A joint warning issued Wednesday by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services urges providers to guard themselves against these attacks, which involve threat actors deploying malware to obtain a victim’s data and hold it hostage for a payment.
The agencies state that the Russian botnet Trickbot is likely using Ryuk, a highly infectious ransomware that encrypts network files and disables Microsoft Windows System Restore. That means stolen data can’t be recovered without external backups, a Microsoft executive confirmed to CNN.
Recent attacks on hospitals in California, New York and Oregon are believed to be part of the campaign, which comes just weeks after a massive Ryuk ransomware attack hit a U.S. system with 250 care sites that scrambled to redirect ambulances and surgical patients in the aftermath.
READ MORE: 5 Ways to Defend Your Medical Practice Against Ransomware
Ransomware criminals can demand millions of dollars from unsuspecting victims, and the amounts are substantially higher than previous attacks on healthcare providers, a security analyst told The New York Times. Added costs of downtime, breach remediation and lost revenue will follow.
But ransomware’s consequences are far more than financial. A doctor at one affected target anonymously told Reuters that their hospital now cannot use some critical technologies, transfer sick patients or update electronic health records as officials deal with the situation.
“We can still watch vitals and getting imaging done, but all results are being communicated via paper only,” the doctor said.
Why Ransomware Attacks Are Increasing Now
Even before the pandemic, ransomware was a big problem. From 2017 to 2019, half of all ransomware attacks occurred in the healthcare sector, according to Bryan Ware, CISA’s assistant director for cybersecurity.
There’s a simple reason why.
“When lives are on the line and timing is critical, from the perspective of a malicious criminal actor, that’s someone who’s more likely to pay the ransom,” Ware told HealthTech in an interview earlier this month. Sites involved with COVID-19 vaccine research are a key target for ransomware threat actors, he added.
