Cybersecurity Measures For Mental Health Practitioners

Mental health practitioners have a legal and ethical duty to protect their clients’ privacy. Cybersecurity attacks can expose clients to financial harm, fraud, and even physical danger when threat actors seek access to confidential data.

Far too many therapists think their businesses are too small to warrant the attention of cybercriminals, but 58% of cyber-attacks in 2017 targeted small businesses. These attacks can be devastating. Sixty percent of small businesses go out of business within 6 months of an attack. You may face steep penalties, lawsuits, and licensing board complaints from clients. If your security practices are severely or knowingly negligent, you could even face criminal charges. 

Strengthening your digital security is a matter of following simple discipline. Here are a few good cybersecurity practices that therapists should adopt.


Data stored on your computer is unsafe because you may lose these records in a technical glitch, and third parties may access them if they gain control of your computer. Instead, back up client files to a secure cloud storage space.


Threat actors take advantage of people who are rushed or inattentive. Email scams are abundant, but you can avoid most of them with the following steps:

  • Do not run a program on your computer if you do not know what it does.
  • Do not download or open attachments from unknown senders.
  • Never give sensitive information, such as passwords or account access, to senders who request this information via email.



HIPAA cybersecurity rules mandate that clinicians must encrypt sensitive client data. When you digitally store patient information, ensure their records are encrypted. Similarly, ensure you communicate with clients only across secure, encrypted channels. If you offer telemental health services, ensure you do so only across an encrypted channel and never on an unsecured network.



Ensure the safety of your devices such as mobile phones and laptops. If someone gains access to your devices, they can steal private information with little or no technical expertise. These strategies can mitigate the risk:

  • Lock your phone and laptop with passwords.
  • Install an auto-wipe feature that allows you to wipe all data from your phone or laptop if someone steals these devices. 
  • Adopt Multi-factor Authentication (MFA)



Telemental Health is a great tool that can make therapy more accessible and expand a therapist’s reach. At the same time, it can be vulnerable to hacking if not implemented correctly. Offering therapy through an insecure channel could give criminals access to your client’s entire therapy session. Reduce the risks of telemental health by:

  • Never offering telemental health from a public location.
  • Using only secure, encrypted telemental health providers.
  • Educating clients about security issues, such as the risk that third parties might overhear their therapy session or access treatment data if they attend therapy via a public network.



Most people use weak passwords and rarely change them. This puts your practice and your clients at risk. These tips can strengthen your passwords and lock up your data:


  • Choose long, complex passwords.
  • Change your passwords regularly—ideally every month.
  • Use different passwords on different websites.
  • A secure password log can be used if you need help remembering your passwords.
  • Avoid entering passwords on public computers.
  • Do not store passwords on your computer or phone.



Practice management software is commonly used to perform activities such as integrating treatment notes, managing billing, and communicating with other providers. Here is a helpful tip- Do not give everyone in practice the same level of access or share a password across providers. Instead, give everyone their own account, and set up user-specific permissions.


No matter how many security measures you adopt, your clients won’t be safe if you access the internet or therapy notes on an unsecured channel. Do not use public networks to view patient notes, open emails, or deliver telemental health. Instead, use only your own encrypted network and always set your preferences to require a password to log in.

databrackets helps clinicians meet their ethical duties, including protecting client privacy. We offer a vast array of cybersecurity services such as:

  1. Cybersecurity Risk Assessment
  2. Vulnerability Assessment and Penetration Testing
  3. Social Engineering Pen Testing
  4. Compliance Management- HIPAA/HITECH, PCI-DSS, and more
  5. Certification- ISO27001, SOC2, and more


  1. Health industry cybersecurity practices: managing threats and protecting patients [PDF]. (n.d.). Retrieved from
  2. Townsend, P. (2016, April 1). Does HIPAA require encryption of patient information (EPHI)? Retrieved from

Strengthening Cybersecurity Posture for Radiology

Cybercrimes directed against hospitals and healthcare systems have been on a massive upswing globally for several years.

IBM’s 2021 Cost of Data Breach Report has some unsettling revelations:

It is clear that the health care industry is one of the favoured targets of cybercriminals. According to US healthcare data breaches statistics, there were 599 breaches in 2020, affecting over 26 million records.

Ransomware, malware, phishing and other tools are employed by cybercriminals to extort large sums of money, steal private data from patients and providers, and compromise system safeguards.  Worse, these attacks directly threaten patient care- “Ransomware attackers can disrupt or render inoperable critical medical technology such as radiology, lab services, electronic medical records and the systems which monitor lifesaving equipment, such as ventilators and heartbeat monitors.”

According to predictions by credit reporting firm Experian, the health care industry will continue to be a target for cyber attackers as “personal medical information remains one of the most valuable types of data for attackers to steal.”

Cyberattacks in Radiology

Although most of the cyberattacks have focused on large health care systems, radiology practices have also started being targeted. In March and April of 2019, two major exploits of the DICOM radiologic imaging standard were reported. These exploits serve to emphasize the importance of addressing security concerns with radiology which is not immune to hacking. It is also pertinent to mention that Radiology practices manage a complex data environment where protected health information (PHI) is transmitted and stored, including RIS, PACS, computer information systems, DICOM, imaging equipment, mobile devices, e-mails, short message service messaging, cloud storage, patient portals, and revenue cycle management systems. Each of these pose a unique set of data security challenges and provides a wide attack surface to threat actors which has been broadened as more doctors work remotely.

