The FBI, CISA, and HHS are issuing a joint alert to warn of the threat of ransomware attacks currently affecting U.S. healthcare systems around the country (via AP News).
Ransomware Attacks Against Healthcare
Ransomware is a type of malware that encrypts a computer’s data so the victim can no longer access it. The attacker demands a ransom in order to decrypt it. Security experts say that at least five U.S. hospitals have been attacked just this week.
The “Russian-speaking cybercriminal group” (UNC1878) uses a type of ransomware called Ryun that it spreads through the TrickBot botnet. U.S. Cyber Command, as well as Microsoft, have been fighting TrickBot.
-
[Alex Holden, CEO of Hold Security] said the group was demanding ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.
-
One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems. They are hitting where it hurts even more and they know it.
The security alert describes the attacks and issue a list of ransomware best practices, like keeping offline encrypted backups of data and creating a cyber incident response plan.