In a recent statement, The Federal Bureau of Investigation (FBI) has urged U.S. health systems to prepare for potential cyberattacks, already confirming as many as 16 successful ransomware attacks targeting healthcare and first responder networks, including emergency medical services, law enforcement agencies, 911 dispatch centers, and other municipalities.
This variety of ransomware, named Conti, functions by breaking into victims’ devices and encrypting their files. The criminals responsible for this malware then ransom this data back to the victims, with demands as high as $25 million in some cases. If the ransom is not paid, companies stand to have their data sold to cybercriminals or posted on public domains by the Conti actors dictating the attack.
Though the FBI didn’t name the targeted companies of these recent breaches, it stated that 400 organizations have been victimized worldwide, with 290 of them being located in the U.S.
Within the last month, the rise of Conti ransomware was responsible for a cyberthreat on Ireland’s Health Service Executive, the country’s publicly funded healthcare system, which forced a shutdown of major IT systems throughout Ireland. Though the attack was not successful, the Irish healthcare system is still recovering from the data breach.
The FBI is currently urging companies to frequently back-up and password-protect their data offline as a precaution to offset some of these attacks. Additional advice includes implementing multi-factor authentication whenever possible, and implementing recovery plans for their systems when possible, such as via cloud or hard drive back-up.
Companies are advised not to pay the ransoms to these hackers, as doing so may still not guarantee the safety of their data and further encourages the Conti attackers to target other organizations. However, the FBI states that they do understand that some companies may choose to pay ransoms as a last resort, but that in either case, victimized parties should promptly report any attacks.
The FBI is seeking any information that can be shared to contribute to a solution, including boundary logs that share communication to and from foreign IP addresses, encrypted or decryptor file samples, and bitcoin wallets.