Attack Vectors

Cybercriminals are becoming increasingly creative launching sophisticated attacks in new ways. Some of the often-deployed attack vectors include:

  • social engineering and phishing attacks that target individuals
  • malware, zero-day attacks, and botnets that target systems and medical devices to exploit default administrative credentials and known software vulnerabilities
  • ransomware attacks that target network and application infrastructure
  • interception of unencrypted PHI data transmissions
  • structured query language injections to exploit insecure internet-facing applications


Data Breach Impacts

The potential impact to health care providers of a single data breach is significant in terms of cost, disruption, and reputational impact. Consider the following:

  • HHS-OCR HIPAA breach settlements and civil money penalties are escalating in both frequency and magnitude.
  • Both the HHS-OCR and local media outlets must be notified within 60 days of discovery of the breach.
  • Breach notification letters must be submitted within 60 days by first class postage to all affected patients.
  • Post breach identity protection must often be provided for affected patients for one to two years.
  • Lost business reputation can create a patient churn rate of 5% to 6% following a data breach.
  • Class action lawsuits often arise, with average claimed damages of $1,000 per victim.
  • Other miscellaneous costs can include organizational disruption, public relations/crisis communications, technical investigations, and increased cost to raise debt.


Advancing Cybersecurity as a Priority

The American Hospital Association (AHA) has urged Congress to “prioritize investment in telehealth and cybersecurity to ensure all patients have secure, sustained, equitable access to care using digital and information technologies”. Radiology practices need to consider data security a critical business priority for their own practice.


databrackets Quad

databrackets capabilities

At databrackets, we consider data security a mission-critical strategic priority utilizing a four-part strategy:

Risk Assessment | Compliance Management | Technology and Processes | Certification

The strategy elements are briefly explained as below:

Risk Assessment 

Risk assessment is one of the fundamental components of an organizational risk management process as described in NIST Special Publication 800-39. Risk assessments are used to identify, estimate, and prioritize risk to organizations resulting from the operation and use of information systems. The purpose of risk assessments is to inform decision makers and support risk responses by identifying:

  • relevant threats to organizations or threats directed through organizations against other organizations;
  • vulnerabilities both internal and external to organizations;
  • impact (i.e., harm) to organizations that may occur given the potential for threats exploiting vulnerabilities; and
  • likelihood that harm will occur.
Compliance Management

Compliance management is the ongoing process of monitoring and assessing systems to ensure they comply with regulatory policies and requirements- HIPAA/HITECH, GDPR, NIST are some of the well known regulations that most organizations need to comply with. Compliance management can be a confusing maze to navigate as many compliance requirements are industry- and geography-specific. Compliance management is important because noncompliance may result in fines, security breaches, loss of certification, or other damage to your business. Staying on top of compliance changes and updates prevents disruption of your business processes and saves money.

Technology and Processes

There are many data security technology solutions available in the market today that health care organizations can use to prevent, monitor, and respond to potential data security risks and threats. These may include the following tools:

  • Intrusion detection and prevention tools
  • Email protection tools
  • Data transmission encryption tools
  • Security incident and event/log management systems
  • VPN Hardening Tools
  • Robust Patch and Software update programs.



Third-party examination and certification of security practices is the fourth way for radiology practices to enhance data security. The following are two common certifications:

  • SOC-2 attestation Established by the American Institute of Certified Public Accountants in accordance with the Statement on Standards for Attestation Engagements 16 professional standards, SOC-2 focuses on a service organization’s controls related to the security, availability, integrity, confidentiality, and privacy of information and systems.
  • PCI DSS 3.2 compliance is a comprehensive card security standard regulated by the world’s leading credit card companies. The standard evaluates data security of credit card payment applications and service providers by assessing a business’s network architecture, technology platforms, security policies, and data protection procedures and is a critical certification for any organization that stores, processes, or transmits credit card data.



Radiology practices are far from being immune to cybersecurity threats. Regulations demand that radiologists ensure their data security controls and methods are evolving to provide adequate protection to their patients’ valuable data. Risk assessment and compliance management, technology and processes, and certification are important steps that go a long way to strengthen the security posture of Radiology practices.


To learn more about the services, please visit

Fortify your Cybersecurity – Test your defenses with Penetration Testing

Fortify Cybersecurity

This blog emphasizes the importance of testing cybersecurity measures. Companies can be confident that their data will be safe if they are frequently examined with VAPT. There is a false sense of security that the safeguards will protect them from a breach.

Consider this scenario

It was 2 pm on a lazy Thursday afternoon. Mr. Smith, the CEO of a reputed healthcare firm in his city, was preparing for a board meeting when he got the dreaded call about a data breach on their website. It had been a smooth couple of months, and this was the last thing he needed before a pitch to increase funding for new projects. It was a typical scenario that he prepared for – used MFA such as Password, Token, OTP, and Biometrics, etc. They even hired a certified CSO last year to create systems that would protect the company’s data. Why didn’t it work?

This scenario is a serious violation of compliance. It breaks customers’ trust. There is unpredictable downtime of operations & the brand image is shattered! It’s a CEO’s worst nightmare. All the additional effort in building the company’s image and increasing sales, despite the rising competition, building partnerships brings everything to a standstill.

As cybersecurity experts, we understand how to fortify your cybersecurity measures against such attacks. After implementing the best security measures in your industry, Certified VAPT experts at databrackets can test your defenses using an in-depth vulnerability assessment using industry-recognized standards such as NIST, OSSTM, PTES, ISO27001, GDPR, etc. and a hybrid approach to penetration testing.

