Tags: ransomware | hospitals | hackers

FBI Probes String of Recent Ransomware Attacks on Hospitals

FBI Probes String of Recent Ransomware Attacks on Hospitals
(Dreamstime)

Wednesday, 28 October 2020 07:44 PM

Eastern European criminals are targeting dozens of U.S. hospitals with ransomware and federal officials on Wednesday urged healthcare facilities to beef up preparations rapidly in case they are next.

The FBI is investigating the recent attacks, which include incidents in Oregon, California and New York made public just this week, according to three cybersecurity consultants familiar with the matter.

Experts said the likely group behind the attacks was known as Wizard Spider or UNC 1878. They warned that such attacks can disrupt hospital operations and lead to loss of life.

The attacks prompted a teleconference call on Wednesday led by FBI and Homeland Security officials for hospital administrators and cybersecurity experts.

A participant told Reuters that government officials warned hospitals to make sure their backup systems were in order, disconnect systems from the internet where possible, and avoid using personal email accounts.

The FBI did not immediately respond to a request for comment.

“This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country,” said Allan Liska, a threat intelligence analyst with U.S. cybersecurity firm Recorded Future.

“While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”

In the past, ransomware infections at hospitals have downed patient record-keeping databases, which critically store up-to-date medical information, affecting hospitals’ ability to provide healthcare.

Two of the three consultants familiar with the attacks said the cyber criminals were commonly using a type of ransomware known as “Ryuk,” which locks up a victim's computer until a payment is received.

The teleconference call participant said government officials disclosed that the attackers used Ryuk and another trojan, known as Trickbot, against the hospitals.

"UNC1878 is one of most brazen, heartless, and disruptive threat actors I’ve observed over my career," said Charles Carmakal, senior vice president for U.S. cyber incident response firm Mandiant.

"Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline."

Experts say the deployment of Trickbot is significant after efforts by Microsoft to disrupt the hacking network earlier this month.

That initiative was designed to handicap the cyber criminals, but they seem to have recovered quickly, said Stefan Tanase, a cyber crime analyst. "What we are seeing here is confirmation that the reports of the Trickbot takedown were greatly exaggerated."

© 2020 Thomson/Reuters. All rights reserved.


   
1Like our page
2Share
Newsfront
Eastern European criminals are targeting dozens of U.S. hospitals with ransomware and federal officials on Wednesday urged healthcare facilities to beef up preparations rapidly in case they are next. The FBI is investigating the recent attacks, which include incidents in...
ransomware, hospitals, hackers
401
2020-44-28
Wednesday, 28 October 2020 07:44 PM
Newsmax Media, Inc.
 

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

NEWSMAX.COM
America's News Page
© Newsmax Media, Inc.
All Rights Reserved