The same hackers that took down the Irish health system last week also hit at least 16 U.S. medical and first responder networks in the past year, according to a Federal Bureau of Investigation alert made public Thursday by the American Hospital Association.
As first spotted by the security news site Bleeping Computer, the FBI Cyber Division said these hackers used the strain of ransomware known as Conti to target law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities in the U.S. Ransomware is a type of malicious software that breaks into a victim’s devices and encrypts their files so cybercriminals can then extort payment in exchange for restoring access.
The FBI didn’t identify the victims or say if they’d paid ransoms.
The Conti ransomware is believed to be under the control of the Russia-based Wizard Spider cybercrime gang. The code shares some connections with the Ryuk ransomware and even uses that malware’s distribution channels.
The perpetrators behind the Irish attack released a free decryptor after realizing the nature of their victim, but they still said they’d release or sell data. They’d originally demanded a ransom. The issue, of course, is that this group might use similar tactics. Healthcare operations and personal data might be at risk even if attackers waive ransoms, and those that do pay might inadvertently encourage future attacks.