The Offense is the Best Defense

Through Vulnerability Assessment and Penetration Testing services, you can authorize an attempt of hacking via a web application into the network and find loopholes in the areas that need to be secure. At databrackets, we work with all 3 types of testing:


Areas of Penetration Testing:

Join the revolution against hacking

The real assurance that your data is secure is only achieved when it’s tested in an attacker mindset to defend your application/infrastructure against attackers.

Join the revolution against hacking and secure your web applications, mobile app, and infrastructure before known vulnerabilities are exploited. Click here to learn more about the services by cybersecurity experts at databrackets & gift yourself peace of mind.

Stay Informed. Stay Protected. Stay Secure with SAMA.

Featured Image SAMA

In May 2017, the Saudi Arabian Monetary Authority (SAMA) proposed a framework to strengthen the security of financial organizations. As new security demands and trends emerge, this Framework is continually reviewed and redesigned to meet those needs. It is based on the European Payment Services Directive’s robust consumer authentication services. Implementation of this Framework is required for financial institutions regulated by SAMA in order to establish a consistent procedure to address growing cyber risks.

The objective of the Framework is as follows:

  • To create a common approach for addressing cyber security within the Member Organizations.
  • To achieve an appropriate maturity level of cyber security controls within the Member Organizations
  • To ensure cyber security risks are properly managed throughout the Member Organizations.

In Saudi Arabia, one of the most serious threats is Cybersecurity

Cybersecurity is one of the biggest threats confronting companies and financial institutions in the Middle East and North Africa (MENA) region. Globally, banks are searching for new methods to tackle cyber risks such as phishing and account takeover fraud while improving the client experience and ensuring compliance with regulatory requirements.

Businesses and financial institutions in the Middle East and North Africa (MENA) suffer a variety of cybersecurity concerns. Banks across the world are looking for innovative ways to combat cyber threats like phishing and account takeover fraud while also enhancing the customer experience and maintaining regulatory compliance. The need to safeguard data, transactions, devices, and users through fraud prevention, mobile app security, and robust consumer authentication is becoming firmly ingrained in banks’ development plans. The focus in the Middle East is on using emerging technology to innovate in this area, especially as mobile banking gets traction in our region. To support this innovation, Information Security in MENA is expected to Reach $171 Billion in 2021, according to Gartner.

Key Cybersecurity Issues To Consider



SAMA Cyber Security Framework Compliance

Globally, government and banking industry authorities adopt cybersecurity guidelines and recommendations, and the United States is no exception. The Saudi Arabian Monetary Authority (SAMA) launched the SAMA Cyber Security Framework to increase resilience against cyber attacks. For example, strong Customer Authentication requirements in the updated European Payment Services Directive (PSD2) have spurred safe Open Banking throughout the globe, including in Bahrain.

The Saudi Arabian Monetary Authority developed the regulation based on industry-standard frameworks such as the:

It is mandatory for all banks, insurance companies, and finance companies operating in Saudi Arabia to adopt the SAMA Cyber Security Framework.


Stay Protected The 4 Key Focus Areas for SAMA Compliance

The banks in Saudi Arabia should implement cybersecurity policies and technology to comply with SAMA and create digital trust with their customers, which is the key to future growth.

 Here are four key aspects of the Framework:

1. Identity & Access Management: In section 3.3, Cyber Security Operations and Technology, SAMA offers guidelines on Identity and Access Management (IAM). For privileged and remote access management, the Framework defines multi-factor authentication (MFA).

MFA is required by banks for two reasons:

• To safeguard the customer’s login to online and mobile banking, use strong authentication to protect the customer’s data and financial assets.

• To defend against bad actors attempting to access and steal data by securing employees’ remote access to the business network and VPN.

In addition to logins, the Framework requires MFA for the following use cases:

  • Including or removing beneficiaries
  • Adding payment services for utilities and the government
  • High-risk transactions (when activities exceed pre-defined limits)
  • Password reset


On the market, there are several multi-factor authentication methods. Saudi banks should seek a provider that offers various authentication techniques across several channels, such as hardware tokens and mobile app authentication. Step-up authentication, also known as Intelligent Adaptive Authentication, is supported through mobile applications with native biometrics, FIDO U2F or UAF, behavioral biometrics, and more in the newest cloud-based multi-factor authentication systems.

2. Secure Channel: 

Under section 3.3.13, Electronic Banking Services SAMA stipulates the “employment of communication methods to avoid man-in-the-middle attacks (applicable for online and mobile banking).” One of the most typical methods for this to occur is via a malicious Wi-Fi network or public hotspot (known as a rogue access point). Fraudsters will place themselves between the bank and the customer to intercept communication in this sort of assault. Consumers appreciate the convenience of public hotspots, unaware that their payment data may be sent across a network controlled by a criminal actor. Banks may use Cronto® secure visual cryptograms to safeguard their clients from man-in-the-middle attacks.



3. Mobile Application Shielding: 

SAMA defines mobile app security standards in section 3.3.13, Electronic Banking Services. This includes criteria like as blocking and detecting attempts to modify mobile app code, sandboxing methods, and mitigating the different hazards associated with a hacked mobile app. One of the critical issues when it comes to mobile is that consumers are not always aware of the dangerous environment and do not always take the required security precautions – particularly on Android.

To complicate matters further, many banks still lack mobile applications, do not monitor the mobile channel or lack experience in mobile fraud. Mobile malware is on the rise, despite this fact. Bank Trojans infecting mobile devices have increased Client-side protections such as mobile app shielding have become essential because of this. As long as the proper security measures and MFA procedures are in place, banks and other financial institutions can protect the app from assaults and simplify the user experience.

