Federal agents warned Wednesday that a major ransomware assault is underway against U.S. hospitals, some of which have already been attacked by a shadowy band of cybercriminals.
Ransomware is an increasing threat to U.S. healthcare and has already cost hospitals tens of millions in recent years. A typical attack encrypts important data — such as patient records and billing information — until the hospital agrees to pay an exorbitant sum for ransom, usually in the form of Bitcoin or other digital currency.
Wednesday’s alert came from a joint federal task force that includes the FBI, the U.S. Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency (CISA).
At least five hospitals were hit with the ransomware attacks this week, the federal agencies said.
“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” the advisory said. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”
‘Willing to pay’:Hospitals hit hardest by ransomware attacks, study says
The aggressive offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, though there was no immediate indication it was motivated by anything but profit.
“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement. He’s concerned that the group may deploy malware to hundreds of hospitals over the next few weeks.
Ransomware attempts jumped 50% in the last three months, over the first half of 2020, and hospitals and health care organizations were the hardest hit, according to a study earlier this year by Check Point research.
Typical attacks demand several hundred thousand dollars and some have demanded $5 million or more, the research group concluded. Hospitals are often targeted because criminals know they are more likely to pay than other businesses. That’s because hospitals can’t shut down for long without impacting patient care.
In June, the University of California San Francisco disclosed that it paid $1.14 million to ransomware attackers. In Germany, a woman died when a hospital under a ransomware attack couldn’t admit her. Universal Health Services, one of the nation’s largest health providers, was struck last week.
As a result, health care personnel reportedly began keeping records on paper as computer systems began failing over the weekend and some hospitals have sent incoming ambulances to other neighboring hospitals.
The percentage of healthcare organizations impacted by ransomware globally nearly doubled, from 2.3% in the second quarter to 4% in the third quarter. Healthcare was followed by manufacturing, software makers, government/military and insurance and legal firms.
The U.S. saw 313 attacks in the third quarter, compared to 158 in the previous quarter, very closely followed by 312 attacks in India, compared to 224 in the previous quarter.
Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. Administrative problems caused by ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up, could further stress hospitals burdened by a nationwide spike in COVID-19 cases.
The cybercriminals suspected of the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. While the company has had considerable success knocking Trickbot command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.
In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care.
Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.
He said the group was demanding exorbitant ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.
“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.”
Contributing: The Associated Press