FBI Warns Of Ransomware Targeting Healthcare

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Los Alamos

As of Wednesday of this week, the U.S. has been reporting 100,000+ new COVID-19 cases a day.

According to New Mexico health officials, we can expect more than a dozen deaths a day for weeks as infections continue. Hospitals are filling up, and healthcare staff is running thin. The state has been warning the public about this for weeks. New Mexico is expecting to run out of ICU beds within a week.

With the healthcare system already strained by the pandemic, cyber-criminals are targeting the healthcare sector. This week the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the FBI issued a joint advisory warning of “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The alert can be found here: https://us-cert.cisa.gov/ncas/alerts/aa20-302a

According to the alert, cybercriminals are increasingly targeting the U.S. Healthcare system with ransomware attacks. What is ransomware? It’s a type of malware that encrypts all data, and to regain access, users have to pay whatever ransom is requested or figure out how to decrypt. In most cases, if the victim doesn’t pay, the perpetrators have already accessed all data and will threaten to release it to the public if they do not pay. Any ransomware attack can usually be considered a potential data breach, though it depends on the attacker’s techniques. Lately the trend is to steal data as well as encrypt it.

The most common strains of ransomware being used in these attacks seem to be Ryuk and Conti.

According to the CISA advisory, it is likely the Trickbot gang is behind the attacks. Trickbot is a modular banking trojan, a type of malware that can also act as a “dropper” to get ransomware into systems. A “dropper” is a type of malware that is downloaded unknowingly by a user, evades anti-virus software, infects the computer, and then downloads additional malicious programs.

The most common vector of attack for ransomware is the end-user, via phishing emails. Generally, the malware is sent in a phishing email as an attachment or a link with a download, and the user…