Building wave of ransomware attacks strike US hospitals | HT Tech

Building wave of ransomware attacks strike US hospitals

The FBI is investigating the recent attacks, which include incidents in Oregon, California and New York made public just this week, according to three cybersecurity consultants familiar with the matter.

By:REUTERS
| Updated on: Oct 30 2020, 01:00 IST
Representational image.
Representational image. (Pixabay)

Eastern European criminals are targeting dozens of U.S. hospitals with ransomware, and federal officials on Wednesday urged healthcare facilities to beef up preparations rapidly in case they are next.

The FBI is investigating the recent attacks, which include incidents in Oregon, California and New York made public just this week, according to three cybersecurity consultants familiar with the matter.

You may be interested in

MobilesTablets Laptops
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Vivo X100 Pro 5G
  • Asteroid Black
  • 16 GB RAM
  • 512 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

A doctor at one hospital told Reuters that the facility was functioning on paper after an attack and unable to transfer patients because the nearest alternative was an hour away. The doctor declined to be named because staff were not authorized to speak with reporters.

Also read
Looking for a smartphone? To check mobile finder click here.

"We can still watch vitals and getting imaging done, but all results are being communicated via paper only," the doctor said. Staff could see historic records but not update those files.

Experts said the likely group behind the attacks was known as Wizard Spider or UNC 1878. They warned that such attacks can disrupt hospital operations and lead to loss of life.

Also read: This sophisticated ransomware kidnaps data on Android phones

The attacks prompted a teleconference call on Wednesday led by FBI and Homeland Security officials for hospital administrators and cybersecurity experts.

A participant told Reuters that government officials warned hospitals to make sure their backup systems were in order, disconnect systems from the internet where possible, and avoid using personal email accounts.

The FBI did not immediately respond to a request for comment.

“This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country,” said Allan Liska, a threat intelligence analyst with U.S. cybersecurity firm Recorded Future.

“While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”

In the past, ransomware infections at hospitals have downed patient record-keeping databases, which critically store up-to-date medical information, affecting hospitals' ability to provide healthcare.

Ransomware attacks have jumped 50% over the past three months, security firm Check Point said Wednesday, with the proportion of polled healthcare organizations impacted jumping to 4% in the third quarter from 2.3% in the previous quarter.

Two of the three consultants familiar with the attacks said the cyber criminals were commonly using a type of ransomware known as “Ryuk,” which locks up a victim's computer until a payment is received.

The teleconference call participant said government officials disclosed that the attackers used Ryuk and another trojan, known as Trickbot, against the hospitals.

"UNC1878 is one of the most brazen, heartless, and disruptive threat actors I've observed over my career," said Charles Carmakal, senior vice president for U.S. cyber incident response firm Mandiant.

"Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline."

Experts say the deployment of Trickbot is significant after efforts by Microsoft to disrupt the hacking network earlier this month.

That initiative was designed to handicap the cyber criminals, but they seem to have recovered quickly, said Stefan Tanase, a cyber crime analyst.

"What we are seeing here is confirmation that the reports of the Trickbot takedown were greatly exaggerated," he said.

Microsoft did not answer a request for comment. 

Reporting by Christopher Bing and Joseph Menn.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 30 Oct, 01:00 IST
NEXT ARTICLE BEGINS