Microsoft, hospital group use court order to disrupt ransomware attacks aimed at health sector

/in




CNN
 — 

Microsoft used a federal court order to try to cut off cybercriminals’ access to a hacking tool that has been used in nearly 70 ransomware attacks on health organizations in more than 19 countries, the tech giant said Thursday.

It’s one of the biggest moves yet by tech firms and hospitals to combat ransomware attacks that have hobbled US health care providers for years by forcing ambulances to be diverted or chemotherapy appointments to be canceled.

The court order from the Eastern District of New York allows Microsoft to seize internet infrastructure that predominantly Russian-speaking hackers were using to communicate with infected computer networks in hospitals and other health care organizations in the US and around the world.

In addition to Microsoft, the Health Information Sharing and Analysis Center, or H-ISAC, a cyberthreat-sharing group for big US health care providers, and US software firm Fortra sought the court order.

As the coronavirus pandemic strained health care systems around the US, cybercriminals continued to opportunistically lock up the computer networks of hospitals and demand a ransom.

An apparent cyberattack in February forced Tallahassee Memorial HealthCare, which operates a 772-bed hospital in Florida, to send some emergency patients to other facilities.

Many hospitals “end up in (the hackers’) crosshairs because they are underfunded and don’t have appropriate security controls in place,” said Errol Weiss, H-ISAC’s chief security officer.

Weiss told CNN that he believes many hospitals are quietly paying ransoms to hackers because the hospitals “are supporting life-critical functions and they have to get back into operation as soon as possible.”

Fortra sells Cobalt Strike, a type of software that organizations use to test their cyberdefenses but that cybercriminals and state-backed hackers have often hijacked and used in their own hacking operations. The court order allows Microsoft, whose software was also targeted in the attacks, to cut off…

Source…