CT’s ECHN cyberattacks may not be related to FBI hacking probe

/in


The FBI has taken out a massive automatic hacking system that is responsible for infecting hundreds of thousands of computers throughout the world and ransomware attacks, but it doesn’t appear to be connected to the Prospect Medical Holdings attack impacting Connecticut hospitals.

The system named Qakbot did infiltrate computer systems on the East Coast, but those attacks targeted “financial institutions,” FBI Director Christopher Wray said when announcing the takedown.

It also attacked a medical device manufacturer on the West Coast, he said.

While Prospect is based in California, Wray did not identify any health care providers impacted by the malware system, nor did an FBI press release.

Prospect facilities in Connecticut, including Manchester, Rockville, and Waterbury hospitals, were the victims of a cyberattack on Aug. 3.

Last year, Wray said that the system was used to steal gigabytes from a health care provider, and that stolen data was later leaked on the dark web.

Wray said that the hacking system enabled “the most prolific ransomware groups” to cause losses of hundreds of millions of dollars to businesses around the world, specifically naming Conti and ProLock as attackers.

There was no mention of Rhysida, the international extortion group claiming responsibility for the Prospect hack.

A spokesman from the FBI’s New Haven office would not say if the investigation into Rhysida was in any way connected to the Qakbot announcement.

“I won’t confirm or deny the existence of an investigation but will say that FBI is aware of the cyberattack you reference. There is no specifics I can share about Qakbot Takedown,” the spokesman said.

Nonetheless, the FBI has “crippled one of the longest running botnets every seen,” Wray said. “The FBI neutralized this far-reaching criminal supply chain, cutting it off at its knees.”

Along with the financial institutions on the East Coast and the medical device manufacturer on the West Coast, the bot network has also attacked a critical infrastructure government contractor in the Midwest.

Source…