New Russian Ransomware Targets Hundreds of Hospitals as the Virus Spikes in some states

Published October 30th, 2020 by Bayon Technologies Group

As the US elections reach its final stretch hundreds of US hospitals and healthcare workers have received a dire warning from three government agencies as Russian hackers plan to infiltrate their networks.

The FBI, Health and Human Services, and the Cybersecurity & Infrastructure Security Agency have released a statement stating that the hackers usually utilize the TrickBot network of infected computers to access the organization’s network and once they are they are in they’ll proceed to release Ryuk, which is a particularly aggressive piece of ransomware.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers,” Wednesday evening’s advisory stated. “CISA, FBI, and HHS are sharing this information to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

Mandiant Senior VP and CTO Charles Carmakal stated in an email that this could be the “biggest most significant security threat we’ve ever seen in the United States” Then he went on to describe the malicious actors behind these attacks and categorized them as “one of the most brazen, heartless and disruptive threat actors I’ve observed over my career”. Several Hospitals throughout the US have already reported being victims of these heartless attacks.

The main objective of these hackers is to hit hundreds of other organizations out there. Malicious actors usually don’t deliberately attack hospitals, however, these Russian hackers do not seem to have any issues crossing the ethical line.

CNN confirmed that “Universal Health Services, a Hospital Health care service company based in Pennsylvania; St. Lawrence Health Systems in New York; and the Sky Lakes Medical Center in Oregon were all infected over the past few days”

Microsoft and a host of industry patterns took immediate action to attempt to disable TrickBot two weeks ago. They were able to disable 62 of the 69 command-and-control servers known to be used by the hackers. However, the Russian hackers came back with a set of 59 new servers in a desperate attempt to maintain the botnet alive.

Microsoft stated, “they took action to protect the US election systems from crippling ransomware attacks in the lead-up to the elections”. Shortly after, the New York Times reported that the disruption worked both ways, due to the fact that it hampered some of the methods researchers have used in the past to track these kinds of groups.

Security firm Giga Systems tweeted “If you are in #healthcare, you can’t afford to ignore this” “This is not a drill. You are under attack”

‹ Back