CONTI Targeting Hospitals and EMS

8963279294?profile=RESIZE_400xIn the US, the Federal Bureau of Investigation (FBI) issued an alert on 20 May regarding “Conti,” a highly disruptive ransomware variant.  Cyber-attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction.  The FBI says it identified at least 16 Conti ransomware attacks targeting US health care and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities within the last year.

Ransomware attacks associated with these variants have resulted in regionally disruptive impacts to critical infrastructure, including hospitals and health systems in the United States and Ireland.  Most recently, hospitals in New Zealand have been hit by disruptive ransomware attacks.  These ransomware attacks have delayed or disrupted the delivery of patient care and pose significant potential risks to patient safety and the communities that rely on hospitals’ availability.[1]  Last year in Germany, an EMS patient was diverted to another emergency department because of a ransomware attack and the patient died due to the extra time it took to get to another hospital.  The ransomware game is getting very serious.   

AHA TAKE - The American Hospital Association (AHA) remains concerned about cyberattacks with the potential to disrupt patient care and jeopardize patient safety.  As stated in testimony before the Senate Homeland Security Committee in December 2020, AHA believes that a ransomware attack on a hospital or health system crosses the line from an economic crime to a threat-to-life crime.  The AHA acknowledges and commends the US government’s efforts to share timely and actionable cyber-threat intelligence.  However, relying on victimized organizations to individually defend themselves against these attacks is not the solution to this national strategic threat. Many of these attacks originate from outside the United States, often beyond the reach of US law enforcement, where ransomware gangs are provided safe harbor and allowed to operate with impunity, sometimes with the active assistance of adversarial nations.  In response, the AHA has urged the government to embark upon a coordinated campaign that will use all diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds, as was done so effectively during the global fight against terrorism.

WHAT YOU CAN DO - Please review and share with your leadership and cyber security teams the following compilation of the latest federal government ransomware bulletins.  Along with AHA and partner resources, below contains details on ransomware technical signatures and best practices for preventing and responding to ransomware attacks.  These include the need for highly secure, network segmented network and data backups; the use of multi-factor authentication for all remote access to networks and privilege escalation; and the importance of a current, frequently tested cross function cyber incident response plan.

Good cyber security posture is a necessity and if employed properly will drastically reduce your vulnerabilities against cyber threats.  Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization and has been helping companies since 2013 with proactive approaches to cyber security.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:


Weekly Cyber Intelligence Briefings
:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

[1] FBI Liaison Alert System (FLASH) CP-000147-MW TLP: WHITE, Conti