The FBI is warning there is a new threat of ransomware attacking the US Healthsystems. The ransomware assault threatens hospitals and will most likely spread to the ambulatory practices. The FBI and two other federal agencies issued a joined alert on Wednesday. The issue stated that this malicious attack will lead to data theft and disruption of the healthcare system and services.
Ransomware Assault Threatens Hospitals
The FBI is investigating the recent attacks, which include incidents in Oregon, California and New York made public just this week, according to three cybersecurity consultants familiar with the matter.
A doctor at one hospital told Reuters that the facility was functioning on paper after an attack and unable to transfer patients because the nearest alternative was an hour away. The doctor declined to be named because staff were not authorized to speak with reporters.
‘We can still watch vitals and getting imaging done, but all results are being communicated via paper only,’ the doctor said. Staff could see historic records but not update those files.
Experts said the likely group behind the attacks was known as Wizard Spider or UNC 1878. They warned that such attacks can disrupt hospital operations and lead to loss of life.
The attacks coincide with the U.S. presidential election, but do not appear to have any connection to it.
‘We are experiencing the most significant cyber security threat we´ve ever seen in the United States,’ Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.
He’s concerned that the group may deploy malware to hundreds of hospitals over the next few weeks.
Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. Administrative problems caused by ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up, could further stress hospitals burdened by a nationwide spike in COVID-19 cases.
The Russian-speaking cybercriminals suspected of the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October.
In the past, ransomware infections at hospitals have downed patient record-keeping databases, which critically store up-to-date medical information, affecting hospitals’ ability to provide healthcare.
While the company has had considerable success knocking Trickbot command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.
The US has seen a plague of ransomware over the past 18 months or so.
In September, a ransomware attack took down all 250 US facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work.
Employees described chaotic conditions impeding patient care. Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.
Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.
Parts of this post are from www.dailymail.co.uk