Microsoft turns to court order to take down ransomware hacking tool that targeted hospitals
Microsoft and a group of cybersecurity firms received help from the courts with the massive takedown Thursday of a notorious hacking tool that had been co-opted by cybercriminals to target hospitals and healthcare systems.
Joining forces with cybersecurity firm Fortra and the Health Information Sharing and Analysis Center (H-ISAC), the firms applied for and received a court order designed to remove bootleg versions of Fortra’s Cobalt Strike software. Last Friday, the U.S. District Court for the Eastern District of New York awarded the court order to the organizations, enabling them to seize domain names where malicious actors were storing the “cracked” versions of the software.
For years, a malicious version of the tool — initially designed to enable companies to check their cyber defenses — has been manipulated by bad actors launching ransomware attacks on unwitting victims.
Ransomware families associated with the cracked copies of Cobalt Strike “have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world,” according to Microsoft, costing hospital systems “millions of dollars in recovery and repair costs, plus interruptions to critical patient care services including delayed diagnostic, imaging and laboratory results, canceled medical procedures and delays in delivery of chemotherapy treatments.”
As hospitals grappled with the coronavirus pandemic across the U.S., cybercriminals ramped up crippling cyber attacks designed to lock down computer networks containing patient data in exchange for hefty ransoms. Analysis conducted by the Cybersecurity and Infrastructure Security Agency (CISA) found such attacks posed long-term negative impacts on hospitals, creating more ambulance diversions and increased mortality.
Older, illegal copies of the Cobalt Strike software — often referred to as “cracked” versions — have been abused by criminals in a series of high profile attacks, including those waged against the government of Costa Rica and the Irish Health Service Executive, according to Microsoft.
At least two infamous Russian-speaking ransomware gangs — Conti and LockBit — are listed…
