Multiple U.S. hospitals are grappling with ransomware attacks, prompting urgent warnings from the FBI and other agencies to stay vigilant against potential further strikes. Officials trace the threats back to the Russian botnet Trickbot.
As the COVID-19 pandemic surges worldwide, the U.S. has surpassed 9 million cases and approximately 230,000 deaths. A Reuters report from October 28, 2020, details a joint memo from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services. It identifies the Russian botnet Trickbot as responsible for ransomware assaults on hospitals nationwide. This malware encrypts files to lock systems, demanding cryptocurrency ransoms for decryption keys.
Within a single week, attacks struck facilities in Oregon, California, and New York. Cybersecurity expert Allan Liska of Recorded Future describes it as a deliberate effort to disrupt hospitals across the country, potentially affecting dozens more. The agencies emphasize the need for immediate preparedness.
A Reuters-interviewed doctor from a hit hospital revealed staff resorting to paper and pencil for operations. Imaging results arrive on paper only, complicating care. Critically, patient transfers are impossible, with the nearest facility an hour away.
The Wizard Spider group (aka UNC 1878) is a prime suspect. Charles Carmakal, CTO at Mandiant, labels them among the most 'brazen, cruel, and destabilizing' threats he's seen. Microsoft recently disrupted Trickbot ahead of U.S. elections, yet it has reemerged strongly.
These cyberattacks raise grave alarms. Authorities warn of indirect fatalities from hospital chaos, especially amid COVID-19 strains. In September 2020, a Düsseldorf, Germany, hospital attack delayed a patient's surgery, leading to death during transfer to another center.
