The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Health and Human Services (HHS) on Wednesday issued a cybersecurity advisory describing a ransomware attack against U.S. health care targets “to infect systems with Ryuk ransomware for financial gain.” The agencies’ warned of an “imminent threat to U.S. hospitals and healthcare providers.”
As of Thursday morning, CNN had confirmed two targets: St. Lawrence Health Systems in Potsdam, New York, and Sky Lakes Medical Center in Klamath Falls, Oregon. At least six attacks had been reported, and a larger number is likely. Health care providers in Minnesota and Vermont also have been reported as victims of the attack.
Charles Carmakal of cybersecurity firm Mandiant told CNN that the United States is “experiencing the most significant cyber security threat we’ve ever seen.” The attacks are forcing hospitals to try to find other providers and that drives up the wait time for patients to receive critical care.
If the ransomware attack cannot be limited, the rising number of U.S. cases of COVID-19 could overwhelm health care facilities and lack of treatment could send the death toll higher.
The Russian ransomware group Ryuk reportedly has been discussing the attacks on more than 400 U.S. health care facilities, according to Alex Holden of Milwaukee-based Hold Security, who spotted communications among group members earlier this week.
According to Wednesday’s warning, the Russian group is targeting the U.S. health care sector with Trickbot malware, which creates files in certain Microsoft Windows folders that initiate communication with the hackers’ command and control servers. Once the files are deployed, other malicious scripts are executed to lock the files and generate a ransom demand.
About two weeks ago, Microsoft and other tech partners shut down 62 of Ryuk’s 69 command and control servers. According to a report at Ars Technica, the ransomware group promptly fired up 59 new servers, of which all but one were shut down.
One side-effect of the counterattack against Ryuk was a change to the TrickBot malware that severely challenges security experts’ ability to track the group.
The FBI, CISA and HHS offer little more to potential targets than to patch their software as soon as an update is available and take other routine security precautions like changing passwords more often, using multifactor authentication and disabling remote access ports.
The agencies also recommend that affected health care providers not pay ransoms because “payment does not guarantee files will be recovered” and payments may lead to more attacks in the future.
ALSO READ: Goldman Sachs Says Buy 4 Top Industrial Stocks After Very Solid Q3 Results
Get Our Free Investment Newsletter
Source: Read Full Article