Health network officials have described the attack as “highly sophisticated” and claim attackers used an undiscovered bug in software known as a zero-day to breach their systems. They did not name the affected software and did not provide evidence to back up their claims.
However, FireEye, the cybersecurity firm, released a report last month that found a ransomware group used a zero-day in SonicWall VPN security devices to breach organizations. Typically, ransomware gangs are known to break in using unpatched software, weak passwords or phishing attacks. The use of zero-days would mark a major advance in criminals’ tactics, and increase the likelihood that they can break into organizations’ networks undetected.
Ransomware attacks against hospitals surged after two separate efforts — one by the Pentagon’s Cyber Command and a separate legal fight by Microsoft — to take down a major botnet, a network of infected computers, called Trickbot, that served as a major conduit for ransomware.
In the weeks that followed those efforts, cybercriminals said they planned to attack more than 400 hospitals. The threat caused the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to warn health care operators to improve their protection from ransomware.
Ransomware groups continue to operate with relative immunity in Russia, where government officials rarely prosecute cybercriminals and refuse to extradite them. In response to the Colonial Pipeline episode last week, President Biden said Russia bore some responsibility for ransomware attacks because cybercriminals operate within its borders.
Adam Meyers, vice president of intelligence at CrowdStrike, the cybersecurity firm, said members of Wizard Spider, the group responsible for the attack on Ireland’s health systems, spoke Russian and researchers “have high confidence that they are Eastern European, likely Russian.”
Last month, the data of a school district in Florida was held hostage by Wizard Spider. Broward County Public Schools, the sixth largest school district in the United States, was hacked by cybercriminals who demanded $40 million in cryptocurrency. The criminals encrypted data and posted thousands of the school district’s files online after officials declined to pay.