Healthcare

Conti ransomware gang victimized US health care, first-responder networks, FBI says

The Conti ransomware gang is behind the attack on Ireland's health care system, too.

May 21, 2021

The healthcare sector has seen enterprises both large and small shut down due to ransomware attacks. (Getty Images)

The FBI tracked at least 16 Conti ransomware attacks that struck U.S. health care and first-responder networks within the last year, the bureau said in an alert this week.

That accounting only factors in attacks in the past year, and incidents that the FBI itself identified. In all, the alert said Conti has hit 400 organizations, nearly 300 of which were in the U.S. The recent first responder victims include law 9-1-1 dispatch centers, emergency medical services, law enforcement agencies and municipalities, the FBI said.

The Conti gang has sought as much as $25 million to decrypt systems it locked up, according to the alert.

The FBI warning comes as the Irish health care system is contending with its own Conti ransomware attack. It also comes shortly after a report that CNA Insurance paid a $40 million extortion demand — the biggest yet revealed, as extortionists continue to ratchet up their asking price.

“Conti actors gain unauthorized access to victim networks through weaponized malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials,” the FBI said. “Conti weaponizes Word documents with embedded Powershell scripts, initially staging Cobalt Strike via the Word documents and then dropping Emotet onto the network, giving the actor access to deploy ransomware.”

The ransomware hackers tend to seek payment within two to eight days, and will make Voice over Internet Protocol calls or communicate via ProtonMail to negotiate payment.

The American Hospital Association commended the FBI for sharing the threat intelligence. But “relying on victimized organizations to individually defend themselves against these attacks is not the solution to this national strategic threat,” the association said.

“The AHA has urged the government to embark upon a coordinated campaign that will use all diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds, as was done so effectively during the global fight against terrorism,” it said in a statement.

Conti ransomware gang victimized US health care, first-responder networks, FBI says

More Like This

FTC accuses genetic testing company of exposing sensitive health data

Health care IT workers report increased cyberattacks affecting patient care

FBI director warns of China’s preparations for disruptive infrastructure attacks

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

FBI, CISA, Treasury: North Korean hackers taking aim at health care with Maui ransomware

Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say

CISA, FBI, NSA warn of increased attacks involving Conti ransomware

FBI warns that Hive ransomware hackers are calling victims by phone

FBI offers US companies more details from investigations of health care hacking

Report: New ransomware found in targeted attacks against health care industry

FBI: Please talk to us about that ransomware attack you experienced

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics