400 US Hospitals in Danger of Unprecedented Bitcoin Ransomware Attack
The Ryuk Bitcoin ransomware has already delayed surgeries and diverted ambulances. Now authorities are preparing for a nationwide attack.
- A criminal organization called Wizard Spider, also known as UNC-1878, is likely behind most of the attacks, say authorities.
- Dozens of hospitals have been targeted, with hundreds more in danger.
- Authorities are warning hospitals to beef up security to avoid disaster.
Share this article
The FBI and Department of Homeland Security are among the U.S. authorities warning of a coordinated Bitcoin ransomware attack on the nation’s healthcare system.
Ransomware Attack Cripples American Hospitals
Following a report from KrebsOnSecurity, an independent security news outlet, the FBI revealed that dozens of hospitals have already come under attack.
Six institutions have already been attacked in a single day last week in New York, Oregon, and California.
Sky Lakes Medical Center in Oregon was forced to delay surgeries when a Ryuk cyberattack froze their record on Oct. 27. St. Lawrence Health System in New York suffered similar attacks at two hospitals, causing them to redirect ambulances responding to emergencies.
FBI, DHS, HHS warn of "imminent," "credible" ransomware threat against U.S. hospitals. One source said the Ryuk ransomware gang is targeting more than 400 hospitals, clinics and medical care facilities. https://t.co/Uvs0DokrGY
— briankrebs (@briankrebs) October 29, 2020
Hundreds of hospitals may be in danger from cybercriminals spreading the Ryuk ransomware, which encrypts data on any hard drive it penetrates.
Researchers estimate that Ryuk was responsible for one-third of all global ransomware attacks in 2020. The FBI states that since its launch in 2018, Ryuk has netted $61 million in BTC. Ransomware attacks have also been used to target police stations and entire cities.
Security analyst Allan Liska of U.S. cybersecurity firm Recorded Future described the criminal activity as “a coordinated attack designed to disrupt hospitals specifically all around the country.” Liska added that while attacks have been launched each week, last week’s activity was unprecedented in scale.
Charles Carmakal, Senior vice president of cyber response firm Mandiant, said Wizard Spider was “one of the most brazen, heartless, and disruptive” groups he had seen throughout his career.
“We Expect Panic”
The New York Times reported leaked communications from Wizard Spider, intercepted by Hold Security. “We expect panic,” said one hacker, commenting on the potential impact of the mass strike on U.S. hospitals during the ongoing healthcare crisis and presidential elections.
The group aims to hold the patient data stored on hospital servers hostage, suddenly encrypting the information until a ransom has been paid in Bitcoin. Encrypting the data would make it nearly impossible for healthcare staff to efficiently access patient records and efficiently administer care.
Hold Security believes over 400 hospitals are at risk, based on a list intercepted from Wizard Spider. The security firm has informed the FBI that the organization claims 30 hospitals are already infected.
On Oct. 29, the FBI, Department of Homeland Security, and Department of Health and Human Services confirmed that the threat was “credible,” advising hospitals to take measures to secure their systems.