Conti ransomware gang victimized US health care, first-responder networks, FBI says
The FBI tracked at least 16 Conti ransomware attacks that struck U.S. health care and first-responder networks within the last year, the bureau said in an alert this week.
That accounting only factors in attacks in the past year, and incidents that the FBI itself identified. In all, the alert said Conti has hit 400 organizations, nearly 300 of which were in the U.S. The recent first responder victims include law 9-1-1 dispatch centers, emergency medical services, law enforcement agencies and municipalities, the FBI said.
The Conti gang has sought as much as $25 million to decrypt systems it locked up, according to the alert.
The FBI warning comes as the Irish health care system is contending with its own Conti ransomware attack. It also comes shortly after a report that CNA Insurance paid a $40 million extortion demand — the biggest yet revealed, as extortionists continue to ratchet up their asking price.
“Conti actors gain unauthorized access to victim networks through weaponized malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials,” the FBI said. “Conti weaponizes Word documents with embedded Powershell scripts, initially staging Cobalt Strike via the Word documents and then dropping Emotet onto the network, giving the actor access to deploy ransomware.”
The ransomware hackers tend to seek payment within two to eight days, and will make Voice over Internet Protocol calls or communicate via ProtonMail to negotiate payment.
The American Hospital Association commended the FBI for sharing the threat intelligence. But “relying on victimized organizations to individually defend themselves against these attacks is not the solution to this national strategic threat,” the association said.
“The AHA has urged the government to embark upon a coordinated campaign that will use all diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds, as was done so effectively during the global fight against terrorism,” it said in a statement.