Ransomware attacks hit U.S. hospitals
A tsunami of ransomware attacks has hit U.S. hospitals in Vermont, New York, Oregon and likely other states, with U.S. officials warning that there is “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” across the country, according to a recent CISA, FBI and HHS bulletin.
Why it matters: The decision by cyber criminals to launch a large-scale campaign attacking hospitals represents a shocking escalation by these groups, and it shows how unbound by moral considerations they are when selecting their targets.
Details: “As many as 20 medical facilities” have already been affected by these attacks, according to NBC News.
- The ransomware attacks are believed to have been perpetrated by the Russian-speaking group of cyber criminals that operates the “TrickBot” botnet, the world’s largest. A botnet is a group of hijacked computers that have been repurposed for malicious ends.
Background: Last month, the U.S. military’s Cyber Command temporarily degraded the TrickBot network. In a related action, Microsoft also attempted to disrupt this cyber criminal group’s activities.
The big picture: These ransomware attacks, which encrypt victims’ data unless they pay a fee to get it back, are occurring as medical facilities across the country are being overwhelmed with new hospitalizations because of the COVID-19 pandemic.
- Some affected hospitals have lost access to their digital records, slowing down basic administrative tasks and creating backlogs. In an Oregon hospital, surgeries and some cancer treatments have been delayed because of the attacks.
The bottom line: Ransomware-wielding cyber criminals represent "the most significant cyber threat that we’ve experienced in the US to date," Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, told Wired.