FBI Alerts Hospitals To ‘Imminent’ Threat Of Crippling Ransomware Attacks
Since Monday, at least six U.S. hospitals have already been hit by cyberattacks believed to be executed by a Russian-speaking criminal gang using the Ryuk ransomware. The FBI, Department of Homeland Security and Department of Health and Human Services warn health care providers to prepare for more hacks.
AP:
FBI Warns Ransomware Assault Threatens US Healthcare System
In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.” The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more. (Bajak, 10/29)
NPR:
U.S. Hospitals Targeted In Rising Wave Of Ransomware Attacks, Federal Agencies Say
The agencies said hackers are using Ryuk ransomware — malicious software used to encrypt data and keep it locked up — and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities. Such data hijacking often cripples online systems, forcing many to pay up to millions of dollars to restore their services. The agencies warned health care providers to step up protections of their networks, including regularly updating software, backing up data and monitoring who is accessing their systems. (Bond and Romo, 10/29)
The Washington Post:
Hospitals Being Hit In Coordinated, Targeted Ransomware Attack From Russian-Speaking Criminals
Russian-speaking cybercriminals in recent days have launched a coordinated attack targeting U.S. hospitals already stressed by the coronavirus pandemic with ransomware that analysts worry could lead to fatalities. In the space of 24 hours beginning Monday, six hospitals from California to New York have been hit by the Ryuk ransomware, which encrypts data on computer systems, forcing the hospitals in some cases to disrupt patient care and cancel noncritical surgeries, analysts said. (Nakashima and Greene, 10/28)
The Hill:
Federal Agencies Warn Hackers Targeting U.S. Hospitals With Ransomware Attacks
The virus was also involved in an attack on Pennsylvania-headquartered hospital chain Universal Health Services, with all 250 of its U.S. healthcare facilities negatively impacted by a ransomware attack earlier this month. Multiple hospitals and healthcare groups in the U.S. have been targeted this week, including three hospitals in New York’s St. Lawrence County and Sky Lakes Medical Center in Oregon, which the medical center confirmed in a Facebook post on Tuesday. (Miller, 10/28)
Bloomberg:
FBI, DHS Warn Hospitals Of ‘Credible Threat’ From Hackers
The attack was carried out by a financially motivated cybercrime group dubbed UNC1878 by computer security researchers, according to Charles Carmakal, FireEye’s strategic services chief technology officer. At least three hospitals were severely affected by ransomware on Tuesday, he said, and multiple hospitals have been hit over the past several weeks. UNC1878 intends to target and deploy ransomware to hundreds of other hospitals, Carmakal said. “We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” he said. “UNC1878, an Eastern European financially motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other health-care providers.” (Turton, Mehrotra and Tozzi, 10/28)
NBC News:
FBI, Other Agencies Warn Of 'Imminent Cybercrime Threat' To U.S. Hospitals
With Trickbot, the malicious software typically is embedded in an email designed to fool the recipient into clicking on a link or document that then installs the malware. Ransomware is generally described as a family of malware that blocks access to a PC, server or mobile device, or encrypts all the data stored on that machine. To regain access, the user must pay a ransom. Typically, the payments are demanded in bitcoin. (Dilanian, Blankstein and Helsel, 10/28)