FBI and CISA cybersecurity experts: malicious hackers are trying steal sensitive information, acquire user credentials, and gain persistent access to victim networks.
FBI and the U.S. Department of Homeland Security: There is an imminent cybercrime threat to U.S. hospitals and healthcare providers
There is an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” It has been denounced by FBI and the U.S. Department of Homeland Security (DHS) in a conference call with healthcare industry executives. On Monday, Oct. 26, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. The agencies on the conference call, which included the U.S. Department of Health and Human Services (HHS), warned participants about “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.” The agencies said they were sharing the information “to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”
The cybersecurity experts: It could arrive from Russian Ryuk ransomware gang
The cybersecurity experts warning came less than 24 hours after KrebsOnSecurity received a tip from Alex Holden, founder of Milwaukee-based cyber intelligence firm Hold Security. Holden said he saw online communications this week between cyber criminals affiliated with a Russian-speaking ransomware group known as Ryuk in which group members discussed plans to deploy ransomware at more than 400 healthcare facilities in the U.S. One participant on the government conference call said the agencies offered few concrete details of how healthcare organizations might better protect themselves against this threat actor or purported malware campaign. “They didn’t share any IoCs, so it’s just been ‘patch your systems and report anything suspicious’,” said a healthcare industry veteran who sat in on the discussion. However, others on the call said IoCs may be of little help for hospitals that have already been infiltrated by Ryuk. That’s because the malware infrastructure used is often unique to each victim, including everything from the Microsoft Windows executable files that get dropped on the infected hosts to the so-called “command and control” servers.