Currently, several hospitals in the United States are affected by ransomware attacks. The FBI, but also other agencies call for vigilance as other attacks could occur. According to these agencies, a Russian botnet is the origin.
The Covid-19 pandemic is currently intensifying around the world. The United States now reports more than 9 million cases with approximately 230,000 deaths . An article by the Reuters news agency on October 28, 2020 relates to a memo written by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) as well as the Department of Health and Human Services. According to the document, the Russian botnet Trickbot is behind ransomware attacks targeting several hospitals across the country. The malware paralyzes a system by encrypting all of its files before demanding a ransom. After receiving the ransom payment in cryptocurrency, the hackers deliver the decryption keys.
In just one week, the ransomware has affected hospitals in the states of Oregon, California and New York. According to Allan Liska, cybersecurity expert for the company Recorded Future, this is an attack aimed at disrupting hospitals across the country . According to the person concerned, this type of attack would target dozens of hospitals, so that other attacks are to be feared. Naturally, the authors of the note call for vigilance.
The Reuters agency gave the floor to a doctor whose hospital was the victim of an attack. The professional explains that the staff of the establishment must now use paper and pencil . While it is still possible to carry out imaging examinations, the results are only communicated on paper. Unfortunately, there is more serious. This is because the doctor cannot transfer patients , the nearest hospital to his being about an hour away.
It is possible that the Wizard Spider group (or UNC 1878) is behind these attacks. Charles Carmakal, CTO of cybersecurity firm Mandiant, called this group one of the most “brazen, cruel and destabilizing” that he has observed during his career. However, the giant Microsoft had recently announced that it had succeeded in neutralizing the Trickbot botnet in anticipation of the presidential elections. Nevertheless, it seems that the latter is active again and in great shape.
Anyway, this wave of cyberattacks is worrying. For the authorities, this could indirectly cause deaths in case of disorganization of hospitals. However, the fact is that the current Covid-19 pandemic is already a source of tension in these establishments. In September 2020, a hospital in Düsseldorf (Germany) victim of a similar attack was unable to operate on one of its patients. She died while being transferred to another health center.