The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has tried to breach the networks of over a dozen U.S. healthcare and first responder organizations.
The data was shared through a TLP:WHITE flash alert issued Thursday to assist system admins and safety professionals defend their orgs’ networks towards future Conti assaults.
No less than 16 organizations focused
“The FBI recognized at the very least 16 Conti ransomware assaults focusing on U.S. healthcare and first responder networks, together with regulation enforcement companies, emergency medical companies, 9-1-1 dispatch facilities, and municipalities throughout the final yr,” the FBI Cyber Division said.
“These healthcare and first responder networks are among the many greater than 400 organizations worldwide victimized by Conti, over 290 of that are situated within the U.S.”
In accordance with the FBI, Conti ransom calls for are custom-tailored to every sufferer, with current ones being as excessive as $25 million.
Moreover, if the ransom will not be paid inside eight days, Conti ransomware operators would additionally contact their victims utilizing Voice Over Web Protocol (VOIP) companies (a tactic additionally utilized by Doppelpaymer and other groups) or encrypted e mail companies.
Victims are urged to share data on Conti ransomware assaults that hit their networks to assist the FBI stop future assaults and determine the gang members’ identities.
Cyber assaults focusing on networks utilized by emergency companies personnel can delay entry to real-time digital data, growing security dangers to first responders and will endanger the general public who depend on requires service to not be delayed. [..] Focusing on healthcare networks can delay entry to important data, doubtlessly affecting care and remedy of sufferers together with cancellation of procedures, rerouting to unaffected amenities, and compromise of Protected Well being Info. — FBI Cyber Division
The Conti ransomware gang
Conti shares a few of its code with the notorious Ryuk Ransomware, whose TrickBot distribution channels they began utilizing after Ryuk exercise decreased round July 2020.
This ransomware gang has not too long ago breached the networks of Eire’s Health Service Executive (HSE) and Department of Health (DoH), asking the previous to pay a $20 million ransom after efficiently encrypting its programs.
Although the DoH was able to block Conti from encrypting its systems, the HSE was not as fortunate and was needed to shut down all I.T. programs to stop the ransomware from spreading via its community.
Following the assault on Eire’s public healthcare system, the Conti gang released a free decryptor for the HSE however warned that the 700 GB of information stolen from their community will nonetheless be launched or bought.
The U.S. authorities beforehand warned the healthcare business of ransomware targeting hospitals and healthcare suppliers in October 2020, after Ryuk operators took down the computer and phone systems of Fortune 500 hospital and healthcare companies supplier Common Well being Providers (UHS).