Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase | ZDNet

Ransomware groups have shown no signs of slowing down their assault on hospitals, apparently increasing attacks on healthcare institutions as dozens of countries face a new wave of COVID-19 infections thanks to the powerful Delta variant.

Vice Society, one of the newer ransomware groups, debuted in June and made a name for itself by attacking various hospitals and leaking patient information. Cybersecurity researchers in Cisco Talos said The Vice Society has been known to “be quick to exploit new security vulnerabilities to aid ransomware attacks” and frequently exploit vulnerabilities in Windows PrintNightmare during attacks.

“As with other threat actors operating in the big game space, the Vice Society operates a data breach site, which they use to publish data extracted from victims who do not choose to pay for their extortion lawsuits,” explained Cisco Talos. last month.

Cybersecurity firm Dark Owl added that Vice Society “is considered a possible derivative of the Hello Kitty ransomware variant based on similarities in techniques used for Linux system encryption.” They were implicated in a ransomware attack in the Swiss town of Rolle in August. according to Black Fog.

image4.png

The Vice Society leak site.

Cisco Talos

Several hospitals – Eskenazi Health, Waikato DHB and Center Hospitalier D’Arles – have appeared on the criminal group’s leak site and the group caused a sensation this week by publishing data from Barlow Respiratory Hospital in California.

Hospital was attacked on August 27 but managed to avoid the worst, noting in a statement that “no patient was at risk of harm” and that “hospital operations continued without interruption.”

Barlow Respiratory Hospital told ZDNet that the police were notified immediately once the hospital noticed that the ransomware affected some of its IT systems.

“Although we have gone to great lengths to protect the privacy of our information, we learned that some data was removed from certain backup systems without authorization and posted on a website where criminals post stolen data, also known as the ‘dark web ‘Our investigation into the incident and the data involved is ongoing, “the hospital said in a statement.

“We will continue to work with law enforcement agencies to assist in their investigation and we are working diligently, with the assistance of a cybersecurity company, to assess what information may have been involved in the incident. If necessary, we will notify individuals whose information may have been involved, in accordance with applicable laws and regulations, in due time. ”

The attack on Barlow caused considerable outrage online considering the importance of the hospital during the COVID-19 pandemic. But dozens of hospitals continue to come forward to say they have been targeted by ransomware attacks.

Vice Society is far from the only ransomware group targeting hospitals and healthcare institutions.

The FBI issued an alert about the Hive ransomware two weeks ago after the group brought down a hospital system in Ohio and West Virginia last month, noting that it typically corrupts backups as well.

Hive has so far attacked at least 28 organizations, including Memorial Health System, which was hit with a ransomware attack on August 15.

Ransomware groups are also increasingly targeting hospitals because of the confidential information they carry, including social security numbers and other personal data. In recent months, several hospitals have had to send letters to patients admitting that sensitive data was accessed during the attacks.

Simon Jelley, CEO of Veritas Technologies, said that attacking healthcare organizations is “particularly despicable.”

“These criminals are literally putting people’s lives in danger for profit. The elderly, children and anyone else who requires medical attention will probably not be able to get it as quickly and efficiently as they need while hackers maintain the systems. and the hospital data. prisoner, “Jelley said.

“Not to mention, healthcare facilities are already struggling to keep up as COVID-19 cases rise once again in many parts of the country. Preventing ransomware attacks is a noble endeavor, but as illustrated by the attack on Memorial Health System and as many others as In recent months, preparing to deal with the aftermath of a successful attack is more important than ever. “

Leave a Comment