[ad_1]
During the height of the coronavirus pandemic last year, ransomware attacks on hospitals were launched by a Russian-speaking group of suspected criminals, cybersecurity firm “FIN12”. mandiant said Thursday.
Kimberly Goody, mandiant The director of financial crime analysis told reporters that FIN12 hit hospitals and moves faster than other ransomware gangs that hold computer systems and data hostage until victims pay.
While some cybercriminals have placed hospitals outside of borders, FIN12 saw them as lucrative targets – their victims’ average annual income of $6 billion. mandiant‘s analysis.
“In October 2020, there was this joint alert from multiple US government agencies specifically highlighting this growing threat of ransomware attacks to the healthcare industry – we strongly believe this alert was at least in part in response to FIN12 operations.” . I’m fine said.
Last October, several agencies of the federal government issued a joint cybersecurity advisory alert that the federal government has “reliable information about an increasing and imminent threat of cybercrime to US hospitals and healthcare providers.”
The agencies later recorded that the attackers used the Ryuk ransomware. I’m fine FIN12 said it uses it consistently, even as other gangs switch between the types of ransomware they distribute.
Ransomware attacks have increased dramatically in the past year, claiming high-profile victims, from the healthcare industry to a pipeline company that supplies fuel to the East Coast to a major meat producer.
For example, Sky Lakes Medical Center in Oregon was among the hospitals exposed to ransomware in October 2020, and the center’s spokesman, Tom Hottman, previously said there was no indication that personal health information was compromised or shared at the time. Because the ransomware encrypts their medical imaging, patients were given the opportunity to re-do the medical imaging for free.
The report on FIN12 came as Microsoft released a report Thursday that found that most state-sponsored hacks detected by the software giant accounted for Russia, with a 58% share targeting mostly US government agencies and think tanks.
The devastating impact of the long-undetected SolarWinds attack – primarily breaching information technology businesses, including Microsoft – also saw the success rate of Russian state-sponsored hackers 32% in the year ended June 30, compared to 21% in the previous 12 months. raised to.
In its second annual Digital Defense Report from July 2020 to June, Microsoft said that meanwhile, China accounts for less than 1 in 10 of the state-sponsored hacking attempts Microsoft has identified, but have time to break into targeted networks. He said he was successful in 44%. 2021.
The Microsoft report also cited ransomware attacks as a serious and growing plague, with the United States by far the most targeted country and hit more than three times that of the next most targeted country.
President Biden sought to thwart Russian cybercriminals by asking Russian President Vladimir Putin to take action against cyber-attackers in his country. The Biden administration also recently approved a cryptocurrency exchange operating in Russia for allegedly facilitating payments to cyber gangs.
mandiantFIN12’s report on FIN12 said that the group’s members “probably consisted of Russian-speaking actors based in Commonwealth of Independent States (CIS) countries, including Russia and former members of the Soviet Union, such as Ukraine and Kazakhstan.”
It is difficult to pinpoint who is responsible for ransomware operations because Ms. I’m fine He said people always join and leave various cybercrime teams.
“There’s no nation in the cybercrime field that you’re compatible with, and that’s why it muddies the waters a bit,” he said. I’m fine.
Woman. I’m fine said mandiant It traced the activities of FIN12 to about three years ago, during which time it has traditionally targeted North American victims. But in 2021 it has spread to more parts of the world.
One of the features that makes FIN12 different from other ransomware gangs is that it hardly deals with data theft. In 90% of intrusions observed by FIN12 mandiant, Woman. I’m fine said, mandiant They did not see any data theft, which has become an essential tool that cybercriminals use to exploit ransom payments from their targeted victims.
Instead, FIN12 moves fast, and the time to ransom after a system breach was about 10 days faster than when it did if it chose not to steal data.
Duration mandiant He said the U.S. government’s growing interest in ransomware could lead FIN12 to potential victims in Western Europe and Asia, but the ransomware threat has not subsided.
Earlier this week, General Paul Nakasone, director of the National Security Agency and commander of the US Cyber Command, said it is increasing resources to respond to the national security challenges posed by ransomware.
“There is now an increase in both the agency and the overall command in understanding the threats posed by the ransom, understanding the tactics, understanding how to go after the enemies,” said General Nakasone. mandiant in DC
Asked mandiant When CEO Kevin Mandia asked whether ransomware would remain a daily problem in five years, General Nakasone replied “every day”.
• This story is partially based on cable service reports.
[ad_2]
Source link