The most important reason why hackers tend to favor the healthcare sector is that it has a great deal of business urgency, especially at this critical juncture in the fight against the New Crown Virus. Once a healthcare organization is subjected to extortion, business interruption will occur, causing immeasurable damage. Victims in this industry will most likely choose to pay a ransom to the hackers in order to resume business quickly. In addition, offshore hacking forces do not take into account the specificity and public interest of the industry, and have become more aggressive than ever, posing a huge challenge to the healthcare industry.
1. Files were renamed and encrypted in the following format:
2. Received ransom messages (the name of the message file that the virus had used: readme-warning.txt):
Currently known Makop ransomware virus name: Makop_nowin.exe; SHA1 Hash value: "
d81da1cb795f291447246dc7e269c636f705e8de".
Makop specializes in attacking small and medium-sized businesses and remains one of the most profitable ransomware viruses due to the large number of attacks it launches. According to relevant data analysis, Makop determines the ransom based on the size and type of organization being attacked.
Makop mainly uses brute-force or dictionary attacks on insecure Remote Desktop Protocol ports to achieve viral attacks on victim organizations. So far, Makop has not been found to steal data from the attacked, but the ransomware is variable in its tactics and there is no certainty about the future route of the virus.
- The ransomware virus spreads mainly through Remote Desktop Protocol ports, and strong passwords are recommended. In addition, phishing emails are also commonly used by ransomware, so do not open unknown emails easily.
- It is recommended to install endpoint protection software to block the execution of ransomware and avoid data encryption and loss.
- Back up important files in a timely manner, or improve the file backup mechanism, and isolate the backup server from the business server.
- Install operating system patches and update application version numbers in a timely manner to minimize vulnerability attacks.
- Avoid using accounts with weak passwords to reduce the likelihood of brute-force cracking of systems and applications.
- Shut down useless debugging services and ports on the server, and strictly use firewalls to control network access privileges.
- In the event of a ransomware attack, it is recommended that you do not disconnect the power, disconnect the network immediately, and keep the scene waiting for security experts to troubleshoot the server.