News

Russian Hackers Planning More Cyber Attacks on U.S. Hospitals

At least ten hospitals are being targeted with ransomware, while nine facilities in six states have already been attacked.

Photo via Adobe by beebright

November 03, 2020 Robin Hattersley Jump to Comments

The Woodlands, Texas — As America struggles with sky-high COVID-19 infection and death rates, at least ten U.S. hospitals could soon be on the receiving end of a cyber attack by a Russia-based ransomware group.

The group, which goes by the name UNC1878 or Wizard Spider, has already attacked nine hospitals in three weeks, reports Insurance Journal. So far, hospitals in New Jersey, Georgia, Florida, Massachusetts, Texas and Arkansas have been the victims.

The attacks on hospitals are increasing the workload of healthcare workers who are already struggling with their workloads due to the current spike in coronavirus infections and fatalities. Clinicians at one of the hospitals that was on the receiving end of a ransomware attack are struggling to track patient medications and other information on paper, reports Insurance Journal.

According to cyber-security firm Prevailion Inc., UNC1878 is now laying the groundwork for more attacks. The firm has been investigating the group since late October:

While our investigation is still underway, we have so far identified hundreds of organizations worldwide that show compromise activity by this threat actor, and which may be in the early- to mid-stages of a Ryuk ransomware attack. As of November 3rd, there are approximately 1,400 organizations that show beacon activity to the UNC1878 C2 domains, with a total of 340 organizations that are showing a substantial amount of this beaconing, indicating a proliferating infection and likely stage advancement. This threat actor poses a considerable risk to any organization that is impacted, but it is especially worrisome for the healthcare industry.

Prevailion’s warning comes a week after U.S. federal authorities warned healthcare facilities of an “Increased and Imminent” ransomware threat.

The joint warning from the U.S. Cybersecurity and Infrastructure Agency, FBI and Department of Health and Human Services said malicious cyber actors are targeting the healthcare sector with Trickbot malware, leading to ransomware attacks, data theft and the disruption of critical healthcare services.

However, according to Prevaillion, these cybercriminals are now switching from Trickbot to the malware KEGTAP/BEERBOT and SINGLEMALT/STILLBOT (also known as: BazarLoader and BazarBackdoor).

Additionally, Russian hackers are stepping up their attacks against the overall U.S. server infrastructure during today’s elections, according to NordVPN. Researchers commissioned by the firm have observed a 98% increase overnight in brute-force attacks against U.S. servers, reports TechRadar.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Robin Hattersley, Editor-in-Chief

Contact:

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.