FBI warns imminent wave of ransomware attacks hitting hospitals

coronavirus-testing-hayward-ca-medical-doctors-hospital-6281

Hackers are expected to launch a wave of ransomware attacks against hospitals, the FBI warned.


James Martin/CNET

For the most up-to-date news and information about the coronavirus pandemic, visit the WHO website.

US officials are warning hospitals to expect a wave of ransomware attacks soon, urging healthcare providers to take precautions to protect themselves before the hacks hit. 

In a joint warning from the FBI, the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services on Wednesday night, the agencies said the Russian botnet Trickbot is targeting health and public services with ransomware attacks. 

The malware encrypts computers and prevents victims from being able to use them unless they pay the ransom. The ransoms are often expensive, but it can be even more costly for victims who don’t pay. When the city of Atlanta suffered a ransomware attack, it paid $2.6 million to recover from it while the ransom cost $52,000.

In Germany, a patient died because a ransomware attack infected the nearest hospital when she needed urgent medical care. The attacks are now expected to hit hospitals in the US as a second wave of coronavirus infections arrives.


Now playing:
Watch this:

Russian hackers look to steal coronavirus vaccine info,…



1:37

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” the agencies said in their warning

The ransomware is being delivered through Trickbot, one of the largest botnets in the world. It’s operated by Russian cybercriminals, and is also used for other hacks including cryptomining and financial data theft. 

Microsoft and other cybersecurity companies briefly took down the botnet through a court order, but it had resurfaced within days

The agencies said that the ransomware strain being used is likely Ryuk, a highly infectious ransomware attack that’s been active since 2018. The malware quietly plants itself within a network to get as much access as possible before launching, sometimes shutting down security systems that would’ve protected victims. 

Cybersecurity company SonicWall said there was a 40 percent rise in ransomware attacks this year, with a massive spike in September. The US saw 145.2 million ransomware hits, a 139% rise from last year, the researchers said. The Ryuk ransomware strain made up one-third of all ransomware attacks this year. 

At this same time last year, SonicWall said it only detected 5,123 Ryuk infections, compared to 67.3 million infections this year. 

“The increase of remote and mobile workforces appears to have increased its prevalence, resulting not only in financial losses, but also impacting healthcare services with attacks on hospitals,” SonicWall’s vice president of platform architecture Dmitriy Ayrapetov said in a statement.

The Ryuk ransomware was behind the attack on Universal Health Services, which has 400 hospitals in the US and the UK, and has also targeted several cities. The attacks come at a time when hospitals are expecting to care for more coronavirus patients. On Oct. 24, the US set a single-day record with more than 83,000 new coronavirus infections.  

The attacks could US hospitals to divert patients who need critical care and increased wait times, Charles Carmakal, chief technology officer of FireEye’s Mandiant said.

“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Carmakal said. “Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline.”

The FBI, CISA and HHS are encouraging healthcare providers to set up back-up plans in case they are hit with a ransomware attack. Hospitals should back up critical information like patient records and store them offline and separated from their main network.

They should also patch their software as soon as possible, disable unused remote desktop access, and regularly change passwords, along with using multi-factor authentication for protection, the agencies said. 

If hospitals do suffer a ransomware attack, the agencies recommend against paying the costs. The payments don’t guarantee that a hospital will be back online, and it could also encourage cybercriminals to launch future attacks.

Source Article