Cyberattack roundup: Financial warnings and new threats to hospitals
Photo: Artem Podrez/Pexels
Hospital financial ratings remain vulnerable to cyberattack fallout, according to a new assessment from Fitch Ratings. Meanwhile, hacktivists and ransomware gangs are recycling ransomware strains, and hacker affiliates are offering bigger payouts. Those are just a few of the healthcare cybersecurity trends we're watching this week.
Coordinated KillNet DDoS attacks highlight potential for ratings dips
Fitch Ratings says the recent coordinated distributed denial-of-service attacks on hospital websites such as ChristianaCare's aren't likely to drive any downgrades at this time, but cyberattacks that compromise service and affect a hospital’s financial profile could.
Last week the pro-Russian hacktivist group KillNet, known for its DDoS attacks on critical infrastructure in nations supporting Ukraine, took down about 20 hospital websites in several states in seemingly one deft stroke.
"Given what we know at this point, the DDoS attacks are not expected to have any material financial or operational effect on targeted hospitals due to their brief and relatively superficial impact," said Fitch analysts in the announcement.
While patient portals and health records remained secured, and some affected entities were quickly able to restore their websites, Fitch noted that the coordinated cyberattack was the most widespread to date, and is foreboding in its scale.
"Deployment of a more sophisticated cyber weapon that compromises service and affects a hospital’s financial profile could negatively affect ratings."
LockBit Green emerges
Malware researchers that keep a close eye on communications among ransomware groups say LockBit has repurposed the Conti encryptor, launching it as LockBit Green.
LockBit switched to prioritizing exfiltration, and dabbles in mixing up its services and approaches to improve recruitment efforts, according to experts.
Using an algorithm based on Conti's source code has baffled some researchers, but victims of LockBit Green are starting to add up, according to a report by BleepingComputer. One firm conjectured that ex-Conti members preferred LockBit Green after the announcement, because they are more "comfortable."
The playbook for Conti ransomware-as-a-service leaked in 2021, detailing how bad actors started moving laterally within an environment to increase their chances of success encrypting their target, Chris Fisher, director of security engineering at cybersecurity firm Vectra APJ, told Healthcare IT News that year.
New Nevada ransomware
A new ransomware strain that emerged at the turn of the year with similarities to Petya is designed to target Windows hosts and VMware ESXi systems, new research shows. It excludes English-speaking affiliates and offers payouts of 85% or 90%.
Resecurity said on its blog that Nevada is written in Rust and is similar to Hive, which was recently hacked by the FBI. The firm also said it acquired Linux-based and Windows versions of the new ransomware and discovered more recent updates that improved functionality in the affiliate portal.
"The project is well presented on the RAMP underground forum and has already attracted interest from credible cybercriminals who may be joining them after the closure of other major ransomware networks," according to the post.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.