cyber security Archives

FBI Disrupts Cybercrime Group Which Extorted Hospitals

On February 7, 2023 By ModernMedia

The Hive ransomware group that has targeted more than 1500 victims in over 80 countries around the world, including hospitals, has been disrupted in a months-long campaign against, the US Justice Department has announced.

Hive ransomware attacks have caused major disruptions in victim daily operations around the world and hindered responses to the COVID pandemic. In one case, a hospital attacked by Hive ransomware had to fall back to pen and paper to treat existing patients and could not take new admissions shortly after the attack.

The Justice Department revealed that the FBI had penetrated Hive’s computer network and captured its decryption keys, which were then offered to victims around the world. This saved them $130 million in ransom they would have had to otherwise pay to get their networks back.

Finally, the department announced that, in coordination with German and Dutch law enforcement, it has seized control of the servers and websites that Hive uses to communicate with its members, disrupting Hive’s ability to attack and extort victims.

Since June 2021, the Hive ransomware group has targeted more than 1500 victims around the world and received over $100 million in ransom payments.

Hive used a ransomware-as-a-service (RaaS) model featuring administrators, and affiliates. RaaS is a subscription-based model where the administrators develop an easy-to-use ransomware strain and then recruit affiliates to deploy the ransomware against victims. Affiliates identified targets and deployed this readymade malicious software to attack victims and then earned a percentage of each successful ransom payment.

Hive actors used a double-extortion model of attack: before encrypting the victim’s system, the affiliate would steal sensitive data. The affiliate then sought a ransom for both the decryption key necessary to decrypt the victim’s system and a promise to not publish the stolen data – usually the most sensitive, such as hospital patient data. After a victim pays, the affiliates and administrators split the ransom 80/20. Victims who do not pay on the Hive Leak Site. After Consulate Health Care was unable to pay the ransom, since its insurance did not cover such cyber crimes, Hive posted 550GB of personally identifiable information on its patients and employees online.

For more information about the malware, including technical information for organisations about how to mitigate its effects, is available from CISA, visit https://www.cisa.gov/uscert/ncas/alerts/aa22-321a.

Categories : HospitalsTags : 14/5/21 cyber security hospitals public healthLeave a comment

Cyber Attack Cripples Ireland’s Health Services

On May 14, 2021 By ModernMedia

A “significant ransomware attack” caused widespread disruption to Ireland’s health service, forcing cancellations and blocking services.

Paul Reid, Ireland’s Health Service Executive chief executive, told RTÉ there had been a “human-operated” attempt to access data for a likely ransom. “There has been no ransom demand at this stage. The key thing is to contain the issue. We are in the containment phase.”

Reid said the HSE was working with police, the defence forces and third-party cybersecurity experts to respond to the cyber attack. He apologised to patients and the public for the disruption.

The attack has affected national and local systems that provide core services. However COVID vaccinations and ambulance services were unaffected.

Several hospitals cancelled outpatient visits or asked patients with appointments to not attend. The Rotunda, a Dublin maternity hospital, said it was experiencing a “critical emergency”, cancelling all outpatients visits save for women over 35 weeks pregnant.

At Cork university hospital, the oncology department was reportedly brought to a halt. The child and family agency Tusla said its IT systems, including the portal through which child protection referrals are made, were offline.

In the US earlier this week, the Colonial petrochemical pipeline was crippled in a major cyberattack by a cybercriminal group called Darkside, resulting in fuel shortages and states of emergency being declared. The pipeline company reportedly paid a ransom fee of $5 million to get control back of their systems.

Master of the Rotunda Hospital Professor Fergal Malone told Morning Ireland that accessing patient records and data was the reason for the cancellations.

There was a backup plan to use an “old-fashioned” paper-based system, he said, but added that “throughput would be much slower” this way.

Malone said the hospital discovered unusual activity in its IT systems at about 2am and later detected what appeared to be a ransomware virus. “We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source,” he told RTÉ. “It means we have had to shut down all our computer systems.”

However, all patients were safe. “We have systems in place to revert back to old-fashioned record-keeping.” Lifesaving equipment was not affected. “Patients will come in in labour over the weekend and we will be well able to look after them.”

Source: The Guardian

Hi Denise We do not have anything to do with the service, but the news release contains a link: www.ajuda.co.za.…

Hi Koos, The link is www.ajuda.co.za. It is also at the bottom of the page.

I would like to find out more about this.Please provide link.Thank you.

How do I join

There is enough evidence to prove that regulating such medicines to very strict degrees leads to people obtaining the very…