Saturday, October 16, 2021
HomeHealthRussian-speaking hacking group scaling up ransomware attacks on hospitals

Russian-speaking hacking group scaling up ransomware attacks on hospitals

A Russian-speaking cyber criminal group is disproportionately using ransomware attacks to target hospitals and healthcare groups across North America as the COVID-19 pandemic continues, according to new research released Thursday. 

Cybersecurity group Mandiant labeled the group “FIN12” as part of a report detailing the group’s activities, with Mandiant noting that it has been in existence since at least 2018, but was increasingly hitting organizations in North America with annual revenues of over $300 million with ransomware attacks. Many of these companies made even more, with the average annual revenue of North American groups targeted at just under $6 billion. 

According to Mandiant, one in five of FIN12’s victims were healthcare groups, many of which operate hospitals, while other victims have included groups in business services, education, finance, government, manufacturing, retail, and technology.

While the majority of victims have been located in North America, other victims are located in Europe and Asian Pacific nations. FIN12 has made a massive profit in targeting these companies, with Mandiant noting that most ransom demands were likely between $5 million and $50 million. 

Kimberly Goody, director of Financial Crime Analysis at Mandiant, described FIN12 Thursday as “one of the most aggressive ransomware threat actors tracked by Mandiant.”

“Unlike other actors who are branching out into other forms of extortion, this group remains focused purely on ransomware, moving faster than its peers and hitting big targets,” Goody said in a statement .”They are behind several attacks on the healthcare system and they focus heavily on high-revenue victims.”

Mandiant noted that the group was the same organization that led a coalition of U.S. federal agencies to issue a report last year warning that hospitals and healthcare providers were being increasingly targeted. FIN12 often uses the Ryuk ransomware virus, which was linked last year to the attack on Pennsylvania-headquartered hospital chain Universal Health Services, which operates around 250 U.S. healthcare facilities.

At the time, Mandiant, which was previously FireEye, labeled the group “UNC1878,” warning in a report that “the operators conducting these campaigns have actively targeted hospitals, retirement communities and medical centers, even in the midst of a global health crisis, demonstrating a clear disregard for human life.”

The FIN12 group is fairly unique in its increased targeting of healthcare groups, with the Mandiant report noting that while “it may also be easier or cheaper to obtain access to healthcare organizations,” FIN12 would like “face increased scrutiny from law enforcement agencies.”

Mandiant noted in the report that FIN12 intrusions had made up around 20 percent of the ransomware attack engagements the company had over the past year.

Ransomware attacks have become an increasing threat to hospitals, schools, and other critical organizations during the COVID-19 pandemic, which saw more of everyday life move online and often on to aging, vulnerable systems. Ransomware attacks against major groups have also endangered key supply chains, including the attacks in May on Colonial Pipeline and meat producer JBS USA. 

RELATED ARTICLES

Most Popular

Most Recent