT News.

The company proposes several security recommendations, including ensuring endpoint protection incorporates defenses for each phase of ransomware attacks, implementing an endpoint protection solution that easily scales and deploys to new users, and employing a solution that enables organizations to assess and harden system state.


It will likely come as no surprise that ransomware was on the rise last year, given the many highly publicized attacks that relied on it.

Among the most memorable is the apparent ransomware attack that led to a network shutdown throughout hundreds of Universal Health Services' U.S. facilities this past fall.  

As noted in the VMware Carbon Black report, U.S. federal agencies in October warned about the rise in ransomware attacks amid the COVID-19 pandemic. Newly elected President Joe Biden recently beefed up his cybersecurity team as the government continues to respond to high-profile threats of its own.  


"The pandemic has brought about not only operational and patient challenges, but also new cybersecurity threats and vulnerabilities for healthcare organizations," wrote Mayowa.

"Healthcare organizations will continue to be extorted by cybercriminals looking for a payday or to monetize medical and patient data," she added. "As we move forward, it’s critical to pay close attention not only to how these criminals achieve their goals, but also how we respond to these threats."


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

More regional news

John Fowler deputy information security officer Henry Ford Health System

John Fowler, deputy information security officer at Henry Ford Health System 
(Credit: Henry Ford Health System)

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.