Russian-Speaking Hackers Unleashing Major Attacks on U.S. Hospitals Grappling With Surging Covid Cases, Officials Warn

Federal officials have warned of a cyberattack against the U.S. health care system by a Russian-speaking criminal gang.

The Cybersecurity and Infrastructure Security Agency (CISA) warned of the threat in a joint cybersecurity advisory with the Department of Health and Human Services and the FBI on Thursday night.

"CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers," the notice reads. "CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats."

The advisory warns that a malicious network of computers hijacked by "Trickbot" software may be used in an attack leading to "ransomware attacks, data theft, and the disruption of healthcare services," while noting that any successful attack could be particularly damaging due to the COVID-19 pandemic.

The gang targets large companies or networks and uses ransomware software known as Ryuk, allowing them to take control of computers and make demands, often for large amounts of money, in exchange for a promise to relinquish control.

Charles Carmakal, chief technical officer at the cybersecurity firm Mandiant, told the Associated Press that the attack was launched by the Eastern European gang known as UNC1878, who are "deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers" in what he called "the most significant cyber security threat we've ever seen in the United States."

United Health Services, which operates over 250 U.S. hospitals and medical facilities, was crippled by a Ryuk attack in September. The health network was forced to shut down their compromised computer system in response. Employees defaulted to using pens and paper to keep records.

Ryuk, named after a character from the Japanese manga series Death Note, has been used in many other cyberattacks, including an attack that hobbled the systems of several major U.S. newspapers in late 2018.

On Tuesday, hackers released election data from Hall County, Georgia, said to be "example files" that do not compromise the election, after their attempts to extort officials using "DoppelPaymer" ransomware proved fruitless, according to The Wall Street Journal. A gang of Russian hackers also reportedly caused a German woman's death in September after an attack using the same software caused delays at a hospital.

The potential attack on the health care system comes less than a week before the presidential election, but officials say that the hackers are motivated by profit rather than politics.

Newsweek reached out to the CISA for comment.

Doctor with Computer
Russian-speaking hackers hope to enrich themselves by hijacking hospital computers with "ransomware" amid the COVID-19 pandemic, officials warn. ronstik/Getty