Conti, a type of ransomware strain responsible for recently shutting down Ireland’s health service, has been seen in past cyberattacks against similar targets in the United States, the FBI warned this week.
In a flash alert posted on its website on Friday, the FBI said that more than 290 organizations in the United States were “victimized by Conti” before it recently sued the Irish Health Services Executive (HSE).
Without identifying any specific victims of Conti in the US or the consequences of the attacks, the FBI reported that several of the instances were targeting networks related to public health and safety.
“The FBI identified at least 16 Conti ransomware attacks targeting US first aid and healthcare networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers and municipalities during the last year, ”said its cyber division in the alert.
“These first aid and medical care networks are among the more than 400 organizations worldwide who have been victims of Conti, more than 290 of which are located in the US,” the FBI alert said.
Conti, like most ransomware, “generally steals victims’ files and encrypts servers and workstations in an effort to force the victim to pay a ransom,” the FBI explained in the alert.
“The ransom letter instructs victims to contact the actors through an online portal to complete the transaction,” the FBI’s Cyber Division said in the alert. “If the ransom is not paid, the stolen data is sold or posted on a public site controlled by Conti actors. Ransom amounts vary widely and we assess them to suit the victim. Recent ransom demands have reached $ 25 million. “
Colonial Pipeline Company, the operator of a massive gas pipeline in the US, was attacked earlier this month by a ransomware variant called DarkSide and said it eventually paid around $ 4.4 million.
HSE, the provider of Ireland’s publicly funded healthcare system, later announced on May 14 that it was facing “a major ransomware attack” and had shut down all its systems as a precaution. Subsequently, the agency announced that it assessed that the attack involved a variant of the Conti virus, and said that a ransom had been requested but that it would not be paid “in accordance with state policy.”
More than a week later, HSE said in a statement issued Saturday that it was experiencing continued “substantial” outages and that hospitals were still working to restore several priority systems.
“Hospitals are working to bring priority systems back online, including radiology and diagnostic systems, maternity and infant care, patient management systems, chemotherapy and radiation oncology,” HSE said. . Essential services, such as blood tests and diagnostic services, are taking much longer to function than usual, use manual processes, and increase response times for the patients in our care. “
Meanwhile, the flash alert about Conti was released Thursday, and the American Hospital Association quickly made it public before the FBI shared it on its website the next day.
The FBI reiterated that it does not encourage paying ransoms and recommended several common cybersecurity best practices that can help defend networks against potential Conti ransomware attacks.
The FBI alert did not attribute Conti to any specific hacking group or other actor. He requested that previous targets of the attacks share with authorities any related information they may have to offer.
