Latest Updates on Conti Ransomware Hack: FBI Says 16 U.S. Networks Have Been Hacked This Year

Live Updates

The Federal Bureau of Investigation said last week that the international cyber-crime gang Conti that attacked the Irish healthcare system last month has also hit at least 16 U.S. medical and first responder networks in the past year.

According to the FBI, the Conti ransomware attackers blackmail victims by infiltrating a victim's network to steal sensitive information and confidential files. Conti actors gain access to personal information through email links, attachments or stolen Remote Desktop Protocol credentials.

Then, the hackers demand a ransom be paid or else the stolen data will be published on a public site controlled by the Conti actors.

Law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities are among the more than 400 organizations worldwide victimized by Conti, the FBI said. Over 290 of those organizations are located in the U.S.

These attacks can increase safety risks by slowing down real-time digital information and delaying calls to service and access to vital healthcare information that could affect treatments for patients.

Ireland's health service was hit by a Conti ransomware attack May 14, locking many hospitals out of their computers, denying health care workers from accessing patients' records, appointment booking and email systems.

The Health Service shut down its IT system as a precautionary measure to allow specialists to contain the ransomware and assess the damage.

There is a significant ransomware attack on the HSE IT systems. We have taken the precaution of shutting down all our our IT systems in order to protect them from this attack and to allow us fully assess the situation with our own security partners.

— HSE Ireland (@HSELive) May 14, 2021

"It's widespread. It is very significant, and possibly the most significant cybercrime attack on the Irish State," Ossian Smith, a state minister for procurement and eCommerce told the national broadcaster RTE.

Then, the Conti hackers gave Ireland a decryption key to recover the compromised health system for free on May 21.

Conti told the Health Service Executive on its darknet website that it is "providing the decryption tool for your network for free," but the HSE "should understand that we will sell or publish a lot of private data if you will not connect us and try to resolve the situation."

Irish Health Minister Stephen Donnelly told RTE that no random has of will be paid and was unsure why the decryption key was given to them

"It came as a surprise to us," he said. "Our technical teams are currently testing the tool. The initial responses are positive."

As of May 28, some of Ireland's health services were experiencing issues and disruptions.

There has been a criminal cyber attack on our health service IT systems and we have shut them down as a precaution. This has caused disruption & we are working hard to keep services going. Thank you for your patience at this time. Get service updates here:

— HSE Ireland (@HSELive) June 1, 2021

This is the latest major ransomware attack affecting the United States. Last month, the Colonial Pipeline said a cyberattack from the DarkSide hacker group forced the company to "temporarily halted all pipeline operations" and freeze IT systems. This shutdown affected fuel supplies and distribution in multiple states in the southeast United States.

Ransomware Attack
Secretary of Energy Jennifer Granholm briefs reporters on the cyber attack on the Colonial Pipeline and the U.S. response during the daily press briefing at the White House on May 11, 2021 in Washington, DC. Granholm stated that the current gasoline situation due to the pipeline ransomware attack is a supply crunch and not a gasoline shortage and urged Americans to resist stocking on fuel. The FBI said that 16 U.S. medical and first responder networks were attacked by ransomware cyber-crime gang Conti in the past year. Drew Angerer//Getty Images

White House Deputy Press Secretary Karine Jean-Pierre told reporters during Tuesday's press briefing that JBS notified the White House Sunday about the ransomware attack and that the White House and the Department of Agriculture have offered their assistance to JBS.

Jean-Pierre said JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia.

"The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," she said.

The FBI is investigating the incident and the Cybersecurity & Infrastructure Security Agency is helping the FBI offer technical support to the company in recovering from the ransomware attack.

The USDA has also reached out to several major meat processors in the United States to ensure they are aware of the situation.

"We're assessing any impacts on supply and the President has directed the administration to determine what we can do to mitigate any impacts as they may become necessary," she said. "Combating ransomware is a priority for the administration, and President Biden has already launched a rapid strategic review to address the increased threat of ransomware."

JBS has halted production at its five biggest beef plants in the U.S. following the cyberattack on the company, according to Bloomberg.

Bloomberg reported that JBS handles 22,500 cattle a day and accounts for about a quarter of all U.S. beef capacity and roughly a fifth of all pork capacity. Slaughterhouses in Australia and Canada were also affected by the attack.

Major meat producer JBS USA said it was the victim of a cyberattack over the weekend.

In a press release, the company said the organized hack affected its servers supporting its North American and Australian IT systems. The company said it took immediate action to suspend all affected systems, notify authorities and work with third-party experts to resolve the issues.

"The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation," JBS said. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers."

It is unclear who is responsible for the attack.

White House Deputy Press Secretary Karine Jean-Pierre told reporters on Air Force One Tuesday that JBS told the White House Sunday that they've been the victim of an attack from a "criminal organization likely based in Russia."

Jean-Pierre said the FBI is investigating the matter and the U.S. Department of Agriculture reached out to several major meat processors in the U.S.

'@K_JeanPierre, briefing reporters on AF1, says meat producer JBS notified the WH on Sunday they've been victims of a ransomware attack from a "criminal organization likely based in Russia." FBI investigating & USDA reached out to several major meat processors in the US.

— Alexandra Jaffe (@ajjaffe) June 1, 2021