Who is behind the cyber attacks on American hospitals?


By CAPosts 30 October, 2020 - 11:01am 89 views

Hospitals fight all kinds of viruses. Computer scientists are no exception. The FBI, the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have warned of a threat of cyber attacks against hospitals and healthcare providers. medical care in the United States. Ransomware -type attacks - a computer virus that blocks computers and data on a system until a ransom is paid - have occurred in New York, Oregon and California, as confirmed by Reuters .

“This is a threat imminent and growing cybercrime for the country's hospitals and health care providers, ”CISA warned through social networks. However, none have specified exactly how many health facilities have been affected or who are allegedly responsible for the attacks. HHS sources have said that the attacks could be linked to "Russian criminal groups" and several cybersecurity experts consulted by Reuters point to a specific group: UNC1878.

UNC1878 and Ryuk

"UNC1878 is one of the threat actors most brazen, ruthless and disruptive I've ever seen in my career, "Charles Carmakal, senior vice president of US cyber incident response firm Mandiant, told Reuters . This group of cybercriminals is one of the best known in cybersecurity circles. They share the limelight with other powerful hacker groups, such as the Syrian Electronic Army - known for attacking the pages of world leaders on Facebook and Twitter, such as Barack Obama or Nicolas Sarkozy - and the most famous, Anonymous - active worldwide and known for hacking. the Pentagon and companies such as MasterCard, Visa and PayPal.

The direct involvement of UNC1878 has not been confirmed by any official channel of the US Government. But what is proven is that the type of ransomware used to attack hospitals is known as Ryuk . This computer virus is young. It hit the market in 2018, but in just two years it has cost companies and institutions at least 10 million dollars (8.5 million euros) in ransom payments, as reported by multiple specialized cybersecurity media . This computer virus is capable of blocking the victim's system until payment has been received for the ransom of the data.

The latest investigation on Ryuk published a few days ago by the cybersecurity company SonicWall Capture Labs, has revealed that this type of ransomware is "responsible for a third of all cyber attacks in 2020" and that there has been a 40% increase in its use. "The increase in the remote and mobile workforce appears to have increased the prevalence of Ryuk, which not only generates financial losses, but also affects health services with attacks on hospitals," says the vice president of platform architecture in the report. from SonicWall, Dmitriy Ayrapetov.

Double fight: ransomware and covid-19

How much does Ryuk affect a hospital? A lot. In fact, experts and medical staff alike have revealed that ransomware attacks often “shut down hospital computer systems, often forcing them to turn to pencil-and-paper graphics and sometimes blocking them from the systems they need to do it. run tests on patients ”. In addition, as a result of the coronavirus pandemic , hospitals have also become a "key" target for cybercriminals, according to the sources consulted, since, given their condition, they are more likely to pay for the ransom due to the Sensitive information and the vulnerability of its patients

But the pandemic has also opened a gap for cybercriminals to target not only hospitals, but also homes. According to the latest report by the cybersecurity company Check Point , the rise of teleworking is linked to ransomware attacks , which have increased by 160% in Spain in the last three months. Spain, which leads the European ranking, is followed by Germany, with an increase of 145% and, far behind, the United Kingdom (80%) and France (36%).

The Spanish figure is well above the global average, which in these months has seen these attacks grow by 50% compared to the first half of the year. Checkpoint has warned, through a statement that "organizations around the world are in the midst of a massive wave of ransomware attacks" because the companies that focused all their efforts on establishing remote work infrastructures did not do so applying the best security measures.

You can follow EL PAÍS TECNOLOGÍA RETINA at Facebook , Twitter , Instagram or subscribe here to our Newsletter .

Related News

Technology Crime Computer viruses Coronavirus Hospitals United states