Despite high rates of Coronavirus (Covid-19) infection in many areas of the United States, malware gangs are wreaking havoc on the health care system.
A new wave of ransomware attacks has struck nearly 20 hospitals and healthcare institutions in the United States in recent weeks, while Corona infections have risen across the United States.
According to US intelligence agencies and cybersecurity professionals, the situation may soon become much worse.
The ransomware program is a malicious program that restricts access to the computer system that it infects, and the program demands a ransom to be paid to its maker in order to gain access to the files.
Some of its types encrypt files on the target system's hard drive, and display messages asking the user to pay.
On Wednesday evening, the CISA, the FBI, and the Department of Health and Human Services (DHHS) warned that there was A growing and imminent threat of cybercrime against US hospitals and health care providers, ”beyond the wave of attacks that have already occurred.
The alert indicates "Trickbot" Trojan horse attacks and ransomware attacks such as the notorious "Ryuk" as the two main hacking tools involved in the attacks.
Security analysts at private companies say the activity is linked to a Russian criminal gang sometimes called "UNC 1878" or "Wizard Spider".
Ransomware attackers have targeted hospitals for years, because shutting down digital systems of healthcare organizations can threaten patient care and create the utmost urgency in order to pay ransom money and recover from attacks.
Recently, the rate of targeting of hospitals and the same demands has increased, and the anti-virus company Emsisoft found that the average ransom demand has increased from about $ 5,000 in 2018 to about $ 200,000 this year, with millions of dollars in demands becoming more common.
And last month, Universal Health Services was hit by a Ryock software attack that spread across its 250 hospitals and clinics, crippling digital services and affecting facilities across the country.
Ransomware attacks disrupt hospitals by encrypting computers that hold data from thousands of patients (Shutterstock)
However, the current wave of infections signals a disturbing shift in how aggressive ransomware groups are financially motivated, and how far they are willing to go.
"To me, this is the most significant cyber threat we have faced in the United States so far," says Charles Karmakal, senior vice president and chief technical director of cybersecurity company Mandiant, which is owned by FireEye.
"There is a moral streak that every person perceives, like any human being aware of their existence, when you do something with the knowledge that you are likely to affect someone's life, you have crossed the line. So there is a very clear transgression with this threat. This group is incredibly rude. Heartless and pitiless. "
The attacks may not match the devastation wrought by the critical infrastructure attacks on Ukraine - which the Russian government has been accused of carrying out - but they have hampered hospitals across the country, including in California, Oregon and New York.
In many cases, those victims' hospitals have had to reschedule appointments, delay procedures, or refer patients to other facilities for timely care.
The US government alert outlines recommendations and best practices on how to protect hospitals themselves, and private companies like Mandiant also share "penetration indicators" so that healthcare facilities can closely monitor their systems and try to avoid potential attacks.
One of the main concerns, however, is that hundreds of organizations may already be compromised by attackers, and that ransomware or the means for spreading it lurk until the hackers decide to run them.