Contact Contact Us

Hospital Halts GandCrab Infection with Layered Defence

A US healthcare provider was able to stop a targeted GandCrab ransomware attack by adopting layered defence to protect its data and resources. The hospital’s network was compromised via brute-force attack against a computer with RDP (Remote Desktop Protocol) access. After gaining the initial foothold, the hackers moved laterally to virtual machines connected to multiple hosts and running vital services in the hospital. The hackers then use PsExec utility to unleash the ransomware, but a behavioural monitoring solution block the executable from running. On servers that have behavioural monitoring turned off, the encryption routine was stopped by another end-point solution with anti-encryption countermeasures. The behavioural monitoring solution was also able to deter a second attack wave, which attempted to run the ransomware payload again after a 1 million second (11.5 days) delay.

References:
[1] Inside a GandCrab Targeted Ransomware Attack on a Hospital

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883