Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Government Security United States IT

FBI Says Conti Ransomware Gang Has Hit 16 US Health and Emergency Networks (reuters.com) 30

Posted by msmash from the security-woes dept.
The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year. From a report: In an alert made public Thursday by the American Hospital Association, the FBI said the cybercriminals using the malicious software dubbed 'Conti' have targeted law enforcement, emergency medical services, dispatch centers, and municipalities. The alert did not name the victims or go into detail about the nature or severity of the breaches, saying only that they were among more than 400 organizations worldwide targeted by "Conti actors."
This discussion has been archived. No new comments can be posted.

FBI Says Conti Ransomware Gang Has Hit 16 US Health and Emergency Networks More

FBI Says Conti Ransomware Gang Has Hit 16 US Health and Emergency Networks

Comments Filter:

  • it is that there have been many more attacks or that more stories are hitting the headlines ?

    • Likely both. The medical facilities are likely to have HIPAA's reporting requirements apply (Breach Notification Rules for Ransomware [varonis.com]). From a PR point of view, the lessons folks keep re-learning is that you want to get in front of the reporting to control the narrative. Nothing like having the press come after you when you get caught hiding the truth.

      And the attacks themselves are more common. These teams now have lots of experience running these attacks and have become quite good at it. They've also

    • it is that there have been many more attacks or that more stories are hitting the headlines ?

      There has been a change in management. The DHS/FBI can now talk publicly about things that have been happening. Previous management did not want anything made public that could make him look "weak" or incompetent.

      Note: that is not to say that these things happening were the fault of the administration, just that they were too concerned with appearances to publicly acknowledge the existence of the problem.

  • "Look, if something works for me, I stick with it!" (Splash).

    Why would this outfit change their successful motus operendi?

    • They'll have time to reevaluate their choices when the money stops rolling in. But that isn't going to happen any time soon.

  • Are they asking for payment in cash? (Score:3, Insightful)

    by Anonymous Coward on Friday May 21, 2021 @03:40PM (#61408136)

    Because crypto currencies do nothing to enable criminal activity right, cash is just as bad right?

    • Re: (Score:2)

      by bjwest ( 14070 )
      Cash requires a person to person exchange, or at the very least a physical pickup. Great way to get caught right there.

      • which is why an organized criminal would hire lesser criminals to be in physical places and move physical goods and money.

  • Technical platform? (Score:5, Interesting)

    by turbidostato ( 878842 ) on Friday May 21, 2021 @03:40PM (#61408138)

    Is there any public statistics by operating system / operating system vendor / entry application / entry application vendor about the successfully attacked networks?

    • I'm sure Windows/Microsoft/Gmail/Google is on the very top of the list.
    • I would guess based on cyber type incidents I've seen the leading indicator is that people (AKA users) are given access to the systems. If we could just keep people away from the systems then we wouldn't have nearly as many issues. Of course this is a bit tongue in cheek, but it does seem like users doing things that they shouldn't do are the main cause of issues. Now, sure, you could turn that around and say "Policies and configurations are inadequate to keep the system safe when the users do the types of

    • Is there any public statistics by operating system / operating system vendor / entry application / entry application vendor about the successfully attacked networks?

      Conti is ransomware that has been observed since 2020. All versions of Microsoft Windows are known to be affected.

      Conti (ransomware) [wikipedia.org]

  • It's acceptable to pay ransoms now, so attacks like this are simply a part of operating costs going forward.

  • It's kinda hard to feel sorry for a health system that is run entirely by for-profit companies that prey on the poor [cuny.edu] (that is, really only the rich can pay for), but at the same time it's unfortunate it affects people that need those medical services.

    • Disclaimer - don't know the vector for the ransomware... but the health industry is to a point at the mercy of vendors being locked into a particular patched level of O/S and application who are at the mercy of the time and cost involved with recertifying their product with new releases. The patients scream at high bills so the hospitals don't want to pay high software or device costs initially or high maintenance costs and the bean counters further up the food chain don't see any merit in certifying for ea

    • It's kinda hard to feel sorry for a health system that is run entirely by for-profit companies that prey on the poor [cuny.edu] (that is, really only the rich can pay for), but at the same time it's unfortunate it affects people that need those medical services.

      The flaw in your reasoning is that ransoms are not going to the poor. They are yet another cost being taken from the poor.

    • A New Zealand health care system also got hit with a cyber attack, and that health care system, like most in New Zealand, is a public system, not a private provider (socialized healthcare and all that).

  • And should be an automatic firing of the CTO and CEO

  • Declare medical facilities to be national security installations. When ransomware strikes, et the droning begin.

  • Given that I've worked in a major regional health center where they had a common login and password for everybody, dumped stuff indiscriminately on a globally shared Windows drive, didn't section their network at all (VLAN? What's that?!), installed IoT devices like security cameras and never changed default passwords, had their entire ER database backend accessible through *another* globally accessible Windows drive, and so on, this doesn't surprise me. They did get hit with ransomware one night and had to

Slashdot Top Deals

I think there's a world market for about five computers. -- attr. Thomas J. Watson (Chairman of the Board, IBM), 1943

Close