Banks must provide the most convenient authentication methods, including mobile biometrics, and maintain advanced mobile app security operating in the background, unnoticed by the user.


4. Fraud Detection and Prevention: 

The Framework outlines the application of fraud and risk management in section 3.3.16, Threat Management. The attack surface of a bank rises dramatically as more financial products are supplied through digital channels. To stay up, the worldwide industry is relying on machine learning, advanced data mining, and modelling to provide the most accurate risk and fraud forecasts. To provide the most accurate risk score, modern fraud detection and prevention technologies evaluate large amounts of data from numerous sources across all digital channels. These ratings drive intelligent processes that allow for rapid action based on pre-defined security policies and rules and/or bank-defined security policies and regulations.

Global spending on fraud management solutions is anticipated to double over the next five years, hitting $10 billion by 2023, according to Forrester’s Fraud Management Solutions Forecast, 2017 To 2023 (Global). Working with a provider will help achieve the twin goals of robust security and an excellent user experience, which is the key to getting the most out of your fraud management expenditure.


The SAMA Cyber Security Framework for the Saudi Financial Services Sector

Computers and equipment such as ATMs and data storage devices are defined as “information assets” in the Framework.

These three principles are at the heart of The Framework’s design: confidentiality, integrity, and accessibility.

According to the Framework, each regulated business must implement and meet basic cyber security principles and goals in order to comply

There are four important cyber security “domains” that need to be addressed: Leadership and Governance, Risk Management and Compliance, Operational and Technology Issues, and Third-Party Concerns.


How can databrackets help comply with the SAMA framework?

databrackets’s data-centric cyber security solutions complement Financial Institutions’ existing security policy, allowing the organization’s most sensitive data to be protected in a permanent manner, audited, and access revoked as necessary.

Cyber security awareness can be spread throughout a company. Security and implementation methodologies from databrackets’s protection and implementation approach will help organizations to attain maturity levels 3 (structured and formal implementation), 4 (monitoring and evaluation), and 5 (continuous and adaptive improvement).

The cyber security solution is linked to the SAMA Cybersecurity Framework‘s domains and subdomains.

SAMA Framework

Leadership and governance in Cyber Security (3.1)


Cyber Security Policy (3.1.3)

Consistently safeguard the organization’s most sensitive information assets. The organization can identify risks about the information (who is attempting to access without authorization) and indicate possible gaps in the information through powerful auditing and monitoring of accesses to protected information.

Cyber Security Roles and Responsibilities (3.1.4)

Data managers and IT personnel can be segregated in terms of who can examine the security status of the most sensitive data, altering the organization’s cybersecurity policy. They can assess the organization’s level of security and recommend upgrades and modifications to achieve a higher level of protection of data.

Cyber Security in Awareness (3.1.6) and Cyber Security in Training (3.1.7)

Promote a Cybersecurity Culture within the organization’s structure. Users should be aware of managing protected sensitive files and know that some information cannot leave the business unprotected after being involved and trained in securing sensitive information.


Compliance and Cyber Security risk management (3.2)

Cyber Security Risk Management (3.2.1)

In addition to infrastructure and applications, risk management can extend to data, which can be safeguarded in any place, as well as auditing its usage. furthermore, it is possible to find out whether certain data has been restricted from being accessed in the past. 

Compliance with (inter)national standards (3.2.3)

By encrypting and protecting important documents as well as monitoring or revoking access to protected data, databrackets helps financial institutions comply with international regulations such as PCI-DSS (Payment Card Industry

Cyber Security Audit (3.2.5)

databrackets makes it easier to conduct data security audits. It leaves a record of all action on the data in its life cycle, from creation to protection, through access to unprotection or cancellation of access to the data, via its protection solution. This audit promotes the organization’s progression to maturity level 4.


Technology and Cyber Security operations (3.3)


Human Resources (3.3.1)

databrackets can assist in achieving Cybersecurity requirements in the Human Resources area. When an employee leaves the organization, the access rights to the data can be revoked, regardless of where it is located (on the company network, at the user’s home, etc.). Furthermore, the organization can determine whether the former employee is still attempting to access the data after they have left the organization. 

Asset Management (3.3.3)

An individual can identify who owns a sensitive document, as well as its protection policy or level of sensitivity if it has been safeguarded. All file accesses are recorded. As soon as data is classified or categorized, it is protected by databrackets

Identity and Access Management (3.3.5)

databrackets integrates data encryption, identity management, and rights management. Data access can be changed in real-time by limiting information access (only view, edit, copy and paste, print, unprotect, etc.) and who can or cannot access the information. 

Application Security (3.3.6) and Infrastructure Security (3.3.8)

In case a user visits a program and downloads or exports data, it can apply protection to the download, allowing the documents to be controlled wherever they are used.

Cryptography (3.3.9)

At rest (in team directories and file servers), in transit (when sending email or downloading), and in usage databrackets encrypts data (when the user opens a document, permissions such as editing, checking out, etc.). 

Bring Your Own Device (3.3.10)

Corporate infrastructure and devices protect sensitive data, but it is also retained under the firm’s control on the personal devices of company users and third parties.

Secure Disposal of Information Assets (3.3.11)

The ability to revoke a sensitive document allows it to be essentially destroyed regardless of where it is located. The document can be disabled so that no one else can view it. Furthermore, the business can continue to audit failed access attempts to this disabled document. 

