Health network officials have described the attack as “sophisticated,” claiming that attackers used an undetected bug in software known as zero-day to compromise their systems. They did not name the affected software or provide any evidence to support their claims.
However, FireEye, the cybersecurity company, released a Report last month that a ransomware group in SonicWall VPN security devices was found to have used zero-day to harm organizations. Typically, gangs of ransomware break in with unpatched software, weak passwords, or phishing attacks. The use of zero days would mean a huge leap forward in the tactics of criminals and increase the likelihood that they could break into organizations’ networks undetected.
Ransomware attacks against hospitals increased after two separate attempts – one by the Pentagon’s Cyber Command and a separate litigation by Microsoft – to shut down a large botnet, a network of infected computers called Trickbot, which is the main channel for ransomware served.
In the weeks following these efforts, cyber criminals said they wanted to attack more than 400 hospitals. The threat prompted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn healthcare operators to step up their protection against ransomware.
Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cyber criminals and refuse to extradite them. In response to last week’s Colonial Pipeline episode, President Biden said Russia has some responsibility for ransomware attacks as cyber criminals operate within its borders.
Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for attacking Ireland’s health systems, speak Russian and researchers “have great confidence that they are Eastern European and likely Russian”.
Last month, a Florida school district data was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cyber criminals demanding $ 40 million in cryptocurrency. The criminals encrypted the data and put thousands of the school district files online after officials refused payment.