The FBI issued a Flash Alert Thursday concerning a ransomware group who focus on attacking healthcare and first responder networks. The report identified Conti ransomware attacks targeted law enforcement, EMS, 911 dispatch centers, and municipalities over the last year. The agency outlined more than 400 organizations targeted worldwide, including over 290 in the United States.
Criminals who specifically target healthcare and first responders occupy a particularly dark part of the internet. “Cyber-attacks targeting networks used by emergency services personnel can delay access to real-time digital information, increasing safety risks to first responders and could endanger the public who rely on calls for service to not be delayed. Loss of access to law enforcement networks may impede investigative capabilities and create prosecution challenges.”
The report outlined a typical attack, but a new vector to pay attention to is the weaponization of Word documents. “Conti weaponizes Word documents with embedded Powershell scripts, initially staging Cobalt Strike via the Word documents and then dropping Emotet onto the network, giving the actor access to deploy ransomware,” read the alert.
The report also outlined steps taken by the criminals after the data was stolen. If they don’t receive contact within two to eight days after ransomware deployment Conti would call the victims with single-use VOIP numbers or communicate through an encrypted email service. The FBI noted ransom demands vary and were tailored to the victim, but they recorded demands as high as $25 million.
The alert outlined a number of mitigations, including many topics we have covered on the blog or the podcast. Air gap backups, network segmentation, patching and updating, MFA, and security awareness training to name a few.
This alert highlights an ongoing trend businesses are being forced to defend against. Criminals are looking for easy targets with high value return. Read the full FBI alert here.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