Cyber Security Event Management (3.3.14)

databrackets raises the visibility of critical and confidential assets within a company. Information such as access IPs, user identities, etc. can be supplied to SIEM systems to be monitored and managed by a SoC. In addition, it is possible to set up alerts for information (such as a large number of documents being checked out), access attempts from banned subdomains.

Threat Management (3.3.16)

databrackets enables the application of an additional protection layer against potential network security breaches.

Cyber Security applied to third parties (3.4)

Outsourcing (3.4.2)

In many circumstances, security on the network can be controlled, but not on the network of a third party. Contractual or vendor management methods may result in attempts to prohibit improper vendor security practices. However, by safeguarding data provided to a subcontractor or external partner, ensure that data is kept secure and under control at all times.

Cloud Computing (3.4.3)

Even though the organization’s sensitive data is stored in a public or private cloud with its own cybersecurity protections, further control can be maintained if the data is secure. If the Cloud provider is compromised, the data remains secure and can only be accessed by the individuals designated in the security policy, regardless of where the data is stored.


Let’s take this discussion forward

Saudi Arabia’s Banking, Insurance, and Financial Services organizations must adopt and apply the Cybersecurity Framework SAMA in order to manage and deal with cybersecurity threats.

Watch this space for more postings about SAMA Cybersecurity Framework.

Ransomware On The Rise | Cybersecurity

Cover picture of Hacker accessing system using ransomware

Ransomware is a form of malware that threatens users with damage by refusing access to their data. As a ransom, the attacker promises to restore access after the victim pays.

A new wave of ransomware has hit in the year 2021.


This blog contains the following information:

  • Ransomware Statistics
  • Five Of The Largest Ransomware Payouts
  • How Does A Ransomware Attack Work?
  • What Factors Contribute To The Success Of A Ransomware Attack?
  • Who Are Most At Risk Of A Ransomware Attack?
  • Ransomware Assault On A German Hospital Results In The First Death
  • Prevent Ransomware Attacks
  • How Can databrackets Help You In Mitigating The Threat Arising From Ransomware?


Ransomware Statistics

  •  It’s estimated that a business will fall victim to a ransomware attack every 14 seconds
  • From 2013 to 2016, the primary ransomware variants reported were CryptoLocker and CryptoWall
  • In 2017 and 2018 that transitioned to WannaCry and SamSam
  • In late 2018 and early 2019, the primary ransomware families have been GandCrab and Ryuk
  • 68,000 new ransomware Trojans for mobile were detected in 2019




Ransomware Will Remain The Number One Threat

  • The average cost of ransom per incident is on the rise:
    • 2018 – $4,300
    • 2019 – $5,900
    • 2020 – $8,100


  • The average cost of ransomware caused downtime per incident:
    • 2018 – $46,800
    • 2019 – $141,000
    • 2020 – $283,000
  • Businesses lost around $8,500 per hour due to ransomware-induced downtime
  • Ransomware attacks have cost U.S. healthcare organizations $157 million since 2016
  • The individual ransom of 1,400 clinics, hospitals, and other healthcare organizations varied from $1,600 to $14 million per attack
  • Global damage caused by ransomware grew from $11.5 billion in 2019 to $20 billion in 2020.



Five Of The Largest Ransomware Payouts

A few years ago, one may not have ever heard of ransomware (crypto-locker software). Modern-day cybercrime is worth £10 billion per year and is now viewed as one of the major dangers to companies, institutions, and critical services.

Companies are locked out of their files and forced to pay exorbitant ransoms in dozens of cases each month. An attacker’s current price for decryption keys could be in the neighborhood of 0.3 bitcoin (approximately £100,000, or $140,000).

Reviewing five of the biggest recorded ransomware payments, we examine some of the occasions attackers have done this.


San Francisco State University ($2.3 million)

According to reports, a month-long battle with criminal hackers ended with the University of California San Francisco (UCSF) paying $1.14 million in bitcoin to unlock its systems in June 2020.

As a result of the original ransom demand, the institution countered with an offer of $780,000.

Network administrators sought to isolate and ringfence a number of systems as the discussions proceeded. In this way, the malware was stopped from reaching the UCSF core network and causing additional harm to the system.

Travelex ($2.3 million)

Travelex’s IT department was dealing with a ransomware virus on New Year’s Eve 2019 when most were celebrating. Not before paying a reported $2.3 million ransom, the currency exchange agency was able to restore its internal systems. Staff had to use pen and paper during this time, severely delaying the few operations that could still take place, while numerous UK banks who work with the company were obliged to turn away customers who were trying to order foreign currency.

Brenntag ($4.4 million)

Chemical distribution firm Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware group to get a decryptor for encrypted files and prevent the threat actors from publicly releasing stolen data. As a result of a ransomware assault, Brenntag’s North American division was the target. Threat actors encrypt devices on the network as part of this assault, then stole unencrypted material from the network. An anonymous source told BleepingComputer that the DarkSide ransomware gang took 150GB of data during their attack. This page contains a summary of the sorts of data that were stolen and screenshots of some of the files that were taken.

Colonial Pipeline Co ($4.4 million)

When an employee received a ransom letter from hackers on a control-room computer, the operator of Colonial Pipeline knew it was in danger around dawn on May 7, 2021. A difficult decision had to be made that night by the company’s CEO. Joseph Blount, CEO of Colonial Pipeline Co., sanctioned the ransom payment of $4.4 million because management was unclear as to the extent of the hack and how long it would take to restore the pipeline.

