Advisories: “Brazen” Russian ransomware hackers target hundreds of US hospitals

Advisories: “Brazen” Russian ransomware hackers target hundreds of US hospitals

Getty Images

Russian hackers are targeting hundreds of US hospitals and healthcare providers just as the Corona Virus is making a comeback and the US presidential election is in its final stretch, officials from three government agencies and the private sector are warning.

The hackers typically use the TrickBot network of infected computers to penetrate the organizations and after further burrowing into their networks deploy Ryuk, a particularly aggressive piece of ransomware, a joint advisory published by the FBI, Health and Human Services, and the Cybersecurity & Infrastructure Security agency said.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers,” Wednesday evening’s advisory stated. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

Security firm Mandiant said much the same in its own notice, which provided indicators of compromise that targeted organizations can use to determine if they were under attack.

Mandiant Senior VP and CTO Charles Carmakal said in an email to reporters that the targeting was “the most significant cyber security threat we’ve ever seen in the United States.” He went on to describe the Russian hacking group behind the plans as “one of most brazen, heartless, and disruptive threat actors I’ve observed over my career.” Already several hospitals have come under attack in the past few days, he said.

Crossing lines

“The intention by the threat actor is to hit hundreds of other organizations out there,” he said in an interview. “Most threat actors don’t want to deliberately hit hospital organizations. There’s an ethical line and they choose not to cross it. This particular actor, they have no problem crossing the line. They’re actively targeting healthcare and hospital organizations.”

There are reports of a handful of hospitals that have been hit with cyberattacks over the past few weeks. CNN said, it had confirmed that “Universal Health…