FBI Reports Recent Cyber-Attacks

HCP was made aware today of a Federal Bureau of Investigation (FBI) notification regarding recent critical infrastructure cyber-attacks. We strongly urge members to share this alert immediately with their Information Technology (IT) departments. The FBI Flash Alert was distributed to members of the American Hospital Association and is available here. The FBI report listing the indicators of compromise is available here and is critical for IT personnel to monitor your data safety. 

If any of the indicators of compromise are discovered, FBI requests that victims contact FBI CYWATCH immediately: cywatch@fbi.gov or by phone 1-855-292-3937. 

The ransomware gang, Darkside, has been under FBI investigation since 2020. Darkside is a ransomware-as-a-service (RaaS) group, in which criminal associates conduct the cyber-attacks and coerce the victims into paying ransom demands to avoid having their data files published. Darkside has victimized many organizations in various sectors including manufacturing, legal, energy, and health care. 

Darkside affiliates gain access to the victim’s network and use ransomware to encrypt the data, then attempt to extort cryptocurrency payments, usually “Monero”. The perpetrators can encrypt files on both fixed and removable hardware, as well as network devices. They are able to execute these threats on both Windows and Linux systems. 

The FBI does not endorse paying any type of ransom to cyber-criminals, and reminds businesses that such payments do nothing to guarantee files are protected. The FBI does recognize that executives must evaluate all options when faced with a cyber-attack that shuts down operations. 

Regardless of the decision to pay or not pay the ransom, the FBI stresses that businesses need to report all ransomware incidents to their local field office. This will provide investigators with critical information needed to track and prosecute these crimes, as well as deter future ransomware activities. 

HCP urges all members to attend the upcoming webinar, Cyberthreats and Cybersecurity in Healthcare, provided by our affiliate, Community Health Care Services Foundation. The virtual webinar is scheduled for May 20 and includes a speaker from the FBI.