A group of hackers had “exfiltrated” documents from the company’s shared internal hard drive and demanded $5 million in exchange for the contents. It was infected by a ransomware application produced by DarkSide, an alleged Russian cyber-criminal organization. FBI worked with Colonial Pipeline to trace the bitcoin after the payment was made to get the money back, CNN reported at the beginning of the month.

Officials said Colonial Pipeline’s fast response in notifying federal authorities allowed investigators to swiftly recover most of the cash, which was recovered after identifying the virtual wallet used in the transaction, according to officials. According to investigators, the DarkSide hackers would not “see a cent” of the ransom money.


CWT Global ($4.5 million)

CWT Global, a US travel services firm, paid $4.5 million in bitcoin to the Ragnar Locker ransomware group in July 2020.

Two gigabytes of data were allegedly hacked. Among the records impacted were financial records, security documents, and employee personal information, such as email addresses and payment data.

Remarkable is that both parties engaged in talks in a public, anonymous chat room.

After the ransomware group demanded $10 million, those who followed the negotiations were able to observe how CWT Global handled the situation.

Replying on behalf of the organization’s chief financial officer, the representative indicated that COVID-19 had badly impacted CWT Global and that it was unable to pay what the attackers wanted.

A little less than half of the initial amount was agreed upon, but it was still more than any other organization had ever paid. CWT agreed to pay $4.5 million in bitcoin, which is a form of digital currency.


How Does A Ransomware Attack Work?

Computer hackers utilize current encryption techniques to create ransomware, which is a form of the virus meant to make money. Modern technology makes it difficult to decipher encryption methods in use today, such as the Advanced Encryption Standard (AES).

As a result, companies are denied access to mission-critical files and data.

As a consequence of this invasion, people and organizations are compelled to pay the ransom. Once data has been encrypted by one of these algorithms, the only way to access it is with the corresponding encryption key. 

Using this information, cybercriminals attack computers with malware. Spear-phishing emails are one of the most popular ways to achieve it. Word macros (or other techniques) can be used to download and run ransomware.

Executive assistants might be targeted by fraudsters posing as C-level executives and demanding a transfer of money or gift cards.

As soon as Spear-phishing emails are on the machine, it begins to encrypt all of the user’s files. This may depend on the sort of ransomware versions that have been used. A few users may encrypt all files, leaving only those that are vital to the computer’s functionality.

In certain cases, the attacks are more focused, targeted at specific files that are more likely to be valuable to the intended victim(s)

After the initial attack, many ransomware variations will try to propagate to additional systems. This vulnerability is the primary infection method for WannaCry, although many contemporary versions will search for portable media (i.e., USB drives), attached devices, or file servers to spread their infection. 

It then displays a ransom note to the user. An example of this is seen in the image above; however, the specifics will vary from one version to the next. For the user’s decryption key and software, these messages generally demand a ransom in Bitcoin.

Ransomware-as-a-Service has also contributed to the expansion of the ransomware industry (RaaS). Users who are less technically savvy can purchase ransomware-related services or kits from ransomware developers and then use them to launch ransomware attacks against targets of their choosing.

Ransomware writers profit from this since it allows less competent crooks to carry out assaults.


What Factors Contribute To The Success Of A Ransomware Attack?

Ransomware attacks are so successful because they are so simple and have a clear psychological impact on their target. They have the ability to infect any type of computer (laptops/desktops, mobile devices, IoT, routers, cloud storage, and so on) and deny the owner access to the data stored on these systems.

Considering sophisticated ransomware kits are freely available on the dark web, this form of attack is very profitable for threat actors. Healthcare providers are one of the most susceptible and worst impacted sectors for two reasons:

1. Personal health information (PHI) may be traded for hundreds of dollars per record and is frequently resold to a variety of threat actors.

2. Health-care system security is often driven by compliance rather than appropriate security hygiene.

Running vulnerability scans, for example, will report on Critical, High, Medium, and Low vulnerabilities. While Critical to High vulnerabilities are frequently prioritized, it is the Medium or Low vulnerabilities that might prove to be a great threat. Overlooking these vulnerabilities on devices such as a printer, medical equipment, or other connected devices allows threat actors to get access to the network. 

Looking ahead to 2021, there are no signs of ransomware stopping off. Indeed, anticipation is high on the development of new tailored versions with the objective of infecting certain industries, such as education, mining, transportation, and energy, to mention a few.


Who Are Most At Risk Of A Ransomware Attack?

Previously, ransomware attackers chose a “quantity over quality” strategy. WannaCry ransomware outbreaks attempted to infect as many machines as possible and demanded a modest payment from each.

Hacker performing a ransomware attack

However, attackers discovered that this technique was not cost-effective. The procedure of acquiring and delivering Bitcoin to pay a ransom is beyond the ordinary user’s comprehension.

As a consequence, hackers either did not get ransoms or were forced to spend time on customer service, which reduced their earnings.

The current ransomware threat mostly targets larger businesses and demands higher ransom payments from each target. Typical objectives include:




• Transportation: the trucking industry has been a significant target of ransomware because it cannot afford ransomware-related delays

• Legal Firms: Following a ransomware assault, a Providence-based law company lost access to data for three months

Dental Practices: In addition, approximately 100 dental clinics were affected by a ransomware assault on a seller of IT services

• City/Municipal Administrations: In 2019, ransomware struck over 70 state and local governments

• Hospitals: Ransomware attacks cause hospitals to turn away patients

Industrial Sectors: The Snake ransomware version targets the industrial sector particularly


Ransomware Assault On A German Hospital Results In The First Death

In the first known case of a death directly connected to a cyber attack on a hospital, the ransomware assault took place at the Duesseldorf University Hospital. The woman has been transported to a clinic about 20 miles away since the hospital couldn’t accept emergency patients due to the attack, the Associated Press reports.

