SECURITY
SECURITY
SECURITY
FBI issues flash alert on Conti ransomware attacks targeting healthcare providers
The U.S. Federal Bureau of Investigation has issued a flash alert warning that Contri ransomware attacks are continuing to impact healthcare providers and others.
The alert, issued on May 20, claims that there have now been 16 Conti ransomware attacks targeting healthcare and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities in the last year. The cases are among more than 400 organizations worldwide targeted by Conti, including 290 located in the U.S.
“Like most ransomware variants, Conti typically steals victim’s files and encrypts the servers and workstations in an effort to force a ransom payment from the victim,” the FBI said. “If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors.
The FBI notes that recent ransomware demands have been as high as $25 million.
One recent Conti ransomware attack targeted Ireland’s health service, with some stolen patient data shared online. Previous Conti victims include industrial computer manufacturer Advantech Co. Ltd. in November, VOIP hardware and software maker Sangoma Technologies Corp. in December and hospitals in Florida and Texas in February.
“Ransomware groups, like the Conti actors, are going to keep popping up and continue to gain sophistication with every organization that pays,” Joseph Neumann, cyber executive advisor at cybersecurity advisory services Coalfire Systems Inc., told SiiconANGLE. “Hitting first responders and hospitals are good targets due to the pressing need to get back into service after an attack.”
Even if these organizations have a solid plan to get back to normal, it might be slower than paying the ransomware, Neumann added. “As seen from the Colonial pipeline incident, that is still affecting gas prices and demand, restoration of service is slow even when the ransom is paid,” he said.
Bob Rudis, chief data scientist at cybersecurity and compliance solutions provider Rapid7 Inc., noted that this alert isn’t particularly shocking, since healthcare providers have long been a very common target for ransomware attackers.
“Healthcare organizations offer a perfect storm of circumstance that makes them very juicy targets,” Rudis said. “They notoriously struggle to patch systems that are being used around the clock and struggle to justify investment in cybersecurity over investment more directly linked to providing care, while the chaos and time-sensitivity of clinical environments make identity and access management more challenging.”
Photo: J/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
