Printable Page Headline News   Return to Menu - Page 1 2 3 5 6 7 8 13
FBI:Ransomware Assault on Health System10/29 06:38

   Federal agencies warned that cybercriminals are unleashing a wave of 
data-scrambling extortion attempts against the U.S. healthcare system designed 
to lock up hospital information systems, which could hurt patient care just as 
nationwide cases of COVID-19 are spiking.

   BOSTON (AP) -- Federal agencies warned that cybercriminals are unleashing a 
wave of data-scrambling extortion attempts against the U.S. healthcare system 
designed to lock up hospital information systems, which could hurt patient care 
just as nationwide cases of COVID-19 are spiking.

   In a joint alert Wednesday, the FBI and two federal agencies warned that 
they had "credible information of an increased and imminent cybercrime threat 
to U.S. hospitals and healthcare providers." The alert said malicious groups 
are targeting the sector with attacks that produce "data theft and disruption 
of healthcare services."

   The cyberattacks involve ransomware, which scrambles data into gibberish 
that can only be unlocked with software keys provided once targets pay up. 
Independent security experts say it has already hobbled at least five U.S. 
hospitals this week, and could potentially impact hundreds more.

   The offensive by a Russian-speaking criminal gang coincides with the U.S. 
presidential election, although there is no immediate indication they were 
motivated by anything but profit. "We are experiencing the most significant 
cyber security threat we've ever seen in the United States," Charles Carmakal, 
chief technical officer of the cybersecurity firm Mandiant, said in a statement.

   Alex Holden, CEO of Hold Security, which has been closely tracking the 
ransomware in question for more than a year, agreed that the unfolding 
offensive is unprecedented in magnitude for the U.S. given its timing in the 
heat of a contentions presidential election and the worst global pandemic in a 

   The federal alert was co-authored by the Department of Homeland Security and 
the Department of Health and Human Services.

   The cybercriminals launching the attacks use a strain of ransomware known as 
Ryuk, which is seeded through a network of zombie computers called Trickbot 
that Microsoft began trying to counter earlier in October. U.S. Cyber Command 
has also reportedly taken action against Trickbot. While Microsoft has had 
considerable success knocking its command-and-control servers offline through 
legal action, analysts say criminals have still been finding ways to spread 

   The U.S. has seen a plague of ransomware over the past 18 months or so, with 
major cities from Baltimore to Atlanta hit and local governments and schools 
hit especially hard.

   In September, a ransomware attack hobbled all 250 U.S. facilities of the 
hospital chain Universal Health Services, forcing doctors and nurses to rely on 
paper and pencil for record-keeping and slowing lab work. Employees described 
chaotic conditions impeding patient care, including mounting emergency room 
waits and the failure of wireless vital-signs monitoring equipment.

   Also in September, the first known fatality related to ransomware occurred 
in Duesseldorf, Germany, when an IT system failure forced a critically ill 
patient to be routed to a hospital in another city.

   Holden said he alerted federal law enforcement Friday after monitoring 
infection attempts at a number of hospitals, some of which may have beaten back 
infections. The FBI did not immediately respond to a request for comment.

   He said the group was demanding ransoms well above $10 million per target 
and that criminals involved on the dark web were discussing plans to try to 
infect more than 400 hospitals, clinics and other medical facilities.

   "One of the comments from the bad guys is that they are expecting to cause 
panic and, no, they are not hitting election systems," Holden said. "They are 
hitting where it hurts even more and they know it." U.S. officials have 
repeatedly expressed concern about major ransomware attacks affecting the 
presidential election, even if the criminals are motivated chiefly by profit.

   Mandiant's Carmakal identified the criminal gang as UNC1878, saying "it is 
deliberately targeting and disrupting U.S. hospitals, forcing them to divert 
patients to other healthcare providers" and producing prolonged delays in 
critical care.

   He called the eastern European group "one of most brazen, heartless, and 
disruptive threat actors I've observed over my career."

   While no one has proven suspected ties between the Russian government and 
gangs that use the Trickbot platform, Holden said he has "no doubt that the 
Russian government is aware of this operation --- of terrorism, really." He 
said dozens of different criminal groups use Ryuk, paying its architects a cut.

   Dmitri Alperovitch, co-founder and former chief technical officer of the 
cybersecurity firm Crowdstrike, said there are "certainly lot of connections 
between Russian cyber criminals and the state," with Kremlin-employed hackers 
sometimes moonlighting as cyber criminals.

   Neither Holden nor Carmakal would identify the affected hospitals. Four 
healthcare institutions have been reported hit by ransomware so far this week, 
three belonging to the St. Lawrence County Health System in upstate New York 
and the Sky Lakes Medical Center in Klamath Falls, Oregon.

   Sky Lakes acknowledged the ransomware attack in an online statement, saying 
it had no evidence that patient information was compromised. It said emergency 
and urgent care "remain available" The St. Lawrence system did not immediately 
return phone calls seeking comment.

   Increasingly, ransomware criminals are stealing data from their targets 
before encrypting networks, using it for extortion. They often sow the malware 
weeks before activating it, waiting for moments when they believe they can 
extract the highest payments, said Brett Callow, an analyst at the 
cybersecurity firm Emsisoft.

   A total of 59 U.S. healthcare providers/systems have been impacted by 
ransomware in 2020, disrupting patient care at up to 510 facilities, Callow 

   Carmakal said Mandiant had provided Microsoft on Wednesday with as much 
detail as it could about the thr eat so it could distribute details to its 
customers. A Microsoft spokesman had no immediate comment.

"Central States Commodities, INC. is a registered trademark. All rights reserved. Central States Commodities, INC. is a Guaranteed Introducing Broker of R.J. O'Brien. Past performance is not necessarily indicative of future performance. The risk of loss in trading futures contracts or commodity options can be substantial, and therefore investors should understand the risks involved in taking leveraged positions and must assume responsibility for the risks associated with such investments and for their results."
Copyright DTN. All rights reserved. Disclaimer.
Powered By DTN