A report from the German news channel RTL claims that the hospital was not the target of the attack. A local university was the intended recipient of the message. Assailants halted their attack after officials informed them that their strike had shut down the hospital they were targeting.


Prevention Of Ransomware Attacks

Hacker doing a Ransomware Attack


Educating the users, automating backups, minimizing attack surfaces, establishing a plan for incident response, deploying endpoint monitoring and protection throughout the network, and securing ransomware insurance are all ways to minimize or avoid a ransomware assault. After infecting backups, ransomware might take over the computers. As an extra layer of protection, physical and offsite backups might be performed in this situation.

An infected PC can no longer be saved after the ransom notice appears. A cyber assault can be prevented by taking precautions in advance.

It is estimated that in 2017 and 2018 the vast majority of ransomware attacks were not specifically targeted. Higher companies with the ability to pay larger ransoms have been targeted by ransomware methods in 2019.

As a result, attackers were able to infect and encrypt endpoints and propagate over the network, often causing hundreds of thousands, if not millions, of dollars in damages to businesses.

Education and Training for Users

Many malware kinds, including ransomware, are propagated by phishing and other forms of social engineering. Infection risk can be reduced by training users to detect these risks. 

Backups that are Automated.

Ransomware attacks require victims to pay a fee to gain access to encrypted files. There is no reason to pay the ransom if recent backups are available. It’s crucial to remember that offline and offsite backups can be utilized as an extra layer of security if backups get contaminated.

Reduce the Attack Surface

Malware frequently exploits existing vulnerabilities, unsecured services (such as RDP), and tools such as PowerShell. The attack surface is reduced by keeping vulnerabilities patched, antivirus up to date, and superfluous services deactivated.

Incident Response Plan 

Responding quickly and appropriately in the aftermath of a ransomware attack is critical. Having a strategy in place ensures that the IT/security team tackles a possible issue appropriately.

Monitoring and Protection for Endpoints.

It is feasible to stop a ransomware outbreak before too much harm has been done by detecting the virus early. Monitored endpoints should be able to detect possible infections and stop them in their tracks.

Insurance coverage for ransomware.

Bringing business back up and running after a ransomware attack may be quite expensive. The expense of ransomware can be minimized if a company has insurance in place.


How Can databrackets Help You In Mitigating The Threat Arising From Ransomware?

Our mission is to assist organizations in developing and implementing practices to secure data and comply with regulations.

With several years of experience in IT and industry verticals, databrackets is your perfect partner for your Cybersecurity, audit, and compliance needs.

databrackets maintains an educational and transparent approach to our customers’ data security and compliance obligations. Using our safe and user-friendly platform, our team of specialists assists you in understanding your choices and developing a bespoke solution tailored to your business’s needs in the most effective manner. We invest in your long-term success so you may run your business without stress. Some of our programs and services, mostly in the Cybersecurity and Privacy Audit, Compliance, Certifications & Attestation Areas, include CMMC, SOC 2, and MFA, which are outlined below and will assist clients in combating threats and preventing attacks by keeping systems safe and secure.


Security Standards Can Be Enforced by CMMC

As a compliance standard, the Cybersecurity Maturity Model Certification (CMMC) has been under development for a long time. As part of DFARS and NIST 800-171, CMMC will require DoD vendors to implement and maintain a variety of security measures based on the type of data they store or access.

In the last several months, a new criterion was introduced, requiring businesses also to certify that they’re striving toward CMMC certification. This situation has arisen due to the fact that these security best practices were not being adopted honestly by organizations.

A more uniform security standard in the United States is the goal of the CMMC.


Services for Security Operations Centers (SOC) Will Mitigate Cyber Attacks

In order to mitigate or prevent cyber assaults when they occur, Security Operation Centers (SOC) provide real-time monitoring, detection, and response services. Benefits from a SOC offer businesses a comprehensive approach to security, according to the report.

As a result, centralized asset displays, cross-departmental collaboration, and maximum awareness are used to save expenses.

Due to the rapid development of cloud services in recent years, SOCs are more accessible today than in the past. Another reason for its rise has been the continual need to bring security down to smaller business models, which has been a significant factor in its rapid expansion.

With our trained privacy and security specialists, together with our CPA partners, we can assist your business meet Security Operation Centers (SOC 2) audit certification criteria in an efficient and cost-effective manner.


Multi-Factor Authentication Use Will Step Up Security

Multi-factor authentication (MFA) is generally considered the gold standard when it comes to authentication. Authentication can be through SMS or phone calls.

Microsoft recommended customers cease utilizing MFA through mobile phones in early November and instead advocate using app-based authenticators and security keys.

One-time passcodes are stored in plain text. As a result, the messages sent are not encrypted, even though SMS has some security built-in. This implies that threat actors can use an automated man-in-the-middle attack to obtain the one-time passcode in plain text.

Online banking is one of the most vulnerable sectors because authentication is generally done by SMS. According to a recent study, a huge financial fraud operation infiltrated 16,000 devices, incurring over $10 million in losses.

Given this danger, companies will increasingly opt for application-based MFA, such as Google Authenticator. We also strongly advise utilizing a hardware MFA device such as the YubiKey.

