قالب وردپرس درنا توس
Home / Business / FBI, DHS, HHS warned of the imminent threat of reliable ransomware against American hospitals-security issues

FBI, DHS, HHS warned of the imminent threat of reliable ransomware against American hospitals-security issues



On Monday, October 26, KrebsOnSecurity started tracking from reliable sources. An aggressive Russian cybercriminal group known for deploying ransomware is preparing to disrupt the information technology systems of hundreds of hospitals, clinics and medical institutions in the United States.Today from FBI with U.S. Department of Homeland Security Anxious to hold a conference call with executives in the healthcare industry to warn that “the threat of cybercrime to American hospitals and healthcare providers is imminent”.

Agents in the conference call, including U.S. Department of Health and Human Services (HHS) warned participants, “Credible information about the increasing and imminent threat of cybercrime against American hospitals and medical service providers.”

These agencies stated that they are sharing information, “in order to issue warnings to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

The warning was less than 24 hours after the author received a prompt from the following people Alex HortonHe is the founder of Hold Security, a cyber intelligence company based in Milwaukee. Holden said that this week he saw online communications between cybercriminals linked to the Russian-speaking ransomware organization Ryuk, whose members discussed plans to deploy ransomware in more than 400 medical institutions in the United States.

A participant on a government conference call today said that these agencies have provided few specific details on how healthcare organizations can better protect themselves from threats or alleged malware attacks.

“They did not share any IoC [indicators of compromise], So just “fix the system and report any suspicious content”,” said the healthcare industry veteran who participated in the discussion.

However, others on the phone said that IoC may not be helpful for hospitals that have been infiltrated by Ryuk. This is because the malware infrastructure used by the Ryuk gang is usually unique to each victim, ranging from the Microsoft Windows executable file placed on the infected host to the so-called “command and command” used to transfer data between the hosts. Control all compromised systems such as servers.

Nevertheless, cybersecurity incident response companies Mandian Today, we published a list of domains and Internet addresses used by Ryuk in previous attacks throughout 2020 to the present. Mandiant referred to the organization with the classification of threat participants “UNC1878”, and today aired a webcast detailing some of Luc’s latest exploitation strategies.

Charles CarmakalMandiant’s senior vice president told Reuters that UNC1878 is one of the most rude, unintentional and destructive threats he has observed in his career.

Carmakal said: “Many hospitals have been severely affected by Ryuk ransomware and their networks have been offline.”

A health industry veteran who participated in today’s conference call and talked with KrebsOnSecurity on condition of anonymity said that if there are indeed hundreds of medical institutions facing imminent risks, it seems to be beyond the scope of any hospital group. It may imply some kind of electronic health record provider integrated with many care institutions.

However, so far, no hundreds of facilities have publicly reported ransomware incidents. But in the past few days, a few hospitals are dealing with ransomware attacks.

Becker Hospital Reviews It was reported today that the ransomware attack attacked the computer system of the Sky Lake Medical Center headquartered in Klamath Falls, Oregon.

Channel 7 news from WWNY It was reported in New York yesterday that the Ryuk ransomware attack on the St. Lawrence health system resulted in computer infections in Caton-Potsdam, Messena and Guvenir hospitals.

SWNewsMedia.com On Monday, Washington Internet News reported that “unknown Internet activity” caused certain business interruptions at Ridgeview Medical Center in Waconia, Minnesota. Metropolitan area.

This is a developing story. Please stay tuned for further updates.

Update at 10:11 PM EST: The FBI, DHS and HHS jointly issued an alert on this issue, which is available here.

Tags: Alex Holden, Charles Kamakal, Department of Homeland Security, FBI, Department of Health and Human Services, Holder Security, Mandiant, Ransomware, Reuters, Ryuk

This entry was posted on October 28, 2020 (Wednesday) at 8:43 PM and is categorized under “Latest Warning”, “Ransomware”, and “Coming Storm”. You can make any comments on this entry through the RSS 2.0 feed. You can skip to the end and leave a comment. Ping is currently not allowed.


Source link