At the height of the pandemic, Russian-affiliated hackers were plotting to disable and hold hostage more than 400 U.S. hospitals.
The plan was discussed in 2020 in an online chatroom, but it was disrupted by the Department of Homeland Security and U.S. Cyber Command, reports the Wall Street Journal.
According to a Ukrainian researcher, the Russian cybercriminal gang known as Trickbot was the organization responsible for the ransomware plot. According to Wired, their objective was to force 428 hospitals that were busy responding to surging COVID-19 cases to quickly pay ransoms.
“Fuck clinics in the usa this week,” one Trickbot member said in the chatroom. “There’s gonna be a panic.”
The documents, which were seen by Wired, date from the summer and fall of 2020, and U.S. authorities disrupted the cybergang’s infrastructure. However, since then, Trickbot has grown its operations and strengthened its malware.
For several years now, U.S. federal authorities have been warning healthcare facilities of the threat of ransomware. In the fall of 2020, the U.S. Cybersecurity and Infrastructure Agency, FBI and Department of Health and Human Services said malicious cyber actors were targeting the healthcare sector with Trickbot malware, leading to ransomware attacks, data theft, and the disruption of critical healthcare services.
American hospitals hit by ransomware include Sonoma Valley Hospital in Sonoma, California, all 250 Universal Health Services facilities, the Champaign-Urbana Public Health District in Illinois, Enloe Medical Center in Chico, California, Hackensack Meridian Health in New Jersey, Sturdy Memorial Hospital in Attleboro, Massachusetts, UF Health Central Florida, and many others, although it’s unclear how many of those attacks were the work of Russian-affiliated hackers.
Trickbot is also believed to be responsible for 16 attacks on U.S. emergency responders last year, reports Beckers Hospital Review.
Globally, from 2020-2021 there was a 39% increase in ransomware attacks on healthcare facilities.
Ransomware even led to a fatality in Germany in September 2020. A female hospital patient died after she was diverted to another facility 20 miles away when ransomware shut down the university-affiliated hospital where she was being admitted.
The cyber threat from Russian-affiliated cybercriminals is ongoing. Just last week President Joe Biden urged U.S. businesses to take added precautions amid “evolving” intelligence that Russia could target American companies with cyberattacks as it continues its war on Ukraine.