To learn more about the services, please visit



Top 5 Trends in Cybersecurity in 2020

Cybersecurity Trends in 2020
Cybersecurity Trends in 2020

In 2017, the UK’s National Health Service (NHS) experienced a severe ransomware attack. This incident resulted in the cancellation of nearly 20,000 medical appointments, including rerouting of cancer patients in emergency care to other destinations. The attack cost NHS trusts nearly $93 million.  Proper cybersecurity compliance could have prevented this attack.

Concerns of the cyber-threats have reached the United States as well. According to the secretary of the Department of Homeland Security, cyber weapons and sophisticated hacking currently pose the greatest threat to the United States and the private companies involved . 

According to a recently published report from Verizon, 43% of all cyber-threats are aimed at small businesses, with 39% of the total attacks carried out by organized criminal groups. Small and medium scale enterprises remain most vulnerable, due to a lack of awareness and resources  . According to the National Cybersecurity Alliance report, over 60% of the small enterprises go out of business within six months of experiencing a cyber-attack. 

Although these statistics are frightening, there is some good news. For instance, according to the Verizon report, the incidences of attack to steal credit and debit card information is on the decline. The new chip and pin technology have made these attacks more redundant for hackers. Here are some other innovative trends in cybesecurity worth watching out for in 2020: 

  1. The ultimate battle over internet dominance will continue

The incidents of cyberattacks in the recent years has coerced many countries to restrict internet traffic and take other stringent actions. In fact, Russia was one of the first countries that suggested filtering of internet traffic through Kremlin’s Roscomnadzor internet censor node with an aim to create the country’s very own internet “RuNet”, which might ward off cyberattacks. Moscow even tried to influence the BRICS nations (Brazil, Russia, India, China, and South Africa) to create a separate domain name in order to establish hegemony over the internet. Apart from Russia, China too has enforced many policies to establish itself as the thought leader of internet space. Many countries have even emulated China’s policies and formulated anti-privacy and surveillance laws. This has led to massive fragmentation of the Internet world, resulting in the Balkanization of sorts of the technology arena. However, the blame cannot just be placed on Russia and China alone. Even countries in the west have put stringent policies in place to establish dominance under the ambit of mitigating security risks. One such example is UK and the US snubbing Huawei technologies’ economical 5G services. While these fragmentations may create pockets of internet everywhere, it can be helpful in assuaging cybersecurity woes. However, it would lead to more confusion, less transparency, and perhaps strike down innovation. This dilemma is bound to worry the thought leaders even in 2020.

  1. Compliance Assessment To Take Centerstage

In June 2019, American Medical Collection Agency (AMCA) discovered that an unauthorized person had gained access to its web payment portal. Even more surprising was that the attacker had access to its system since August 2018, resulting in a major loss for the organization with 150,000 cases of the data breach. Under the 43% of all cyber-threats, the agency will have to report the breach to all the potential patients, which itself will require very numerous man-hours During such attacks, it is impossible to know the full extent of the breach within a short duration. Moreover, without adequate precautions, organizations can leave their consumers and themselves open to major risks, ranging from legal liabilities to financial  and personal loss. It’s easier to avoid such issues with quick response procedures that detect threats in time then pass on the message to concerned stakeholders at the earliest. This compliance procedure is not just mandatory by law, but can save enormous financial loss, and even lives. Hence, compliance assessment is likely to remain one of the highest priorities in fighting cyber-attacks.

  1. Attacks on Multiple Fronts

Cyber-attacks are becoming more sophisticated, and this is likely to continue as multi-vectored attacks like NotPetya, and WannaCry remain active. Using these ransomware executable files, hackers can simultaneously attack multiple fronts of digital infrastructure including mobile devices, network, and cloud systems. It is estimated that less than 5% of today’s systems are capable of handling these advanced attacks. With a widespread lack of awareness about security assessment, these attacks will continue to plague small businesses, large enterprises, and government entities. 

  1. Adoption of Data Harbours

According to the US Council of Economic Advisers, cyber-attacks cost the US economy nearly $109 billion in 2016, and pending on cyber-security reached over $120 billion in 2019 globally. Major stakeholders in many industries are threatened, especially in the healthcare and financial fields. On the other hand, cyber threats continue to become more intelligent, systematic, and operate over longer periods of time undetected. This has forced many to create external data harbours for their data, independent of their infrastructure.

  1. Data Privacy Regulation Goes Global 

In 2018, the European Union signed the General Data Protection Regulation, or GDPR law. This law has paved the way for more regulations concerning the use of personal data, such as the California Consumer Privacy Act (CCPA). These laws already affected enterprises worldwide due to the global nature of the internet. Moreover, the GDPR covers European citizen’s data access in all countries and promises to penalize breaches stringently. The growing regulation regarding data privacy holds a major implication for firms who do not have access to compliance assessment. 

Data regulations could also impact companies who host their data in clouds like Azure, Google, and AWS. The increasing data breaches and growing stringent regulatory environment will be worth monitoring in 2020, as cloud adoption and security plays an increasing role.  

In conclusion

If your company is looking for solutions including security assessment, data warehouses, and regulatory compliance, there is a variety of options available. Continuous employee training on cyber-attacks also should remain a high priority, as  prominent forms of attacks took place through phishing methods. If you want to protect your organization from bad actors, you have to perform adequate security assessment and training. 

In fact, security assessment and risk analysis is the first step towards mitigating cyberattacks. And if you are looking for a perfect partner that can help you keep threats at bay, Databrackets is your destination. Backed by a plethora of services including current trend analysis along with past risk assessment reports, awareness training, threat forecast, and more, Databrackets seamlessly alleviates the cybersecurity woes of your organization.

Reference links: