In the past year, the FBI has detected at least 16 attacks on U.S. healthcare and emergency networks, including law enforcement agencies, emergency medical services, 911 dispatch centers, and municipalities. The FBI has issued alerts about Conti ransomware.
According to an advisory report issued by the American Hospital Association (AHA), attacks related to Conti and DarkSide ransomware variants (recently related to attacks on colonial pipelines) are believed to originate from “criminal networks operating in non-cooperative foreign jurisdictions.” . ).
The report stated that ransomware attacks related to these variants disrupted critical infrastructure including hospitals in the United States and Ireland, and pointed out that destructive ransomware activities also hit hospitals in New Zealand.
Officials said: “These ransomware attacks have delayed or disrupted the delivery of patient care and have brought huge potential risks to patient safety and communities that rely on hospital availability.”
Conti attackers can gain unauthorized access to the target network by using malicious email links, attachments or stolen RDP credentials. The malware uses embedded PowerShell scripts to provide weapons for Word files. It first uses these documents to perform a Cobalt Strike attack, and then drags and drops Emotet onto the network. Officials said in the alert that this allowed them to deploy ransomware.
The attacker may leave the ransomware in the target network for an average of four to three weeks before deploying it. They first use tools that already exist on the network and add more tools as needed, such as Windows Sysinternals1 and Mimikatz, to elevate privileges and move laterally.
Read more details here.
Keep up with the latest cyber security threats, newly discovered vulnerabilities, data leakage information and emerging trends. Send directly to your email inbox every day or every week.